Back to module index

Go to module by name

cryptography.x509

cryptography

cryptography.x509.base

This module has no docstring.

Classes

Attribute

oid = <property object at 0x7f75e2de27a0>
value = <property object at 0x7f75e2de3060>

AttributeNotFound

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

Attributes

get_attribute_for_oid(self, oid: ObjectIdentifier) -> cryptography.x509.base.Attribute

Certificate

fingerprint(self, algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm) -> bytes


          Returns bytes using digest passed.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding) -> bytes


          Serializes the certificate to PEM or DER format.
        
public_key(self) -> Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey, cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey, cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey]


          Returns the public key
        
extensions = <abc.abstractproperty object at 0x7f75e2e9b6a0>

          Returns an Extensions object.
        
issuer = <abc.abstractproperty object at 0x7f75e2e9b520>

          Returns the issuer name object.
        
not_valid_after = <abc.abstractproperty object at 0x7f75e2e9b4c0>

          Not after time (represented as UTC datetime)
        
not_valid_before = <abc.abstractproperty object at 0x7f75e2e9b460>

          Not before time (represented as UTC datetime)
        
serial_number = <abc.abstractproperty object at 0x7f75e2dbbfa0>

          Returns certificate serial number
        
signature = <abc.abstractproperty object at 0x7f75e2e9b700>

          Returns the signature bytes.
        
signature_algorithm_oid = <abc.abstractproperty object at 0x7f75e2e9b640>

          Returns the ObjectIdentifier of the signature algorithm.
        
signature_hash_algorithm = <abc.abstractproperty object at 0x7f75e2e9b5e0>

          Returns a HashAlgorithm corresponding to the type of the digest signed
          in the certificate.
        
subject = <abc.abstractproperty object at 0x7f75e2e9b580>

          Returns the subject name object.
        
tbs_certificate_bytes = <abc.abstractproperty object at 0x7f75e2e9b760>

          Returns the tbsCertificate payload bytes as defined in RFC 5280.
        
tbs_precertificate_bytes = <abc.abstractproperty object at 0x7f75e2e9b7c0>

          Returns the tbsCertificate payload bytes with the SCT list extension
          stripped.
        
version = <abc.abstractproperty object at 0x7f75e2e9b400>

          Returns the certificate version
        

CertificateBuilder

add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool) -> 'CertificateBuilder'


          Adds an X.509 extension to the certificate.
        
issuer_name(self, name: cryptography.x509.name.Name) -> 'CertificateBuilder'


          Sets the CA's distinguished name.
        
not_valid_after(self, time: datetime.datetime) -> 'CertificateBuilder'


          Sets the certificate expiration time.
        
not_valid_before(self, time: datetime.datetime) -> 'CertificateBuilder'


          Sets the certificate activation time.
        
public_key(self, key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey, cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey, cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey]) -> 'CertificateBuilder'


          Sets the requestor's public key (as found in the signing request).
        
serial_number(self, number: int) -> 'CertificateBuilder'


          Sets the certificate serial number.
        
sign(self, private_key: Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey], algorithm: Optional[cryptography.hazmat.primitives.hashes.HashAlgorithm], backend: Any = None) -> cryptography.x509.base.Certificate


          Signs the certificate using the CA's private key.
        
subject_name(self, name: cryptography.x509.name.Name) -> 'CertificateBuilder'


          Sets the requestor's distinguished name.
        

CertificateRevocationList

fingerprint(self, algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm) -> bytes


          Returns bytes using digest passed.
        
get_revoked_certificate_by_serial_number(self, serial_number: int) -> Optional[cryptography.x509.base.RevokedCertificate]


          Returns an instance of RevokedCertificate or None if the serial_number
          is not in the CRL.
        
is_signature_valid(self, public_key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]) -> bool


          Verifies signature of revocation list against given public key.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding) -> bytes


          Serializes the CRL to PEM or DER format.
        
extensions = <abc.abstractproperty object at 0x7f75e2e9bb80>

          Returns an Extensions object containing a list of CRL extensions.
        
issuer = <abc.abstractproperty object at 0x7f75e2e9ba60>

          Returns the X509Name with the issuer of this CRL.
        
last_update = <abc.abstractproperty object at 0x7f75e2e9bb20>

          Returns the date of last update for this CRL.
        
next_update = <abc.abstractproperty object at 0x7f75e2e9bac0>

          Returns the date of next update for this CRL.
        
signature = <abc.abstractproperty object at 0x7f75e2e9bbe0>

          Returns the signature bytes.
        
signature_algorithm_oid = <abc.abstractproperty object at 0x7f75e2e9ba00>

          Returns the ObjectIdentifier of the signature algorithm.
        
signature_hash_algorithm = <abc.abstractproperty object at 0x7f75e2e9b9a0>

          Returns a HashAlgorithm corresponding to the type of the digest signed
          in the certificate.
        
tbs_certlist_bytes = <abc.abstractproperty object at 0x7f75e2e9bc40>

          Returns the tbsCertList payload bytes as defined in RFC 5280.
        

CertificateRevocationListBuilder

add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool) -> 'CertificateRevocationListBuilder'


          Adds an X.509 extension to the certificate revocation list.
        
add_revoked_certificate(self, revoked_certificate: cryptography.x509.base.RevokedCertificate) -> 'CertificateRevocationListBuilder'


          Adds a revoked certificate to the CRL.
        
issuer_name(self, issuer_name: cryptography.x509.name.Name) -> 'CertificateRevocationListBuilder'
last_update(self, last_update: datetime.datetime) -> 'CertificateRevocationListBuilder'
next_update(self, next_update: datetime.datetime) -> 'CertificateRevocationListBuilder'
sign(self, private_key: Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey], algorithm: Optional[cryptography.hazmat.primitives.hashes.HashAlgorithm], backend: Any = None) -> cryptography.x509.base.CertificateRevocationList

CertificateSigningRequest

get_attribute_for_oid(self, oid: ObjectIdentifier) -> bytes


          Get the attribute value for a given OID.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding) -> bytes


          Encodes the request to PEM or DER format.
        
public_key(self) -> Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey, cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey, cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey]


          Returns the public key
        
attributes = <abc.abstractproperty object at 0x7f75e2e9be20>

          Returns an Attributes object.
        
extensions = <abc.abstractproperty object at 0x7f75e2e9bdc0>

          Returns the extensions in the signing request.
        
is_signature_valid = <abc.abstractproperty object at 0x7f75e2e9bf40>

          Verifies signature of signing request.
        
signature = <abc.abstractproperty object at 0x7f75e2e9be80>

          Returns the signature bytes.
        
signature_algorithm_oid = <abc.abstractproperty object at 0x7f75e2e9bd60>

          Returns the ObjectIdentifier of the signature algorithm.
        
signature_hash_algorithm = <abc.abstractproperty object at 0x7f75e2e9bd00>

          Returns a HashAlgorithm corresponding to the type of the digest signed
          in the certificate.
        
subject = <abc.abstractproperty object at 0x7f75e2e9bca0>

          Returns the subject name object.
        
tbs_certrequest_bytes = <abc.abstractproperty object at 0x7f75e2e9bee0>

          Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
          2986.
        

CertificateSigningRequestBuilder

add_attribute(self, oid: ObjectIdentifier, value: bytes, *, _tag: Optional[cryptography.x509.name._ASN1Type] = None) -> 'CertificateSigningRequestBuilder'


          Adds an X.509 attribute with an OID and associated value.
        
add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool) -> 'CertificateSigningRequestBuilder'


          Adds an X.509 extension to the certificate request.
        
sign(self, private_key: Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey], algorithm: Optional[cryptography.hazmat.primitives.hashes.HashAlgorithm], backend: Any = None) -> cryptography.x509.base.CertificateSigningRequest


          Signs the request using the requestor's private key.
        
subject_name(self, name: cryptography.x509.name.Name) -> 'CertificateSigningRequestBuilder'


          Sets the certificate requestor's distinguished name.
        

Extension

critical = <property object at 0x7f75e2cb6660>
oid = <property object at 0x7f75e2cb6610>
value = <property object at 0x7f75e2cb66b0>

ExtensionType

public_bytes(self) -> bytes


          Serializes the extension type to DER.
        

Extensions

get_extension_for_class(self, extclass: Type[+ExtensionTypeVar]) -> 'Extension[ExtensionTypeVar]'
get_extension_for_oid(self, oid: ObjectIdentifier) -> 'Extension[ExtensionType]'

InvalidVersion

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

Name

from_rfc4514_string(data: str, attr_name_overrides: Optional[Mapping[str, ObjectIdentifier]] = None) -> 'Name'
get_attributes_for_oid(self, oid: ObjectIdentifier) -> List[cryptography.x509.name.NameAttribute]
public_bytes(self, backend: Any = None) -> bytes
rfc4514_string(self, attr_name_overrides: Optional[Mapping[ObjectIdentifier, str]] = None) -> str


          Format as RFC4514 Distinguished Name string.
          For example 'CN=foobar.com,O=Foo Corp,C=US'

          An X.509 name is a two-level structure: a list of sets of attributes.
          Each list element is separated by ',' and within each list element, set
          elements are separated by '+'. The latter is almost never used in
          real world certificates. According to RFC4514 section 2.1 the
          RDNSequence must be reversed when converting to string representation.
        
rdns = <property object at 0x7f75e2c973d0>

ObjectIdentifier

dotted_string = <attribute 'dotted_string' of 'builtins.ObjectIdentifier' objects>

RevokedCertificate

extensions = <abc.abstractproperty object at 0x7f75e2e9b8e0>

          Returns an Extensions object containing a list of Revoked extensions.
        
revocation_date = <abc.abstractproperty object at 0x7f75e2e9b880>

          Returns the date of when this certificate was revoked.
        
serial_number = <abc.abstractproperty object at 0x7f75e2e9b820>

          Returns the serial number of the revoked certificate.
        

RevokedCertificateBuilder

add_extension(self, extval: cryptography.x509.extensions.ExtensionType, critical: bool) -> 'RevokedCertificateBuilder'
build(self, backend: Any = None) -> cryptography.x509.base.RevokedCertificate
revocation_date(self, time: datetime.datetime) -> 'RevokedCertificateBuilder'
serial_number(self, number: int) -> 'RevokedCertificateBuilder'

Version

An enumeration.
v1 = <Version.v1: 0>
v3 = <Version.v3: 2>

Functions

load_der_x509_certificate

load_der_x509_certificate(data: bytes, backend: Any = None) -> cryptography.x509.base.Certificate

load_der_x509_crl

load_der_x509_crl(data: bytes, backend: Any = None) -> cryptography.x509.base.CertificateRevocationList

load_der_x509_csr

load_der_x509_csr(data: bytes, backend: Any = None) -> cryptography.x509.base.CertificateSigningRequest

load_pem_x509_certificate

load_pem_x509_certificate(data: bytes, backend: Any = None) -> cryptography.x509.base.Certificate

load_pem_x509_crl

load_pem_x509_crl(data: bytes, backend: Any = None) -> cryptography.x509.base.CertificateRevocationList

load_pem_x509_csr

load_pem_x509_csr(data: bytes, backend: Any = None) -> cryptography.x509.base.CertificateSigningRequest

random_serial_number

random_serial_number() -> int

Other members

CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES = typing.Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]
CERTIFICATE_PRIVATE_KEY_TYPES = typing.Union[cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey]
CERTIFICATE_PUBLIC_KEY_TYPES = typing.Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey, cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey, cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey]

Modules

abc

datetime

dsa

ec

ed25519

ed448

hashes

os

rsa

rust_x509

serialization

typing

utils

x25519

x448