Python OpenSSL.crypto.FILETYPE_ASN1 Examples
The following are 30
code examples of OpenSSL.crypto.FILETYPE_ASN1().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
OpenSSL.crypto
, or try the search function
.
Example #1
Source File: _sslverify.py From learn_python3_spider with MIT License | 7 votes |
def keyHash(self): """ Compute a hash of the underlying PKey object. The purpose of this method is to allow you to determine if two certificates share the same public key; it is not really useful for anything else. In versions of Twisted prior to 15.0, C{keyHash} used a technique involving certificate requests for computing the hash that was not stable in the face of changes to the underlying OpenSSL library. @return: Return a 32-character hexadecimal string uniquely identifying this public key, I{for this version of Twisted}. @rtype: native L{str} """ raw = crypto.dump_publickey(crypto.FILETYPE_ASN1, self.original) h = md5() h.update(raw) return h.hexdigest()
Example #2
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 6 votes |
def test_load_crl(self): """ Load a known CRL and inspect its revocations. Both EM and DER formats are loaded. """ crl = load_crl(FILETYPE_PEM, crlData) revs = crl.get_revoked() assert len(revs) == 2 assert revs[0].get_serial() == b'03AB' assert revs[0].get_reason() is None assert revs[1].get_serial() == b'0100' assert revs[1].get_reason() == b'Superseded' der = _runopenssl(crlData, b"crl", b"-outform", b"DER") crl = load_crl(FILETYPE_ASN1, der) revs = crl.get_revoked() assert len(revs) == 2 assert revs[0].get_serial() == b'03AB' assert revs[0].get_reason() is None assert revs[1].get_serial() == b'0100' assert revs[1].get_reason() == b'Superseded'
Example #3
Source File: _sslverify.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 6 votes |
def keyHash(self): """ Compute a hash of the underlying PKey object. The purpose of this method is to allow you to determine if two certificates share the same public key; it is not really useful for anything else. In versions of Twisted prior to 15.0, C{keyHash} used a technique involving certificate requests for computing the hash that was not stable in the face of changes to the underlying OpenSSL library. @return: Return a 32-character hexadecimal string uniquely identifying this public key, I{for this version of Twisted}. @rtype: native L{str} """ raw = crypto.dump_publickey(crypto.FILETYPE_ASN1, self.original) h = md5() h.update(raw) return h.hexdigest()
Example #4
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 6 votes |
def test_dump_certificate(self): """ `dump_certificate` writes PEM, DER, and text. """ pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM cert = load_certificate(FILETYPE_PEM, pemData) dumped_pem = dump_certificate(FILETYPE_PEM, cert) assert dumped_pem == cleartextCertificatePEM dumped_der = dump_certificate(FILETYPE_ASN1, cert) good_der = _runopenssl(dumped_pem, b"x509", b"-outform", b"DER") assert dumped_der == good_der cert2 = load_certificate(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2) assert dumped_pem2 == cleartextCertificatePEM dumped_text = dump_certificate(FILETYPE_TEXT, cert) good_text = _runopenssl( dumped_pem, b"x509", b"-noout", b"-text", b"-nameopt", b"") assert dumped_text == good_text
Example #5
Source File: publickey.py From chepy with GNU General Public License v3.0 | 6 votes |
def pem_to_der_hex(self): """Convert PEM cert to DER format Converts PEM (Privacy Enhanced Mail) format to a hexadecimal DER (Distinguished Encoding Rules) string. Returns: Chepy: The Chepy object. """ cert_pem = _pyssl_crypto.load_certificate( _pyssl_crypto.FILETYPE_PEM, self.state ) self.state = _pyssl_crypto.dump_certificate( _pyssl_crypto.FILETYPE_ASN1, cert_pem ) return self
Example #6
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 6 votes |
def test_dump_certificate_request(self): """ `dump_certificate_request` writes a PEM, DER, and text. """ req = load_certificate_request( FILETYPE_PEM, cleartextCertificateRequestPEM) dumped_pem = dump_certificate_request(FILETYPE_PEM, req) assert dumped_pem == cleartextCertificateRequestPEM dumped_der = dump_certificate_request(FILETYPE_ASN1, req) good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER") assert dumped_der == good_der req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) assert dumped_pem2 == cleartextCertificateRequestPEM dumped_text = dump_certificate_request(FILETYPE_TEXT, req) good_text = _runopenssl( dumped_pem, b"req", b"-noout", b"-text", b"-nameopt", b"") assert dumped_text == good_text with pytest.raises(ValueError): dump_certificate_request(100, req)
Example #7
Source File: test_crypto.py From oss-ftp with MIT License | 6 votes |
def test_load_crl(self): """ Load a known CRL and inspect its revocations. Both PEM and DER formats are loaded. """ crl = load_crl(FILETYPE_PEM, crlData) revs = crl.get_revoked() self.assertEqual(len(revs), 2) self.assertEqual(revs[0].get_serial(), b('03AB')) self.assertEqual(revs[0].get_reason(), None) self.assertEqual(revs[1].get_serial(), b('0100')) self.assertEqual(revs[1].get_reason(), b('Superseded')) der = _runopenssl(crlData, b"crl", b"-outform", b"DER") crl = load_crl(FILETYPE_ASN1, der) revs = crl.get_revoked() self.assertEqual(len(revs), 2) self.assertEqual(revs[0].get_serial(), b('03AB')) self.assertEqual(revs[0].get_reason(), None) self.assertEqual(revs[1].get_serial(), b('0100')) self.assertEqual(revs[1].get_reason(), b('Superseded'))
Example #8
Source File: test_crypto.py From oss-ftp with MIT License | 6 votes |
def test_export_text(self): """ If passed ``FILETYPE_TEXT`` for the format, ``CRL.export`` returns a text format string like the one produced by the openssl command line tool. """ crl = self._get_crl() dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1) text = _runopenssl( dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER" ) # text format dumped_text = crl.export(self.cert, self.pkey, type=FILETYPE_TEXT) self.assertEqual(text, dumped_text)
Example #9
Source File: test_crypto.py From oss-ftp with MIT License | 6 votes |
def test_export_der(self): """ If passed ``FILETYPE_ASN1`` for the format, ``CRL.export`` returns a "DER" format string representing a serial number, a revoked reason, and certificate issuer information. """ crl = self._get_crl() # DER format dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1) text = _runopenssl( dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER" ) text.index(b('Serial Number: 03AB')) text.index(b('Superseded')) text.index( b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA') )
Example #10
Source File: test_crypto.py From oss-ftp with MIT License | 6 votes |
def test_dump_certificate_request(self): """ :py:obj:`dump_certificate_request` writes a PEM, DER, and text. """ req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM) dumped_pem = dump_certificate_request(FILETYPE_PEM, req) self.assertEqual(dumped_pem, cleartextCertificateRequestPEM) dumped_der = dump_certificate_request(FILETYPE_ASN1, req) good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER") self.assertEqual(dumped_der, good_der) req2 = load_certificate_request(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2) self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM) dumped_text = dump_certificate_request(FILETYPE_TEXT, req) good_text = _runopenssl(dumped_pem, b"req", b"-noout", b"-text") self.assertEqual(dumped_text, good_text) self.assertRaises(ValueError, dump_certificate_request, 100, req)
Example #11
Source File: publickey.py From chepy with GNU General Public License v3.0 | 6 votes |
def parse_x509_der_hex(self): """Parse X509 cert in DER format X.509 is an ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI). It is commonly involved with SSL/TLS security.<br><br>This operation displays the contents of a certificate in a human readable format, similar to the openssl command line tool. Returns: Chepy: A Chepy object. """ cert = _pyssl_crypto.load_certificate( _pyssl_crypto.FILETYPE_ASN1, self._convert_to_bytes() ) info = self._convert_cert_to_obj(cert) self.state = info return self
Example #12
Source File: test_crypto.py From oss-ftp with MIT License | 6 votes |
def test_dump_certificate(self): """ :py:obj:`dump_certificate` writes PEM, DER, and text. """ pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM cert = load_certificate(FILETYPE_PEM, pemData) dumped_pem = dump_certificate(FILETYPE_PEM, cert) self.assertEqual(dumped_pem, cleartextCertificatePEM) dumped_der = dump_certificate(FILETYPE_ASN1, cert) good_der = _runopenssl(dumped_pem, b"x509", b"-outform", b"DER") self.assertEqual(dumped_der, good_der) cert2 = load_certificate(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2) self.assertEqual(dumped_pem2, cleartextCertificatePEM) dumped_text = dump_certificate(FILETYPE_TEXT, cert) good_text = _runopenssl(dumped_pem, b"x509", b"-noout", b"-text") self.assertEqual(dumped_text, good_text)
Example #13
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 6 votes |
def test_export_der(self): """ If passed ``FILETYPE_ASN1`` for the format, ``CRL.export`` returns a "DER" format string representing a serial number, a revoked reason, and certificate issuer information. """ crl = self._get_crl() # DER format dumped_crl = self._get_crl().export( self.cert, self.pkey, FILETYPE_ASN1, digest=b"md5" ) crl = x509.load_der_x509_crl(dumped_crl, backend) revoked = crl.get_revoked_certificate_by_serial_number(0x03AB) assert revoked is not None assert crl.issuer == x509.Name([ x509.NameAttribute(x509.NameOID.COUNTRY_NAME, u"US"), x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, u"IL"), x509.NameAttribute(x509.NameOID.LOCALITY_NAME, u"Chicago"), x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Testing"), x509.NameAttribute(x509.NameOID.COMMON_NAME, u"Testing Root CA"), ]) # Flaky because we compare the output of running commands which sometimes # varies by 1 second
Example #14
Source File: ocsp_asn1crypto.py From snowflake-connector-python with Apache License 2.0 | 6 votes |
def extract_certificate_chain(self, connection): """Gets certificate chain and extract the key info from OpenSSL connection.""" from OpenSSL.crypto import dump_certificate, FILETYPE_ASN1 cert_map = OrderedDict() logger.debug( "# of certificates: %s", len(connection.get_peer_cert_chain())) for cert_openssl in connection.get_peer_cert_chain(): cert_der = dump_certificate(FILETYPE_ASN1, cert_openssl) cert = Certificate.load(cert_der) logger.debug( 'subject: %s, issuer: %s', cert.subject.native, cert.issuer.native) cert_map[cert.subject.sha256] = cert return self.create_pair_issuer_subject(cert_map)
Example #15
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 5 votes |
def test_load_privatekey_passphraseWrongType(self): """ `load_privatekey` raises `ValueError` when it is passeda passphrase with a private key encoded in a format, that doesn't support encryption. """ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) blob = dump_privatekey(FILETYPE_ASN1, key) with pytest.raises(ValueError): load_privatekey(FILETYPE_ASN1, blob, "secret")
Example #16
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 5 votes |
def test_load_pkcs7_data_asn1(self): """ `load_pkcs7_data` accepts a bytes containing ASN1 data representing PKCS#7 and returns an instance of `PKCS7`. """ pkcs7 = load_pkcs7_data(FILETYPE_ASN1, pkcs7DataASN1) assert isinstance(pkcs7, PKCS7)
Example #17
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 5 votes |
def test_dump_privatekey_asn1(self): """ `dump_privatekey` writes a DER """ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) dumped_pem = dump_privatekey(FILETYPE_PEM, key) dumped_der = dump_privatekey(FILETYPE_ASN1, key) # XXX This OpenSSL call writes "writing RSA key" to standard out. Sad. good_der = _runopenssl(dumped_pem, b"rsa", b"-outform", b"DER") assert dumped_der == good_der key2 = load_privatekey(FILETYPE_ASN1, dumped_der) dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2) assert dumped_pem2 == cleartextPrivateKeyPEM
Example #18
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 5 votes |
def test_dump_privatekey_passphrase_wrong_type(self): """ `dump_privatekey` raises `ValueError` when it is passed a passphrase with a private key encoded in a format, that doesn't support encryption. """ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) with pytest.raises(ValueError): dump_privatekey(FILETYPE_ASN1, key, GOOD_CIPHER, "secret")
Example #19
Source File: test_crypto.py From pyopenssl with Apache License 2.0 | 5 votes |
def test_bad_file_type(self): """ If the file type passed to `load_certificate_request` is neither `FILETYPE_PEM` nor `FILETYPE_ASN1` then `ValueError` is raised. """ with pytest.raises(ValueError): load_certificate_request(object(), b"") with pytest.raises(ValueError): load_certificate(object(), b"")
Example #20
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def signCertificateRequest(self, requestData, verifyDNCallback, serialNumber, requestFormat=crypto.FILETYPE_ASN1, certificateFormat=crypto.FILETYPE_ASN1): issuer = self.getSubject() return self.privateKey.signCertificateRequest( issuer, requestData, verifyDNCallback, serialNumber, requestFormat, certificateFormat)
Example #21
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def certificateRequest(self, format=crypto.FILETYPE_ASN1, digestAlgorithm='md5'): return self.privateKey.certificateRequest( self.getSubject(), format, digestAlgorithm)
Example #22
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def newCertificate(self, newCertData, format=crypto.FILETYPE_ASN1): """ Create a new L{PrivateCertificate} from the given certificate data and this instance's private key. """ return self.load(newCertData, self.privateKey, format)
Example #23
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def dump(self, format=crypto.FILETYPE_ASN1): return crypto.dump_certificate_request(format, self.original)
Example #24
Source File: _sslverify.py From learn_python3_spider with MIT License | 5 votes |
def certificateRequest(self, distinguishedName, format=crypto.FILETYPE_ASN1, digestAlgorithm='sha256'): """ Create a certificate request signed with this key. @return: a string, formatted according to the 'format' argument. """ return self.requestObject(distinguishedName, digestAlgorithm).dump(format)
Example #25
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def load(Class, requestData, requestFormat=crypto.FILETYPE_ASN1): req = crypto.load_certificate_request(requestFormat, requestData) dn = DistinguishedName() dn._copyFrom(req.get_subject()) if not req.verify(req.get_pubkey()): raise VerifyError("Can't verify that request for %r is self-signed." % (dn,)) return Class(req)
Example #26
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def dump(self, format=crypto.FILETYPE_ASN1): return crypto.dump_certificate(format, self.original)
Example #27
Source File: _sslverify.py From python-for-android with Apache License 2.0 | 5 votes |
def load(Class, requestData, format=crypto.FILETYPE_ASN1, args=()): """ Load a certificate from an ASN.1- or PEM-format string. @rtype: C{Class} """ return Class(crypto.load_certificate(format, requestData), *args)
Example #28
Source File: publickey.py From chepy with GNU General Public License v3.0 | 5 votes |
def der_hex_to_pem(self): """Convert DER format to PEM cert. Converts a hexadecimal DER (Distinguished Encoding Rules) string into PEM (Privacy Enhanced Mail) format. Returns: Chepy: The Chepy object. Examples: >>> c = Chepy(str(Path().absolute() / "tests/files/test.der")) >>> c.load_file() >>> c.der_hex_to_pem() >>> c.o.decode() -----BEGIN CERTIFICATE----- MIICeTCCAeICCQDi5dgCpKMeHTANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMC VVMxDDAKBgNVBAgMA2xvbDEMMAoGA1UEBwwDbnljMRIwEAYDVQQKDAlzZWN1cmlz ... wQSFm54UNQ/vjM12yZ+C5c3268Vo8jSP7mI5R3wn6XztjUSXkDg5/3IL3kojti/h nyhBHx2QCVke7BxWw3HWkbZ/1BKl0HnCGyd5HDTuOtlBmTS+QrJoNpdsn0zq4fvc igbV1IJdKTBAiZzaOQ== -----END CERTIFICATE----- """ cert_pem = _pyssl_crypto.load_certificate( _pyssl_crypto.FILETYPE_ASN1, self._convert_to_bytes() ) self.state = _pyssl_crypto.dump_certificate( _pyssl_crypto.FILETYPE_PEM, cert_pem ) return self
Example #29
Source File: _sslverify.py From learn_python3_spider with MIT License | 5 votes |
def signCertificateRequest(self, requestData, verifyDNCallback, serialNumber, requestFormat=crypto.FILETYPE_ASN1, certificateFormat=crypto.FILETYPE_ASN1): issuer = self.getSubject() return self.privateKey.signCertificateRequest( issuer, requestData, verifyDNCallback, serialNumber, requestFormat, certificateFormat)
Example #30
Source File: _sslverify.py From learn_python3_spider with MIT License | 5 votes |
def signCertificateRequest(self, issuerDistinguishedName, requestData, verifyDNCallback, serialNumber, requestFormat=crypto.FILETYPE_ASN1, certificateFormat=crypto.FILETYPE_ASN1, secondsToExpiry=60 * 60 * 24 * 365, # One year digestAlgorithm='sha256'): """ Given a blob of certificate request data and a certificate authority's DistinguishedName, return a blob of signed certificate data. If verifyDNCallback returns a Deferred, I will return a Deferred which fires the data when that Deferred has completed. """ hlreq = CertificateRequest.load(requestData, requestFormat) dn = hlreq.getSubject() vval = verifyDNCallback(dn) def verified(value): if not value: raise VerifyError("DN callback %r rejected request DN %r" % (verifyDNCallback, dn)) return self.signRequestObject(issuerDistinguishedName, hlreq, serialNumber, secondsToExpiry, digestAlgorithm).dump(certificateFormat) if isinstance(vval, Deferred): return vval.addCallback(verified) else: return verified(vval)