def extended_key_usage_bytes(self):
ekurfc = rfc2459.ExtKeyUsageSyntax()
eku = self.extended_key_usage or {EKU_PLACEHOLDER}
for i, oid in enumerate(eku):
ekurfc[i] = univ.ObjectIdentifier(oid)
ekurfc = encoder.encode(ekurfc)
return self.__encode_extension('2.5.29.37', EKU_ANY not in eku, ekurfc)
def addExtKeyUsage(self, extKeyUsage, critical):
extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax()
for count, keyPurpose in enumerate(extKeyUsage.split(',')):
extKeyUsageExtension.setComponentByPosition(
count, self.keyPurposeToOID(keyPurpose))
self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension,
critical)
def addExtKeyUsage(self, extKeyUsage):
extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax()
count = 0
for keyPurpose in extKeyUsage.split(','):
extKeyUsageExtension.setComponentByPosition(count, self.keyPurposeToOID(keyPurpose))
count += 1
self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension)
def EKU(self):
for ext in self.asn[0].getComponentByName('extensions') or []:
if ext[0] == rfc2459.id_ce_extKeyUsage:
res = decoder.decode(ext.getComponentByName('extnValue'))[0]
res = decoder.decode(res,
asn1Spec=rfc2459.ExtKeyUsageSyntax())[0]
return list(str(x) for x in res)
return []
def extended_key_usage_bytes(self):
eku = self.extended_key_usage
if eku is None:
return None
ekurfc = rfc2459.ExtKeyUsageSyntax()
for i, oid in enumerate(sorted(eku)):
ekurfc[i] = univ.ObjectIdentifier(oid)
ekurfc = encoder.encode(ekurfc)
return self.__encode_extension('2.5.29.37', EKU_ANY not in eku, ekurfc)
def _build_extended_key_usage(ekus):
ext = rfc2459.Extension()
extoid = utility.OID_eku
extval = rfc2459.ExtKeyUsageSyntax()
for i, eku in enumerate(ekus):
extval.setComponentByPosition(i, eku)
encapsulated = univ.OctetString(encoder.encode(extval))
ext.setComponentByName('extnID', extoid)
ext.setComponentByName('extnValue', encapsulated)
return ext
def __init__(self, ekus):
"""Создание EKU
:ekus: список OID-ов расш. использования
"""
val = rfc2459.ExtKeyUsageSyntax()
for i, x in enumerate(ekus):
val.setComponentByPosition(i, rfc2459.KeyPurposeId(str(x)))
super(EKU, self).__init__(csp.szOID_ENHANCED_KEY_USAGE,
encoder.encode(val))
def check_extension(tsacert: str):
try:
cert_ = open(tsacert, 'rb').read()
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_)
count = 0
for i in range(cert.get_extension_count()):
ext = cert.get_extension(i)
if ext.get_short_name().decode() == 'extendedKeyUsage':
count += 1
ext_key_usage, _ = decoder.decode(ext.get_data(), asn1Spec=rfc2459.ExtKeyUsageSyntax())
assert ext_key_usage[0] == id_kp_timeStamping
assert count == 1
except Exception as e:
logging.error('Checking Extended Key Usage: Failure', exc_info=e)
raise e
logging.info('Checking Extended Key Usage: Success')
return True
def encode_ext_key_usage(ext_key_usage):
eku = rfc2459.ExtKeyUsageSyntax()
for i, oid in enumerate(ext_key_usage):
eku[i] = univ.ObjectIdentifier(oid)
eku = encoder.encode(eku)
return _encode_extension('2.5.29.37', EKU_ANY not in ext_key_usage, eku)
