Python NssSsl.add_cert示例

def test_tls_import_chain(topology_st):
    """Test that TLS import will correct report errors when there are multiple
    files in a chain.

    :id: b7ba71bd-112a-44a1-8a7e-8968249da419

    :steps:
        1. Attempt to import a ca chain

    :expectedresults:
        1. The chain is rejected
    """
    topology_st.standalone.stop()
    tls = NssSsl(dirsrv=topology_st.standalone)
    tls.reinit()

    with pytest.raises(ValueError):
        tls.add_cert(nickname='CA_CHAIN_1', input_file=CA_CHAIN_FILE)

    with pytest.raises(ValueError):
        tls.add_server_key_and_cert(KEY_FILE, CRT_CHAIN_FILE)
    with pytest.raises(ValueError):
        tls.add_server_key_and_cert(KEY_CHAIN_FILE, CRT_CHAIN_FILE)
    with pytest.raises(ValueError):
        tls.add_server_key_and_cert(KEY_FILE, KEY_CHAIN_FILE)

    with pytest.raises(ValueError):
        tls.import_rsa_crt(crt=CRT_CHAIN_FILE)
    with pytest.raises(ValueError):
        tls.import_rsa_crt(ca=CA_CHAIN_FILE)

示例#2

显示文件

文件： tls.py 项目： zero804/389-ds-base

def import_ca(inst, log, args):
    tls = NssSsl(dirsrv=inst)
    cert_path = args.cert_path
    nickname = args.nickname
    if nickname.lower() == CERT_NAME.lower() or nickname.lower(
    ) == CA_NAME.lower():
        log.error("You may not import a CA with the nickname %s or %s" %
                  (CERT_NAME, CA_NAME))
        return
    tls.add_cert(nickname=nickname, input_file=cert_path)
    tls.edit_cert_trust(nickname, "C,,")

示例#3

显示文件

文件： security.py 项目： vashirov/389-ds-base

def cacert_add(inst, basedn, log, args):
    """Add CA certificate
    """
    # Verify file and certificate name
    os.path.isfile(args.file)
    tlsdb = NssSsl(dirsrv=inst)
    if not tlsdb._db_exists(even_partial=True):  # we want to be very careful
        log.info('Security database does not exist. Creating a new one in {}.'.
                 format(inst.get_cert_dir()))
        tlsdb.reinit()

    try:
        tlsdb.get_cert_details(args.name)
        raise ValueError("Certificate already exists with the same name")
    except ValueError:
        pass

    # Add the cert
    tlsdb.add_cert(args.name, args.file, ca=True)

示例#4

显示文件

文件： security.py 项目： vashirov/389-ds-base

def cert_add(inst, basedn, log, args):
    """Add server certificate
    """
    # Verify file and certificate name
    os.path.isfile(args.file)
    tlsdb = NssSsl(dirsrv=inst)
    if not tlsdb._db_exists(even_partial=True):  # we want to be very careful
        log.info('Security database does not exist. Creating a new one in {}.'.
                 format(inst.get_cert_dir()))
        tlsdb.reinit()

    try:
        tlsdb.get_cert_details(args.name)
        raise ValueError("Certificate already exists with the same name")
    except ValueError:
        pass

    if args.primary_cert:
        # This is the server's primary certificate, update RSA entry
        RSA(inst).set('nsSSLPersonalitySSL', args.name)

    # Add the cert
    tlsdb.add_cert(args.name, args.file)