Python get_ext_key_usage示例

编程语言: Python

命名空间/包名称: ipalib.x509

方法/功能: get_ext_key_usage

hotexamples.com的示例: 3

Python get_ext_key_usage - 已找到3个示例。这些是从开源项目中提取的最受好评的ipalib.x509.get_ext_key_usage现实Python示例。您可以评价示例，以帮助我们提高示例质量。

示例#1

显示文件

文件： certstore.py 项目： shanyin/freeipa

def init_ca_entry(entry, dercert, nickname, trusted, ext_key_usage):
    """
    Initialize certificate store entry for a CA certificate.
    """
    subject, issuer_serial, public_key = _parse_cert(dercert)

    if ext_key_usage is not None:
        try:
            cert_eku = x509.get_ext_key_usage(dercert, x509.DER)
        except NSPRError as e:
            raise ValueError("failed to decode certificate: %s" % e)
        if cert_eku is not None:
            cert_eku -= {
                x509.EKU_SERVER_AUTH, x509.EKU_CLIENT_AUTH,
                x509.EKU_EMAIL_PROTECTION, x509.EKU_CODE_SIGNING, x509.EKU_ANY,
                x509.EKU_PLACEHOLDER
            }
            ext_key_usage = ext_key_usage | cert_eku

    entry['objectClass'] = ['ipaCertificate', 'pkiCA', 'ipaKeyPolicy']
    entry['cn'] = [nickname]

    entry['ipaCertSubject'] = [subject]
    entry['ipaCertIssuerSerial'] = [issuer_serial]
    entry['ipaPublicKey'] = [public_key]
    entry['cACertificate;binary'] = [dercert]

    if trusted is not None:
        entry['ipaKeyTrust'] = ['trusted' if trusted else 'distrusted']
    if ext_key_usage is not None:
        ext_key_usage = list(ext_key_usage)
        if not ext_key_usage:
            ext_key_usage.append(x509.EKU_PLACEHOLDER)
        entry['ipaKeyExtUsage'] = ext_key_usage

示例#2

显示文件

文件： certstore.py 项目： martbab/freeipa

def init_ca_entry(entry, dercert, nickname, trusted, ext_key_usage):
    """
    Initialize certificate store entry for a CA certificate.
    """
    subject, issuer_serial, public_key = _parse_cert(dercert)

    if ext_key_usage is not None:
        try:
            cert_eku = x509.get_ext_key_usage(dercert, x509.DER)
        except ValueError as e:
            raise ValueError("failed to decode certificate: %s" % e)
        if cert_eku is not None:
            cert_eku -= {x509.EKU_SERVER_AUTH, x509.EKU_CLIENT_AUTH,
                         x509.EKU_EMAIL_PROTECTION, x509.EKU_CODE_SIGNING,
                         x509.EKU_ANY, x509.EKU_PLACEHOLDER}
            ext_key_usage = ext_key_usage | cert_eku

    entry['objectClass'] = ['ipaCertificate', 'pkiCA', 'ipaKeyPolicy']
    entry['cn'] = [nickname]

    entry['ipaCertSubject'] = [subject]
    entry['ipaCertIssuerSerial'] = [issuer_serial]
    entry['ipaPublicKey'] = [public_key]
    entry['cACertificate;binary'] = [dercert]

    if trusted is not None:
        entry['ipaKeyTrust'] = ['trusted' if trusted else 'distrusted']
    if ext_key_usage is not None:
        ext_key_usage = list(ext_key_usage)
        if not ext_key_usage:
            ext_key_usage.append(x509.EKU_PLACEHOLDER)
        entry['ipaKeyExtUsage'] = ext_key_usage

示例#3

显示文件

def init_ca_entry(entry, dercert, nickname, trusted, ext_key_usage):
    """
    Initialize certificate store entry for a CA certificate.
    """
    subject, issuer_serial, public_key = _parse_cert(dercert)

    if ext_key_usage is not None:
        try:
            cert_eku = x509.get_ext_key_usage(dercert, x509.DER)
        except NSPRError, e:
            raise ValueError("failed to decode certificate: %s" % e)
        if cert_eku is not None:
            cert_eku -= {x509.EKU_SERVER_AUTH, x509.EKU_CLIENT_AUTH,
                         x509.EKU_EMAIL_PROTECTION, x509.EKU_CODE_SIGNING,
                         x509.EKU_ANY, x509.EKU_PLACEHOLDER}
            ext_key_usage = ext_key_usage | cert_eku