python类CertificateRevocationListBuilder()的实例源码

crypto.py 文件源码 项目:certproxy 作者: geneanet 项目源码 文件源码 阅读 22 收藏 0 点赞 0 评论 0
def load_or_create_crl(crl_file, ca_crt, pkey):
    if os.path.isfile(crl_file):
        with open(crl_file, 'rb') as f:
            crl = x509.load_pem_x509_crl(
                data=f.read(),
                backend=default_backend()
            )
    else:
        crl = x509.CertificateRevocationListBuilder().issuer_name(
            ca_crt.subject
        ).last_update(
            datetime.datetime.utcnow()
        ).next_update(
            datetime.datetime.utcnow() + datetime.timedelta(days=365 * 10)
        ).sign(
            private_key=pkey,
            algorithm=hashes.SHA256(),
            backend=default_backend()
        )
        with open(crl_file, 'wb') as f:
            f.write(crl.public_bytes(
                encoding=serialization.Encoding.PEM,
            ))

    return crl
crypto.py 文件源码 项目:certproxy 作者: geneanet 项目源码 文件源码 阅读 29 收藏 0 点赞 0 评论 0
def update_crl(crl_file, revoked_certs, ca_crt, pkey):
    with open(crl_file, 'rb') as f:
        old_crl = x509.load_pem_x509_crl(
            data=f.read(),
            backend=default_backend()
        )

    crl = x509.CertificateRevocationListBuilder().issuer_name(
        ca_crt.subject
    ).last_update(
        datetime.datetime.utcnow()
    ).next_update(
        datetime.datetime.utcnow() + datetime.timedelta(days=365 * 10)
    )

    for cert in revoked_certs:
        crl = crl.add_revoked_certificate(
            x509.RevokedCertificateBuilder().serial_number(
                cert.serial
            ).revocation_date(
                datetime.datetime.utcnow()
            ).build(
                default_backend()
            )
        )

    for cert in old_crl:
        crl = crl.add_revoked_certificate(cert)

    crl = crl.sign(
        private_key=pkey,
        algorithm=hashes.SHA256(),
        backend=default_backend()
    )

    with open(crl_file, 'wb') as f:
        f.write(crl.public_bytes(  # pylint: disable=no-member
            encoding=serialization.Encoding.PEM,
        ))

    return crl
x509_functions.py 文件源码 项目:IoT_pki 作者: zibawa 项目源码 文件源码 阅读 17 收藏 0 点赞 0 评论 0
def build_crl():
#from cryptography import x509
#    from cryptography.hazmat.backends import default_backend
#from cryptography.hazmat.primitives import hashes
#    from cryptography.hazmat.primitives.asymmetric import rsa
#from cryptography.x509.oid import NameOID
#import datetime
    ca=get_newest_ca()
    one_day = datetime.timedelta(1, 0, 0)

    builder = x509.CertificateRevocationListBuilder()
    builder = builder.issuer_name(x509.Name([
        x509.NameAttribute(NameOID.COMMON_NAME,ca.common_name),
        ]))
    builder = builder.last_update(datetime.datetime.today())
    builder = builder.next_update(datetime.datetime.today() + one_day)

    revoked_list=Certificate.objects.filter(issuer_serial_number=ca.serial_number,revoked=True)


    for revoked_cert in revoked_list:
        logger.debug("revoked serial_number: %s",revoked_cert.serial_number)
        revoked_cert = x509.RevokedCertificateBuilder().serial_number(int(revoked_cert.serial_number)
                 ).revocation_date(
                     datetime.datetime.today()
                     ).build(default_backend())
        builder = builder.add_revoked_certificate(revoked_cert)

    crl = builder.sign(
            private_key=loadPEMKey(keyStorePath(ca.serial_number)), algorithm=hashes.SHA256(),
            backend=default_backend()
            )

    dataStream=crl.public_bytes(serialization.Encoding.PEM)

    return dataStream


问题


面经


文章

微信
公众号

扫码关注公众号