def test_dump_certificate(self):
"""
L{dump_certificate} writes PEM, DER, and text.
"""
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
cert = load_certificate(FILETYPE_PEM, pemData)
dumped_pem = dump_certificate(FILETYPE_PEM, cert)
self.assertEqual(dumped_pem, cleartextCertificatePEM)
dumped_der = dump_certificate(FILETYPE_ASN1, cert)
good_der = _runopenssl(dumped_pem, "x509", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
cert2 = load_certificate(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2)
self.assertEqual(dumped_pem2, cleartextCertificatePEM)
dumped_text = dump_certificate(FILETYPE_TEXT, cert)
good_text = _runopenssl(dumped_pem, "x509", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
python类FILETYPE_ASN1的实例源码
def test_dump_privatekey(self):
"""
L{dump_privatekey} writes a PEM, DER, and text.
"""
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
dumped_pem = dump_privatekey(FILETYPE_PEM, key)
self.assertEqual(dumped_pem, cleartextPrivateKeyPEM)
dumped_der = dump_privatekey(FILETYPE_ASN1, key)
# XXX This OpenSSL call writes "writing RSA key" to standard out. Sad.
good_der = _runopenssl(dumped_pem, "rsa", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
key2 = load_privatekey(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2)
self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM)
dumped_text = dump_privatekey(FILETYPE_TEXT, key)
good_text = _runopenssl(dumped_pem, "rsa", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self):
"""
L{dump_certificate_request} writes a PEM, DER, and text.
"""
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
good_der = _runopenssl(dumped_pem, "req", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(dumped_pem, "req", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate(self):
"""
:py:obj:`dump_certificate` writes PEM, DER, and text.
"""
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
cert = load_certificate(FILETYPE_PEM, pemData)
dumped_pem = dump_certificate(FILETYPE_PEM, cert)
self.assertEqual(dumped_pem, cleartextCertificatePEM)
dumped_der = dump_certificate(FILETYPE_ASN1, cert)
good_der = _runopenssl(dumped_pem, b"x509", b"-outform", b"DER")
self.assertEqual(dumped_der, good_der)
cert2 = load_certificate(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2)
self.assertEqual(dumped_pem2, cleartextCertificatePEM)
dumped_text = dump_certificate(FILETYPE_TEXT, cert)
good_text = _runopenssl(dumped_pem, b"x509", b"-noout", b"-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self):
"""
:py:obj:`dump_certificate_request` writes a PEM, DER, and text.
"""
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER")
self.assertEqual(dumped_der, good_der)
req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(dumped_pem, b"req", b"-noout", b"-text")
self.assertEqual(dumped_text, good_text)
self.assertRaises(ValueError, dump_certificate_request, 100, req)
def test_export_der(self):
"""
If passed ``FILETYPE_ASN1`` for the format, ``CRL.export`` returns a
"DER" format string representing a serial number, a revoked reason, and
certificate issuer information.
"""
crl = self._get_crl()
# DER format
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
text = _runopenssl(
dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER"
)
text.index(b('Serial Number: 03AB'))
text.index(b('Superseded'))
text.index(
b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
)
def test_export_text(self):
"""
If passed ``FILETYPE_TEXT`` for the format, ``CRL.export`` returns a
text format string like the one produced by the openssl command line
tool.
"""
crl = self._get_crl()
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
text = _runopenssl(
dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER"
)
# text format
dumped_text = crl.export(self.cert, self.pkey, type=FILETYPE_TEXT)
self.assertEqual(text, dumped_text)
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, b"crl", b"-outform", b"DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
def keyHash(self):
"""
Compute a hash of the underlying PKey object.
The purpose of this method is to allow you to determine if two
certificates share the same public key; it is not really useful for
anything else.
In versions of Twisted prior to 15.0, C{keyHash} used a technique
involving certificate requests for computing the hash that was not
stable in the face of changes to the underlying OpenSSL library.
@return: Return a 32-character hexadecimal string uniquely identifying
this public key, I{for this version of Twisted}.
@rtype: native L{str}
"""
raw = crypto.dump_publickey(crypto.FILETYPE_ASN1, self.original)
h = md5()
h.update(raw)
return h.hexdigest()
def test_dump_certificate(self):
"""
:py:obj:`dump_certificate` writes PEM, DER, and text.
"""
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
cert = load_certificate(FILETYPE_PEM, pemData)
dumped_pem = dump_certificate(FILETYPE_PEM, cert)
self.assertEqual(dumped_pem, cleartextCertificatePEM)
dumped_der = dump_certificate(FILETYPE_ASN1, cert)
good_der = _runopenssl(dumped_pem, b"x509", b"-outform", b"DER")
self.assertEqual(dumped_der, good_der)
cert2 = load_certificate(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2)
self.assertEqual(dumped_pem2, cleartextCertificatePEM)
dumped_text = dump_certificate(FILETYPE_TEXT, cert)
good_text = _runopenssl(dumped_pem, b"x509", b"-noout", b"-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self):
"""
:py:obj:`dump_certificate_request` writes a PEM, DER, and text.
"""
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
good_der = _runopenssl(dumped_pem, b"req", b"-outform", b"DER")
self.assertEqual(dumped_der, good_der)
req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(dumped_pem, b"req", b"-noout", b"-text")
self.assertEqual(dumped_text, good_text)
self.assertRaises(ValueError, dump_certificate_request, 100, req)
def test_export_der(self):
"""
If passed ``FILETYPE_ASN1`` for the format, ``CRL.export`` returns a
"DER" format string representing a serial number, a revoked reason, and
certificate issuer information.
"""
crl = self._get_crl()
# DER format
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
text = _runopenssl(
dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER"
)
text.index(b('Serial Number: 03AB'))
text.index(b('Superseded'))
text.index(
b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')
)
def test_export_text(self):
"""
If passed ``FILETYPE_TEXT`` for the format, ``CRL.export`` returns a
text format string like the one produced by the openssl command line
tool.
"""
crl = self._get_crl()
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
text = _runopenssl(
dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER"
)
# text format
dumped_text = crl.export(self.cert, self.pkey, type=FILETYPE_TEXT)
self.assertEqual(text, dumped_text)
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, b"crl", b"-outform", b"DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
def test_dump_privatekey(self):
"""
L{dump_privatekey} writes a PEM, DER, and text.
"""
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
self.assertTrue(key.check())
dumped_pem = dump_privatekey(FILETYPE_PEM, key)
self.assertEqual(dumped_pem, cleartextPrivateKeyPEM)
dumped_der = dump_privatekey(FILETYPE_ASN1, key)
# XXX This OpenSSL call writes "writing RSA key" to standard out. Sad.
good_der = _runopenssl(dumped_pem, "rsa", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
key2 = load_privatekey(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2)
self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM)
dumped_text = dump_privatekey(FILETYPE_TEXT, key)
good_text = _runopenssl(dumped_pem, "rsa", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self):
"""
L{dump_certificate_request} writes a PEM, DER, and text.
"""
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
good_der = _runopenssl(dumped_pem, "req", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(dumped_pem, "req", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
self.assertRaises(ValueError, dump_certificate_request, 100, req)
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, "crl", "-outform", "DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
def test_dump_privatekey(self):
"""
L{dump_privatekey} writes a PEM, DER, and text.
"""
key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
dumped_pem = dump_privatekey(FILETYPE_PEM, key)
self.assertEqual(dumped_pem, cleartextPrivateKeyPEM)
dumped_der = dump_privatekey(FILETYPE_ASN1, key)
# XXX This OpenSSL call writes "writing RSA key" to standard out. Sad.
good_der = _runopenssl(dumped_pem, "rsa", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
key2 = load_privatekey(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2)
self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM)
dumped_text = dump_privatekey(FILETYPE_TEXT, key)
good_text = _runopenssl(dumped_pem, "rsa", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
def test_dump_certificate_request(self):
"""
L{dump_certificate_request} writes a PEM, DER, and text.
"""
req = load_certificate_request(FILETYPE_PEM, cleartextCertificateRequestPEM)
dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
good_der = _runopenssl(dumped_pem, "req", "-outform", "DER")
self.assertEqual(dumped_der, good_der)
req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
good_text = _runopenssl(dumped_pem, "req", "-noout", "-text")
self.assertEqual(dumped_text, good_text)
def load(Class, requestData, format=crypto.FILETYPE_ASN1, args=()):
"""
Load a certificate from an ASN.1- or PEM-format string.
@rtype: C{Class}
"""
return Class(crypto.load_certificate(format, requestData), *args)
def dump(self, format=crypto.FILETYPE_ASN1):
return crypto.dump_certificate(format, self.original)
def dump(self, format=crypto.FILETYPE_ASN1):
return crypto.dump_certificate_request(format, self.original)
def newCertificate(self, newCertData, format=crypto.FILETYPE_ASN1):
"""
Create a new L{PrivateCertificate} from the given certificate data and
this instance's private key.
"""
return self.load(newCertData, self.privateKey, format)
def load(Class, data, privateKey, format=crypto.FILETYPE_ASN1):
return Class._load(data, format)._setPrivateKey(privateKey)
def certificateRequest(self, format=crypto.FILETYPE_ASN1,
digestAlgorithm='md5'):
return self.privateKey.certificateRequest(
self.getSubject(),
format,
digestAlgorithm)
def signCertificateRequest(self,
requestData,
verifyDNCallback,
serialNumber,
requestFormat=crypto.FILETYPE_ASN1,
certificateFormat=crypto.FILETYPE_ASN1):
issuer = self.getSubject()
return self.privateKey.signCertificateRequest(
issuer,
requestData,
verifyDNCallback,
serialNumber,
requestFormat,
certificateFormat)
def load(Class, data, format=crypto.FILETYPE_ASN1):
return Class(crypto.load_privatekey(format, data))
def dump(self, format=crypto.FILETYPE_ASN1):
return crypto.dump_privatekey(format, self.original)
def __setstate__(self, state):
self.__init__(crypto.load_privatekey(crypto.FILETYPE_ASN1, state))
def newCertificate(self, newCertData, format=crypto.FILETYPE_ASN1):
return PrivateCertificate.load(newCertData, self, format)
