Python X509CertKeyCheck Beispiele

Programmiersprache: Python

Namespace / Paketname: ganeti.utils

Methode / Funktion: X509CertKeyCheck

Beispiele auf hotexamples.com: 2

Python X509CertKeyCheck - 2 Beispiele gefunden. Dies sind die am besten bewerteten Python Beispiele für die ganeti.utils.X509CertKeyCheck, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

def _VerifyCertificateStrong(cert_pem,
                             error_fn,
                             _check_fn=utils.CheckNodeCertificate):
    """Verifies a certificate against the local node daemon certificate.

  Includes elaborate tests of encodings etc., and returns formatted
  certificate.

  @type cert_pem: string
  @param cert_pem: Certificate and key in PEM format
  @type error_fn: callable
  @param error_fn: function to call in case of an error
  @rtype: string
  @return: Formatted key and certificate

  """
    try:
        cert = \
          OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem)
    except Exception as err:
        raise error_fn("(stdin) Unable to load certificate: %s" % err)

    try:
        key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
                                             cert_pem)
    except OpenSSL.crypto.Error as err:
        raise error_fn("(stdin) Unable to load private key: %s" % err)

    # Check certificate with given key; this detects cases where the key given on
    # stdin doesn't match the certificate also given on stdin
    try:
        utils.X509CertKeyCheck(cert, key)
    except OpenSSL.SSL.Error:
        raise error_fn("(stdin) Certificate is not signed with given key")

    # Standard checks, including check against an existing local certificate
    # (no-op if that doesn't exist)
    _check_fn(cert)

    key_encoded = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
                                                 key)
    cert_encoded = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                                   cert)
    complete_cert_encoded = key_encoded + cert_encoded
    if not cert_pem == complete_cert_encoded.decode('ascii'):
        logging.error("The certificate differs after being reencoded. Please"
                      " renew the certificates cluster-wide to prevent future"
                      " inconsistencies.")

    # Format for storing on disk
    buf = StringIO()
    buf.write(cert_pem)
    return buf.getvalue()

Beispiel #2

Datei anzeigen

Datei: common.py Projekt: vanloswang/ganeti

    try:
        cert = \
          OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem)
    except Exception, err:
        raise error_fn("(stdin) Unable to load certificate: %s" % err)

    try:
        key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
                                             cert_pem)
    except OpenSSL.crypto.Error, err:
        raise error_fn("(stdin) Unable to load private key: %s" % err)

    # Check certificate with given key; this detects cases where the key given on
    # stdin doesn't match the certificate also given on stdin
    try:
        utils.X509CertKeyCheck(cert, key)
    except OpenSSL.SSL.Error:
        raise error_fn("(stdin) Certificate is not signed with given key")

    # Standard checks, including check against an existing local certificate
    # (no-op if that doesn't exist)
    _check_fn(cert)

    key_encoded = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM,
                                                 key)
    cert_encoded = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                                   cert)
    complete_cert_encoded = key_encoded + cert_encoded
    if not cert_pem == complete_cert_encoded:
        logging.error("The certificate differs after being reencoded. Please"
                      " renew the certificates cluster-wide to prevent future"