我们从Python开源项目中,提取了以下16个代码示例,用于说明如何使用cryptography.x509.RevokedCertificateBuilder()。
def create_x509_revoked_certificate(self, builder): if not isinstance(builder, x509.RevokedCertificateBuilder): raise TypeError('Builder type mismatch.') x509_revoked = self._lib.X509_REVOKED_new() self.openssl_assert(x509_revoked != self._ffi.NULL) x509_revoked = self._ffi.gc(x509_revoked, self._lib.X509_REVOKED_free) serial_number = _encode_asn1_int_gc(self, builder._serial_number) res = self._lib.X509_REVOKED_set_serialNumber( x509_revoked, serial_number ) self.openssl_assert(res == 1) rev_date = self._lib.ASN1_TIME_set( self._ffi.NULL, calendar.timegm(builder._revocation_date.timetuple()) ) self.openssl_assert(rev_date != self._ffi.NULL) rev_date = self._ffi.gc(rev_date, self._lib.ASN1_TIME_free) res = self._lib.X509_REVOKED_set_revocationDate(x509_revoked, rev_date) self.openssl_assert(res == 1) # add CRL entry extensions self._create_x509_extensions( extensions=builder._extensions, handlers=_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS, x509_obj=x509_revoked, add_func=self._lib.X509_REVOKED_add_ext, gc=True ) return _RevokedCertificate(self, None, x509_revoked)
def update_crl(crl_file, revoked_certs, ca_crt, pkey): with open(crl_file, 'rb') as f: old_crl = x509.load_pem_x509_crl( data=f.read(), backend=default_backend() ) crl = x509.CertificateRevocationListBuilder().issuer_name( ca_crt.subject ).last_update( datetime.datetime.utcnow() ).next_update( datetime.datetime.utcnow() + datetime.timedelta(days=365 * 10) ) for cert in revoked_certs: crl = crl.add_revoked_certificate( x509.RevokedCertificateBuilder().serial_number( cert.serial ).revocation_date( datetime.datetime.utcnow() ).build( default_backend() ) ) for cert in old_crl: crl = crl.add_revoked_certificate(cert) crl = crl.sign( private_key=pkey, algorithm=hashes.SHA256(), backend=default_backend() ) with open(crl_file, 'wb') as f: f.write(crl.public_bytes( # pylint: disable=no-member encoding=serialization.Encoding.PEM, )) return crl
def build_crl(): #from cryptography import x509 # from cryptography.hazmat.backends import default_backend #from cryptography.hazmat.primitives import hashes # from cryptography.hazmat.primitives.asymmetric import rsa #from cryptography.x509.oid import NameOID #import datetime ca=get_newest_ca() one_day = datetime.timedelta(1, 0, 0) builder = x509.CertificateRevocationListBuilder() builder = builder.issuer_name(x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME,ca.common_name), ])) builder = builder.last_update(datetime.datetime.today()) builder = builder.next_update(datetime.datetime.today() + one_day) revoked_list=Certificate.objects.filter(issuer_serial_number=ca.serial_number,revoked=True) for revoked_cert in revoked_list: logger.debug("revoked serial_number: %s",revoked_cert.serial_number) revoked_cert = x509.RevokedCertificateBuilder().serial_number(int(revoked_cert.serial_number) ).revocation_date( datetime.datetime.today() ).build(default_backend()) builder = builder.add_revoked_certificate(revoked_cert) crl = builder.sign( private_key=loadPEMKey(keyStorePath(ca.serial_number)), algorithm=hashes.SHA256(), backend=default_backend() ) dataStream=crl.public_bytes(serialization.Encoding.PEM) return dataStream
