def extended_key_usage_bytes(self): ekurfc = rfc2459.ExtKeyUsageSyntax() eku = self.extended_key_usage or {EKU_PLACEHOLDER} for i, oid in enumerate(eku): ekurfc[i] = univ.ObjectIdentifier(oid) ekurfc = encoder.encode(ekurfc) return self.__encode_extension('2.5.29.37', EKU_ANY not in eku, ekurfc)
def addExtKeyUsage(self, extKeyUsage, critical): extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax() for count, keyPurpose in enumerate(extKeyUsage.split(',')): extKeyUsageExtension.setComponentByPosition( count, self.keyPurposeToOID(keyPurpose)) self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension, critical)
def addExtKeyUsage(self, extKeyUsage): extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax() count = 0 for keyPurpose in extKeyUsage.split(','): extKeyUsageExtension.setComponentByPosition(count, self.keyPurposeToOID(keyPurpose)) count += 1 self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension)
def EKU(self): for ext in self.asn[0].getComponentByName('extensions') or []: if ext[0] == rfc2459.id_ce_extKeyUsage: res = decoder.decode(ext.getComponentByName('extnValue'))[0] res = decoder.decode(res, asn1Spec=rfc2459.ExtKeyUsageSyntax())[0] return list(str(x) for x in res) return []
def extended_key_usage_bytes(self): eku = self.extended_key_usage if eku is None: return None ekurfc = rfc2459.ExtKeyUsageSyntax() for i, oid in enumerate(sorted(eku)): ekurfc[i] = univ.ObjectIdentifier(oid) ekurfc = encoder.encode(ekurfc) return self.__encode_extension('2.5.29.37', EKU_ANY not in eku, ekurfc)
def _build_extended_key_usage(ekus): ext = rfc2459.Extension() extoid = utility.OID_eku extval = rfc2459.ExtKeyUsageSyntax() for i, eku in enumerate(ekus): extval.setComponentByPosition(i, eku) encapsulated = univ.OctetString(encoder.encode(extval)) ext.setComponentByName('extnID', extoid) ext.setComponentByName('extnValue', encapsulated) return ext
def __init__(self, ekus): """Создание EKU :ekus: список OID-ов расш. использования """ val = rfc2459.ExtKeyUsageSyntax() for i, x in enumerate(ekus): val.setComponentByPosition(i, rfc2459.KeyPurposeId(str(x))) super(EKU, self).__init__(csp.szOID_ENHANCED_KEY_USAGE, encoder.encode(val))
def check_extension(tsacert: str): try: cert_ = open(tsacert, 'rb').read() cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_) count = 0 for i in range(cert.get_extension_count()): ext = cert.get_extension(i) if ext.get_short_name().decode() == 'extendedKeyUsage': count += 1 ext_key_usage, _ = decoder.decode(ext.get_data(), asn1Spec=rfc2459.ExtKeyUsageSyntax()) assert ext_key_usage[0] == id_kp_timeStamping assert count == 1 except Exception as e: logging.error('Checking Extended Key Usage: Failure', exc_info=e) raise e logging.info('Checking Extended Key Usage: Success') return True
def encode_ext_key_usage(ext_key_usage): eku = rfc2459.ExtKeyUsageSyntax() for i, oid in enumerate(ext_key_usage): eku[i] = univ.ObjectIdentifier(oid) eku = encoder.encode(eku) return _encode_extension('2.5.29.37', EKU_ANY not in ext_key_usage, eku)