{ "info": { "author": "Russell Sim", "author_email": "russell.sim@arcs.org.au", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "License :: OSI Approved :: GNU General Public License (GPL)", "Programming Language :: Python", "Topic :: Security :: Cryptography", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: System :: Distributed Computing" ], "description": ".. contents::\n\nIntroduction\n============\n\nThis library provides some utility classes and functions for deailing with X509 certificates. Most of the tasks performed by these classes are trivial but they require use of the M2Crypto classes which can be a pain. The problem isn't that the M2Crypto classes are complex, it just that when doing GSI tasks i find myself repeating work in different projects.\n\n>>> import arcs.gsi.certificate\n>>> r = arcs.gsi.certificate.CertificateRequest()\n>>> r.set_dn(\"DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim\")\n>>> r.sign()\n>>> print r.get_cert_req().as_text()\nCertificate Request:\n Data:\n Version: 0 (0x0)\n Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (2048 bit)\n Modulus (2048 bit):\n ...\n Exponent: 65537 (0x10001)\n Attributes:\n a0:00\n Signature Algorithm: sha1WithRSAEncryption\n ...\n\n\nGenerating a request with a 1024 bit key for compatablity with older applications.\n\n>>> r = arcs.gsi.certificate.CertificateRequest(dn=\"DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim\", keySize=1024)\n>>> r.sign()\n>>> print r\nCertificate Request:\n Data:\n Version: 0 (0x0)\n Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (1024 bit)\n Modulus (1024 bit):\n ...\n Exponent: 65537 (0x10001)\n Attributes:\n a0:00\n Signature Algorithm: sha1WithRSAEncryption\n ...\n\n\nIt's easier to access a certificate without needing to introspect M2Crypto to figure out the calls.\n\n>>> r\n-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----\n\n\n>>> r = arcs.gsi.certificate.CertificateRequest(dn=\"DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim\", keySize=1024)\n\nExtensions are passed in as a list of dictionarys.\n\n>>> r.add_extensions([{'critical': False, 'name': 'ExtendedKeyUsage', 'value': 'clientAuth'}, {'critical': True, 'name': 'KeyUsage', 'value': 'Digital Signature, Key Encipherment'}, {'critical': False, 'name': 'CertificatePolicies', 'value': '1.3.6.1.4.1.31863.1.0.1'}, {'critical': False, 'name': 'SubjectAltName', 'value': 'email:russell@vpac.org'}])\n>>> r.sign()\n>>> print r\nCertificate Request:\n Data:\n Version: 0 (0x0)\n Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (1024 bit)\n Modulus (1024 bit):\n ...\n Exponent: 65537 (0x10001)\n Attributes:\n Requested Extensions:\n X509v3 Extended Key Usage: \n TLS Web Client Authentication\n X509v3 Key Usage: critical\n Digital Signature, Key Encipherment\n X509v3 Certificate Policies: \n Policy: 1.3.6.1.4.1.31863.1.0.1\n\n X509v3 Subject Alternative Name: \n email:russell@vpac.org\n Signature Algorithm: sha1WithRSAEncryption\n ...\n\n\nCreating certificates\n---------------------\n\nCreating a certificate, currently this can't be done from a request because there are no methods to extract the extensions from a request.\n\n>>> c = arcs.gsi.certificate.Certificate()\n>>> c.set_dn(\"DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim\")\n>>> c.add_extensions([{'critical': False, 'name': 'ExtendedKeyUsage', 'value': 'clientAuth'}, {'critical': True, 'name': 'KeyUsage', 'value': 'Digital Signature, Key Encipherment'}, {'critical': False, 'name': 'CertificatePolicies', 'value': '1.3.6.1.4.1.31863.1.0.1'}, {'critical': False, 'name': 'SubjectAltName', 'value': 'email:russell@vpac.org'}])\n>>> c.set_version(2)\n>>> c.set_serial_number()\n>>> c.set_times()\n>>> c.set_issuer_name(c.get_subject())\n>>> k = arcs.gsi.key.Key()\n>>> c.sign(k)\n\nCreating a proxy certificate\n----------------------------\n\n>>> p = arcs.gsi.proxy.ProxyCertificate(c)\n>>> p.sign()\n>>> print p\nCertificate:\n Data:\n Version: 3 (0x2)\n Serial Number: ... (0x...)\n Signature Algorithm: sha1WithRSAEncryption\n Issuer: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim\n Validity\n Not Before: ...\n Not After : ...\n Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim, CN=...\n Subject Public Key Info:\n Public Key Algorithm: rsaEncryption\n RSA Public Key: (2048 bit)\n Modulus (2048 bit):\n ...\n Exponent: 65537 (0x10001)\n X509v3 extensions:\n X509v3 Key Usage: critical\n Digital Signature, Key Encipherment, Data Encipherment\n Proxy Certificate Information: critical\n Path Length Constraint: infinite\n Policy Language: Inherit all\n\n Signature Algorithm: sha1WithRSAEncryption\n ...\n\n\n\n\n\n\nChangelog\n=========\n\n1.2 - Unreleased\n----------------\n* Key class now accepts PEM formated keys [Russell]\n* Python 2.6 compatability, removed dependency on xpath [Russell]\n* Now using nose testing [Russell]\n\n\n1.1 - (2009-10-29)\n------------------\n* updated documentation, including addition of sphinx [Russell]\n* Jython hack added to support webstart [Markus]\n* Jython example code added [Markus]\n* added slcs support functions [Russell]\n* Centos ignores M2Crypto requirement [Russell]\n* New certificates now have a start time of -5min [Sam]\n* Updated proxy name generation to avoid encoding errors [Russell]\n\n\n1.0 (2009-07-08)\n----------------\n\n* Initial release\n* Certificate Classes added\n* Proxy Classes added\n* Key Classes added", "description_content_type": null, "docs_url": null, "download_url": "http://code.arcs.org.au/pypi/simple/arcs.gsi/", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://code.arcs.org.au/gitorious/arcs-gsi/arcs-gsi", "keywords": "", "license": "GPL", "maintainer": null, "maintainer_email": null, "name": "arcs.gsi", "package_url": "https://pypi.org/project/arcs.gsi/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/arcs.gsi/", "project_urls": { "Download": "http://code.arcs.org.au/pypi/simple/arcs.gsi/", "Homepage": "http://code.arcs.org.au/gitorious/arcs-gsi/arcs-gsi" }, "release_url": "https://pypi.org/project/arcs.gsi/1.2/", "requires_dist": null, "requires_python": null, "summary": "Library to assist GSI authentication and certificate handling in python.", "version": "1.2" }, "last_serial": 786409, "releases": { "1.0": [], "1.2": [], "1.2dev-20091120": [ { "comment_text": "", "digests": { "md5": "f2311a748bd31b3b18d91e1645b49d04", "sha256": "d5bf3991110a48dc13ea9dc457335792464d2b22d9b13386cc47bf975b121bc3" }, "downloads": -1, "filename": "arcs.gsi-1.2dev-20091120.tar.gz", "has_sig": false, "md5_digest": "f2311a748bd31b3b18d91e1645b49d04", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 31493, "upload_time": "2009-11-20T03:44:15", "url": "https://files.pythonhosted.org/packages/59/35/c7d8d5406efd1f4724496675ed7318385a0f462cd5ea341befb8b22fd845/arcs.gsi-1.2dev-20091120.tar.gz" } ] }, "urls": [] }