def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, b"crl", b"-outform", b"DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
python类load_crl()的实例源码
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, b"crl", b"-outform", b"DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both
PEM and DER formats are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
der = _runopenssl(crlData, "crl", "-outform", "DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
self.assertEqual(len(revs), 2)
self.assertEqual(revs[0].get_serial(), b('03AB'))
self.assertEqual(revs[0].get_reason(), None)
self.assertEqual(revs[1].get_serial(), b('0100'))
self.assertEqual(revs[1].get_reason(), b('Superseded'))
def test_ignores_unsupported_revoked_cert_extension_get_reason(self):
"""
The get_reason method on the Revoked class checks to see if the
extension is NID_crl_reason and should skip it otherwise. This test
loads a CRL with extensions it should ignore.
"""
crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension)
revoked = crl.get_revoked()
reason = revoked[1].get_reason()
assert reason == b'Unspecified'
def test_ignores_unsupported_revoked_cert_extension_set_new_reason(self):
crl = load_crl(FILETYPE_PEM, crlDataUnsupportedExtension)
revoked = crl.get_revoked()
revoked[1].set_reason(None)
reason = revoked[1].get_reason()
assert reason is None
def test_load_crl(self):
"""
Load a known CRL and inspect its revocations. Both EM and DER formats
are loaded.
"""
crl = load_crl(FILETYPE_PEM, crlData)
revs = crl.get_revoked()
assert len(revs) == 2
assert revs[0].get_serial() == b'03AB'
assert revs[0].get_reason() is None
assert revs[1].get_serial() == b'0100'
assert revs[1].get_reason() == b'Superseded'
der = _runopenssl(crlData, b"crl", b"-outform", b"DER")
crl = load_crl(FILETYPE_ASN1, der)
revs = crl.get_revoked()
assert len(revs) == 2
assert revs[0].get_serial() == b'03AB'
assert revs[0].get_reason() is None
assert revs[1].get_serial() == b'0100'
assert revs[1].get_reason() == b'Superseded'
def test_load_crl_bad_filetype(self):
"""
Calling `OpenSSL.crypto.load_crl` with an unknown file type raises a
`ValueError`.
"""
with pytest.raises(ValueError):
load_crl(100, crlData)
def test_load_crl_bad_data(self):
"""
Calling `OpenSSL.crypto.load_crl` with file data which can't be loaded
raises a `OpenSSL.crypto.Error`.
"""
with pytest.raises(Error):
load_crl(FILETYPE_PEM, b"hello, world")
def test_dump_crl(self):
"""
The dumped CRL matches the original input.
"""
crl = load_crl(FILETYPE_PEM, crlData)
buf = dump_crl(FILETYPE_PEM, crl)
assert buf == crlData
def test_convert_to_cryptography_key(self):
crl = load_crl(FILETYPE_PEM, crlData)
crypto_crl = crl.to_cryptography()
assert isinstance(crypto_crl, x509.CertificateRevocationList)
def _prepare_revoked(self):
ca = self._create_ca()
crl = crypto.load_crl(crypto.FILETYPE_PEM, ca.crl)
self.assertIsNone(crl.get_revoked())
cert = self._create_cert(ca=ca)
cert.revoke()
return (ca, cert)
def test_crl(self):
ca, cert = self._prepare_revoked()
crl = crypto.load_crl(crypto.FILETYPE_PEM, ca.crl)
revoked_list = crl.get_revoked()
self.assertIsNotNone(revoked_list)
self.assertEqual(len(revoked_list), 1)
self.assertEqual(int(revoked_list[0].get_serial()), cert.serial_number)
def test_crl_view(self):
ca, cert = self._prepare_revoked()
response = self.client.get(reverse('x509:crl', args=[ca.pk]))
self.assertEqual(response.status_code, 200)
crl = crypto.load_crl(crypto.FILETYPE_PEM, response.content)
revoked_list = crl.get_revoked()
self.assertIsNotNone(revoked_list)
self.assertEqual(len(revoked_list), 1)
self.assertEqual(int(revoked_list[0].get_serial()), cert.serial_number)
def test_load_crl_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with other than two
arguments results in a :py:obj:`TypeError` being raised.
"""
self.assertRaises(TypeError, load_crl)
self.assertRaises(TypeError, load_crl, FILETYPE_PEM)
self.assertRaises(TypeError, load_crl, FILETYPE_PEM, crlData, None)
def test_load_crl_bad_filetype(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with an unknown file type
raises a :py:obj:`ValueError`.
"""
self.assertRaises(ValueError, load_crl, 100, crlData)
def test_load_crl_bad_data(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with file data which can't
be loaded raises a :py:obj:`OpenSSL.crypto.Error`.
"""
self.assertRaises(Error, load_crl, FILETYPE_PEM, b"hello, world")
def test_crl_view(self):
ca = self._create_ca()
response = self.client.get(reverse('x509:crl', args=[ca.pk]))
self.assertEqual(response.status_code, 200)
crl = crypto.load_crl(crypto.FILETYPE_PEM, response.content)
revoked_list = crl.get_revoked()
self.assertIsNone(revoked_list)
def test_load_crl_wrong_args(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with other than two
arguments results in a :py:obj:`TypeError` being raised.
"""
self.assertRaises(TypeError, load_crl)
self.assertRaises(TypeError, load_crl, FILETYPE_PEM)
self.assertRaises(TypeError, load_crl, FILETYPE_PEM, crlData, None)
def test_load_crl_bad_filetype(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with an unknown file type
raises a :py:obj:`ValueError`.
"""
self.assertRaises(ValueError, load_crl, 100, crlData)
def test_load_crl_bad_data(self):
"""
Calling :py:obj:`OpenSSL.crypto.load_crl` with file data which can't
be loaded raises a :py:obj:`OpenSSL.crypto.Error`.
"""
self.assertRaises(Error, load_crl, FILETYPE_PEM, b"hello, world")
def test_load_crl_bad_filetype(self):
"""
Calling L{OpenSSL.crypto.load_crl} with an unknown file type
raises a L{ValueError}.
"""
self.assertRaises(ValueError, load_crl, 100, crlData)
def test_load_crl_bad_data(self):
"""
Calling L{OpenSSL.crypto.load_crl} with file data which can't
be loaded raises a L{OpenSSL.crypto.Error}.
"""
self.assertRaises(Error, load_crl, FILETYPE_PEM, "hello, world")
def load_crl(self, crlfile):
'''
Load crl file content to openssl x509 object.
:param crlfile: CRL file path.
:type crlfile: String.
:returns: Informational result dict {'error': Boolean, 'message': if error String else x509 object}
:rtype: Dict.
'''
if not ospath.isfile(crlfile):
x509obj = crypto.CRL()
if self.__verbose:
print("INFO: New CRL " + crlfile + " created.")
res = {"error": False, "message": x509obj}
return(res)
else:
try:
x509obj = crypto.load_crl(
crypto.FILETYPE_PEM, open(crlfile).read())
except SSL.SysCallError as e:
res = {"error": True, "message": e.strerror + " " + e.filename}
#print(e.args, e.errno, e.filename, e.strerror)
except SSL.Error as f:
res = {"error": True, "message": f.strerror + " " + f.filename}
except SSL.WantReadError as r:
res = {"error": True, "message": r.strerror + " " + r.filename}
except SSL.WantWriteError as w:
res = {"error": True, "message": w.strerror + " " + w.filename}
except SSL.WantX509LookupError as x:
res = {"error": True, "message": x.strerror + " " + x.filename}
except Exception as ex:
res = {
"error": True,
"message": ex.strerror +
" " +
ex.filename}
except:
res = {"error": True, "message": "Unexpected error"}
else:
res = {"error": False, "message": x509obj}
finally:
return(res)
def renew_crl_date(self, next_crl_days=183):
'''
Extend crl expiry date and/or renwew crl
:param next_crl_days: Number of days to add for CRL expiry.
:type next_crl_days: Int.
:returns: Informational result dict {'error': Boolean, 'message': String}
:rtype: Dict.
'''
crlObj = self.load_crl(self.__crlpath)
if not crlObj['error']:
crlObj = crlObj['message']
else:
res = {"error": True, "message": crlObj['message']}
return(res)
caKeyObj = self.load_pkey(
self.__intermediateCAkeyfile,
self.__intermediatePass)
if not caKeyObj['error']:
caKeyObj = caKeyObj['message']
else:
res = {"error": True, "message": caKeyObj['message']}
return(res)
caCertObj = self.load_crt(self.__intermediateCAcrtfile)
if not caCertObj['error']:
caCertObj = caCertObj['message']
else:
res = {"error": True, "message": caCertObj['message']}
return(res)
try:
encodedCrl = crlObj.export(
caCertObj,
caKeyObj,
days=next_crl_days,
digest=self.__CRL_ALGO.encode('utf-8')).decode('utf-8')
wresult = self.writeFile(self.__crlpath, encodedCrl)
if wresult['error']:
res = {"error": True, "message": wresult['message']}
return(res)
except:
res = {
"error": True,
"message": "ERROR: Unable to edit crl: " +
self.__crlpath}
return(res)
res = {"error": False, "message": "INFO: CRL date updated successfuly."}
return(res)
