Python cryptography.hazmat.primitives.serialization.Encoding.DER Examples
The following are 30
code examples of cryptography.hazmat.primitives.serialization.Encoding.DER().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
cryptography.hazmat.primitives.serialization.Encoding
, or try the search function
.
Example #1
Source File: tokentools.py From snowflake-ingest-python with Apache License 2.0 | 6 votes |
def calculate_public_key_fingerprint(self, private_key: Text) -> Text: """ Given a private key in pem format, return the public key fingerprint :param private_key: private key string :return: public key fingerprint """ try: private_key = load_pem_private_key(private_key.encode(), None, default_backend()) except (ValueError, UnsupportedAlgorithm) as e: raise IngestClientError( code=ERR_INVALID_PRIVATE_KEY, message='Invalid private key. {}'.format(e)) # get the raw bytes of public key public_key_raw = private_key.public_key().public_bytes(Encoding.DER, PublicFormat.SubjectPublicKeyInfo) # take sha256 on raw bytes and then do base64 encode sha256hash = hashlib.sha256() sha256hash.update(public_key_raw) public_key_fp = 'SHA256:' + base64.b64encode(sha256hash.digest()).decode('utf-8') logger.info("Public key fingerprint is %s", public_key_fp) return public_key_fp
Example #2
Source File: tests_views.py From django-ca with GNU General Public License v3.0 | 6 votes |
def test_basic(self): # test the default view idp = self.get_idp(full_name=self.get_idp_full_name(self.ca), only_contains_user_certs=True) response = self.client.get(reverse('default', kwargs={'serial': self.ca.serial})) self.assertEqual(response.status_code, 200) self.assertEqual(response['Content-Type'], 'application/pkix-crl') self.assertCRL(response.content, encoding=Encoding.DER, expires=600, idp=idp) # revoke a certificate cert = self.certs['child-cert'] cert.revoke() # fetch again - we should see a cached response response = self.client.get(reverse('default', kwargs={'serial': self.ca.serial})) self.assertEqual(response.status_code, 200) self.assertEqual(response['Content-Type'], 'application/pkix-crl') self.assertCRL(response.content, encoding=Encoding.DER, expires=600, idp=idp) # clear the cache and fetch again cache.clear() response = self.client.get(reverse('default', kwargs={'serial': self.ca.serial})) self.assertEqual(response.status_code, 200) self.assertEqual(response['Content-Type'], 'application/pkix-crl') self.assertCRL(response.content, encoding=Encoding.DER, expires=600, idp=idp, certs=[cert], crl_number=1)
Example #3
Source File: app.py From commandment with MIT License | 6 votes |
def anchor_certs(): """Download a list of certificates to trust the MDM The response is a JSON array of base64 encoded DER certs as described in the DEP profile creation documentation.""" anchors = [] if 'CA_CERTIFICATE' in current_app.config: with open(current_app.config['CA_CERTIFICATE'], 'rb') as fd: pem_data = fd.read() c: x509.Certificate = x509.load_pem_x509_certificate(pem_data, backend=default_backend()) der = c.public_bytes(Encoding.DER) anchors.append(urlsafe_b64encode(der)) if 'SSL_CERTIFICATE' in current_app.config: with open(current_app.config['SSL_CERTIFICATE'], 'rb') as fd: pem_data = fd.read() c: x509.Certificate = x509.load_pem_x509_certificate(pem_data, backend=default_backend()) der = c.public_bytes(Encoding.DER) anchors.append(urlsafe_b64encode(der)) return jsonify(anchors)
Example #4
Source File: views.py From django-ca with GNU General Public License v3.0 | 6 votes |
def get(self, request, serial): encoding = parse_encoding(request.GET.get('encoding', self.type)) cache_key = get_crl_cache_key(serial, algorithm=self.digest, encoding=encoding, scope=self.scope) crl = cache.get(cache_key) if crl is None: ca = self.get_object() encoding = parse_encoding(self.type) crl = ca.get_crl(expires=self.expires, algorithm=self.digest, password=self.password, scope=self.scope) crl = crl.public_bytes(encoding) cache.set(cache_key, crl, self.expires) content_type = self.content_type if content_type is None: if self.type == Encoding.DER: content_type = 'application/pkix-crl' elif self.type == Encoding.PEM: content_type = 'text/plain' else: # pragma: no cover # DER/PEM are all known encoding types, so this shouldn't happen return HttpResponseServerError() return HttpResponse(crl, content_type=content_type)
Example #5
Source File: tests_command_view_cert.py From django-ca with GNU General Public License v3.0 | 6 votes |
def test_der(self): cert = self.certs['child-cert'] stdout, stderr = self.cmd('view_cert', cert.serial, format=Encoding.DER, stdout=BytesIO(), stderr=BytesIO()) expected = '''Common Name: {cn} Valid from: {valid_from_short} Valid until: {valid_until_short} Status: Valid SubjectAlternativeName{subject_alternative_name_critical}: * {subject_alternative_name[0]} Watchers: Digest: md5: {md5} sha1: {sha1} sha256: {sha256} sha512: {sha512} HPKP pin: {hpkp} '''.format(**self.get_cert_context('child-cert')) expected = force_bytes(expected) + certs['child-cert']['pub']['der'] + b'\n' self.assertEqual(stdout, expected) self.assertEqual(stderr, b'')
Example #6
Source File: tests_command_cache_crls.py From django-ca with GNU General Public License v3.0 | 6 votes |
def test_basic(self): hash_cls = hashes.SHA512 enc_cls = Encoding.DER stdout, stderr = self.cmd('cache_crls') self.assertEqual(stdout, '') self.assertEqual(stderr, '') for name, ca in self.cas.items(): key = get_crl_cache_key(ca.serial, hash_cls, enc_cls, 'ca') crl = x509.load_der_x509_crl(cache.get(key), default_backend()) self.assertIsNotNone(crl) self.assertIsInstance(crl.signature_hash_algorithm, hash_cls) key = get_crl_cache_key(ca.serial, hash_cls, enc_cls, 'user') crl = x509.load_der_x509_crl(cache.get(key), default_backend()) self.assertIsNotNone(crl)
Example #7
Source File: dump_ca.py From django-ca with GNU General Public License v3.0 | 6 votes |
def handle(self, ca, path, **options): if options['bundle'] and options['format'] == Encoding.DER: raise CommandError('Cannot dump bundle when using DER format.') if options['bundle']: certs = ca.bundle else: certs = [ca] data = b''.join([c.dump_certificate(options['format']) for c in certs]) if path == '-': self.stdout.write(data, ending=b'') else: try: with open(path, 'wb') as stream: stream.write(data) except IOError as e: raise CommandError(e)
Example #8
Source File: dump_cert.py From django-ca with GNU General Public License v3.0 | 6 votes |
def handle(self, cert, path, **options): if options['bundle'] and options['format'] == Encoding.DER: raise CommandError('Cannot dump bundle when using DER format.') if options['bundle']: certs = cert.bundle else: certs = [cert] data = b''.join([c.dump_certificate(options['format']) for c in certs]) if path == '-': self.stdout.write(data, ending=b'') else: try: with open(path, 'wb') as stream: stream.write(data) except IOError as e: raise CommandError(e)
Example #9
Source File: base.py From django-ca with GNU General Public License v3.0 | 5 votes |
def _load_csr(data): basedir = data.get('basedir', settings.FIXTURES_DIR) path = os.path.join(basedir, data['csr_filename']) with open(path, 'rb') as stream: raw = stream.read().strip() csr_data = { 'pem': raw.decode('utf-8'), 'parsed': x509.load_pem_x509_csr(raw, default_backend()), } csr_data['der'] = csr_data['parsed'].public_bytes(Encoding.DER) return csr_data
Example #10
Source File: tests_tasks.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_cache_all_crls(self): hash_cls = hashes.SHA512 enc_cls = Encoding.DER tasks.cache_crls() for ca, data in self.cas.items(): key = get_crl_cache_key(data.serial, hash_cls, enc_cls, 'ca') crl = x509.load_der_x509_crl(cache.get(key), default_backend()) self.assertIsInstance(crl.signature_hash_algorithm, hash_cls) key = get_crl_cache_key(data.serial, hash_cls, enc_cls, 'user') crl = x509.load_der_x509_crl(cache.get(key), default_backend())
Example #11
Source File: tests_views.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_full_scope(self): full_name = 'http://localhost/crl' idp = self.get_idp(full_name=[x509.UniformResourceIdentifier(value=full_name)]) self.ca.crl_url = full_name self.ca.save() response = self.client.get(reverse('full', kwargs={'serial': self.ca.serial})) self.assertEqual(response.status_code, 200) self.assertEqual(response['Content-Type'], 'application/pkix-crl') self.assertCRL(response.content, encoding=Encoding.DER, expires=600, idp=idp)
Example #12
Source File: tests_views.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_view(self): client = Client() for name, ca in self.cas.items(): url = reverse('django_ca:issuer', kwargs={'serial': ca.root.serial}) resp = client.get(url) self.assertEqual(resp['Content-Type'], 'application/pkix-cert') self.assertEqual(resp.content, ca.root.x509.public_bytes(encoding=Encoding.DER))
Example #13
Source File: tests_views_ocsp.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_no_nonce(self): from cryptography.x509 import ocsp cert = self.certs['child-cert'] builder = ocsp.OCSPRequestBuilder() builder = builder.add_certificate(cert.x509, cert.ca.x509, hashes.SHA1()) data = base64.b64encode(builder.build().public_bytes(serialization.Encoding.DER)) response = self.client.get(reverse('get', kwargs={'data': data.decode('utf-8')})) self.assertOCSP(response, requested=[cert], nonce=None)
Example #14
Source File: tests_views_ocsp.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_no_nonce_asn1crypto(self): cert = self.certs['child-cert'] builder = ocspbuilder.OCSPRequestBuilder( certificate=asn1crypto.x509.Certificate.load(cert.x509.public_bytes(Encoding.DER)), issuer=asn1crypto.x509.Certificate.load(cert.ca.x509.public_bytes(Encoding.DER)) ) builder.nonce = False data = base64.b64encode(builder.build().dump()).decode('utf-8') response = self.client.get(reverse('get', kwargs={'data': data})) self.assertEqual(response.status_code, 200) self.assertOCSP(response, requested=[cert], nonce=None)
Example #15
Source File: tests_command_dump_ca.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_format(self): for option in ['PEM', 'DER']: encoding = getattr(Encoding, option) stdout, stderr = self.cmd('dump_ca', self.ca.serial, format=encoding, stdout=BytesIO(), stderr=BytesIO()) self.assertEqual(stderr, b'') self.assertEqual(stdout, self.ca.dump_certificate(encoding))
Example #16
Source File: tests_command_dump_ca.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_errors(self): path = os.path.join(ca_settings.CA_DIR, 'does-not-exist', 'test_ca.pem') msg = r"^\[Errno 2\] No such file or directory: '%s/does-not-exist/test_ca\.pem'$" % ( ca_settings.CA_DIR) with self.assertCommandError(msg): self.cmd('dump_ca', self.ca.serial, path, stdout=BytesIO(), stderr=BytesIO()) with self.assertCommandError(r'^Cannot dump bundle when using DER format\.$'): self.cmd('dump_ca', self.ca.serial, format=Encoding.DER, bundle=True, stdout=BytesIO(), stderr=BytesIO())
Example #17
Source File: tests_command_dump_cert.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_format(self): for option in ['PEM', 'DER']: encoding = getattr(Encoding, option) stdout, stderr = self.cmd('dump_cert', self.cert.serial, format=encoding, stdout=BytesIO(), stderr=BytesIO()) self.assertEqual(stderr, b'') self.assertEqual(stdout, self.cert.dump_certificate(encoding))
Example #18
Source File: tests_command_dump_cert.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_errors(self): path = os.path.join(ca_settings.CA_DIR, 'does-not-exist', 'test_cert.pem') msg = r"^\[Errno 2\] No such file or directory: '%s/does-not-exist/test_cert\.pem'$" % ( ca_settings.CA_DIR) with self.assertCommandError(msg): self.cmd('dump_cert', self.cert.serial, path, stdout=BytesIO(), stderr=BytesIO()) with self.assertCommandError(r"^Cannot dump bundle when using DER format\.$"): self.cmd('dump_cert', self.cert.serial, format=Encoding.DER, bundle=True, stdout=BytesIO(), stderr=BytesIO())
Example #19
Source File: tests_management_base.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_basic(self): ns = self.parser.parse_args(['--action=DER']) self.assertEqual(ns.action, Encoding.DER) ns = self.parser.parse_args(['--action=ASN1']) self.assertEqual(ns.action, Encoding.DER) ns = self.parser.parse_args(['--action=PEM']) self.assertEqual(ns.action, Encoding.PEM)
Example #20
Source File: admin.py From django-ca with GNU General Public License v3.0 | 5 votes |
def _download_response(self, request, pk, bundle=False): if not request.user.is_staff or not self.has_change_permission(request): # NOTE: is_staff is already assured by ModelAdmin, but just to be sure raise PermissionDenied # get object in question try: obj = self.model.objects.get(pk=pk) except self.model.DoesNotExist: raise Http404 # get filetype filetype = request.GET.get('format', 'PEM').upper().strip() if filetype == 'PEM': if bundle is True: data = '\n'.join([cert.pub.strip() for cert in obj.bundle]) else: data = obj.pub elif filetype == 'DER': if bundle is True: return HttpResponseBadRequest(_('DER/ASN.1 certificates cannot be downloaded as a bundle.')) data = obj.x509.public_bytes(encoding=Encoding.DER) else: return HttpResponseBadRequest() filename = obj.get_filename(ext=filetype, bundle=bundle) response = HttpResponse(data, content_type='application/pkix-cert') response['Content-Disposition'] = 'attachment; filename=%s' % filename return response
Example #21
Source File: admin.py From django-ca with GNU General Public License v3.0 | 5 votes |
def download_view(self, request, pk): """A view that allows the user to download a certificate in PEM or DER/ASN1 format.""" return self._download_response(request, pk)
Example #22
Source File: recreate-fixtures.py From django-ca with GNU General Public License v3.0 | 5 votes |
def copy_cert(cert, data, key_path, csr_path): key_dest = os.path.join(args.dest, data['key_filename']) csr_dest = os.path.join(args.dest, data['csr_filename']) pub_dest = os.path.join(args.dest, data['pub_filename']) key_der_dest = os.path.join(args.dest, data['key_der_filename']) pub_der_dest = os.path.join(args.dest, data['pub_der_filename']) shutil.copy(key_path, key_dest) shutil.copy(csr_path, csr_dest) with open(pub_dest, 'w') as stream: stream.write(cert.pub) with open(key_dest, 'rb') as stream: priv_key = stream.read() priv_key = load_pem_private_key(priv_key, None, default_backend()) key_der = priv_key.private_bytes( encoding=Encoding.DER, format=PrivateFormat.PKCS8, encryption_algorithm=NoEncryption()) with open(key_der_dest, 'wb') as stream: stream.write(key_der) with open(pub_der_dest, 'wb') as stream: stream.write(cert.dump_certificate(Encoding.DER)) data['crl'] = cert.ca.crl_url data['subject'] = cert.distinguishedName() data['parsed_cert'] = cert update_cert_data(cert, data)
Example #23
Source File: x509.py From bazarr with GNU General Public License v3.0 | 5 votes |
def create_ssl_context(cert_byes, pk_bytes, password=None, encoding=Encoding.PEM): """Create an SSL Context with the supplied cert/password. :param cert_bytes array of bytes containing the cert encoded using the method supplied in the ``encoding`` parameter :param pk_bytes array of bytes containing the private key encoded using the method supplied in the ``encoding`` parameter :param password array of bytes containing the passphrase to be used with the supplied private key. None if unencrypted. Defaults to None. :param encoding ``cryptography.hazmat.primitives.serialization.Encoding`` details the encoding method used on the ``cert_bytes`` and ``pk_bytes`` parameters. Can be either PEM or DER. Defaults to PEM. """ backend = default_backend() cert = None key = None if encoding == Encoding.PEM: cert = x509.load_pem_x509_certificate(cert_byes, backend) key = load_pem_private_key(pk_bytes, password, backend) elif encoding == Encoding.DER: cert = x509.load_der_x509_certificate(cert_byes, backend) key = load_der_private_key(pk_bytes, password, backend) else: raise ValueError('Invalid encoding provided: Must be PEM or DER') if not (cert and key): raise ValueError('Cert and key could not be parsed from ' 'provided data') check_cert_dates(cert) ssl_context = PyOpenSSLContext(PROTOCOL) ssl_context._ctx.use_certificate(X509.from_cryptography(cert)) ssl_context._ctx.use_privatekey(PKey.from_cryptography_key(key)) return ssl_context
Example #24
Source File: tests_admin.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_invalid_format(self): response = self.client.get('%s?format=INVALID' % self.url) self.assertEqual(response.status_code, 400) self.assertEqual(response.content, b'') # DER is not supported for bundles response = self.client.get('%s?format=DER' % self.url) self.assertEqual(response.status_code, 400) self.assertEqual(response.content, b'DER/ASN.1 certificates cannot be downloaded as a bundle.')
Example #25
Source File: tests_admin.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_not_found(self): url = reverse('admin:django_ca_certificate_download', kwargs={'pk': '123'}) response = self.client.get('%s?format=DER' % url) self.assertEqual(response.status_code, 404)
Example #26
Source File: tests_utils.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_basic(self): self.assertEqual(parse_encoding(), Encoding.PEM) self.assertEqual(parse_encoding('PEM'), Encoding.PEM) self.assertEqual(parse_encoding(Encoding.PEM), Encoding.PEM) self.assertEqual(parse_encoding('DER'), Encoding.DER) self.assertEqual(parse_encoding('ASN1'), Encoding.DER) self.assertEqual(parse_encoding(Encoding.DER), Encoding.DER) self.assertEqual(parse_encoding('OpenSSH'), Encoding.OpenSSH) self.assertEqual(parse_encoding(Encoding.OpenSSH), Encoding.OpenSSH)
Example #27
Source File: _certificate_utils.py From sslyze with GNU Affero General Public License v3.0 | 5 votes |
def get_public_key_sha256(certificate: x509.Certificate) -> bytes: pub_bytes = certificate.public_key().public_bytes(encoding=Encoding.DER, format=PublicFormat.SubjectPublicKeyInfo) digest = sha256(pub_bytes).digest() return digest
Example #28
Source File: tests_tasks.py From django-ca with GNU General Public License v3.0 | 5 votes |
def test_basic(self): hash_cls = hashes.SHA512 enc_cls = Encoding.DER for ca, data in self.cas.items(): tasks.cache_crl(data.serial) key = get_crl_cache_key(data.serial, hash_cls, enc_cls, 'ca') crl = x509.load_der_x509_crl(cache.get(key), default_backend()) self.assertIsInstance(crl.signature_hash_algorithm, hash_cls) key = get_crl_cache_key(data.serial, hash_cls, enc_cls, 'user') crl = x509.load_der_x509_crl(cache.get(key), default_backend())
Example #29
Source File: models.py From django-ca with GNU General Public License v3.0 | 5 votes |
def cache_crls(self, password=None, algorithm=None): password = password or self.get_password() ca_key = self.key(password) if isinstance(ca_key, dsa.DSAPrivateKey) and algorithm is None: algorithm = hashes.SHA1() for name, config in ca_settings.CA_CRL_PROFILES.items(): overrides = config.get('OVERRIDES', {}).get(self.serial, {}) if overrides.get('skip'): continue algorithm = algorithm or parse_hash_algorithm(overrides.get('algorithm', config.get('algorithm'))) expires = overrides.get('expires', config.get('expires', 86400)) scope = overrides.get('scope', config.get('scope')) full_name = overrides.get('full_name', config.get('full_name')) relative_name = overrides.get('relative_name', config.get('relative_name')) encodings = overrides.get('encodings', config.get('encodings', ['DER', ])) crl = None # only compute crl when it is actually needed for encoding in encodings: encoding = parse_encoding(encoding) cache_key = get_crl_cache_key(self.serial, algorithm, encoding, scope=scope) if expires >= 600: # pragma: no branch # for longer expiries we substract a random value so that regular CRL regeneration is # distributed a bit cache_expires = expires - random.randint(1, 5) * 60 if cache.get(cache_key) is None: if crl is None: crl = self.get_crl(expires=expires, algorithm=algorithm, password=password, scope=scope, full_name=full_name, relative_name=relative_name) encoded_crl = crl.public_bytes(encoding) cache.set(cache_key, encoded_crl, cache_expires)
Example #30
Source File: models.py From django-ca with GNU General Public License v3.0 | 5 votes |
def hpkp_pin(self): # taken from https://github.com/luisgf/hpkp-python/blob/master/hpkp.py public_key_raw = self.x509.public_key().public_bytes( encoding=Encoding.DER, format=PublicFormat.SubjectPublicKeyInfo) public_key_hash = hashlib.sha256(public_key_raw).digest() return base64.b64encode(public_key_hash).decode('utf-8')