diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-19 23:32:08 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-24 18:49:11 -0600 |
| commit | bfac2d10305cf72d634e0e74a87fd08d4cd07257 (patch) | |
| tree | a93206af48941b2539019d8bb6e290f17956ad97 /docs/x509 | |
| parent | 48f17cb225abcf43f77915d152f6cc15b762c702 (diff) | |
| download | cryptography-bfac2d10305cf72d634e0e74a87fd08d4cd07257.tar.gz cryptography-bfac2d10305cf72d634e0e74a87fd08d4cd07257.tar.bz2 cryptography-bfac2d10305cf72d634e0e74a87fd08d4cd07257.zip | |
CertificateRevocationListBuilder
RSA keys only. Currently does not support CRL extensions or
CRLEntry extensions.
Diffstat (limited to 'docs/x509')
| -rw-r--r-- | docs/x509/reference.rst | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/docs/x509/reference.rst b/docs/x509/reference.rst index 4f4ce4fa..0697e636 100644 --- a/docs/x509/reference.rst +++ b/docs/x509/reference.rst @@ -761,6 +761,88 @@ X.509 CSR (Certificate Signing Request) Object key embedded in the CSR). This data may be used to validate the CSR signature. +X.509 Certificate Revocation List Builder +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. class:: CertificateRevocationListBuilder + + .. versionadded:: 1.2 + + .. doctest:: + + >>> from cryptography import x509 + >>> from cryptography.hazmat.backends import default_backend + >>> from cryptography.hazmat.primitives import hashes + >>> from cryptography.hazmat.primitives.asymmetric import rsa + >>> from cryptography.x509.oid import NameOID + >>> import datetime + >>> one_day = datetime.timedelta(1, 0, 0) + >>> private_key = rsa.generate_private_key( + ... public_exponent=65537, + ... key_size=2048, + ... backend=default_backend() + ... ) + >>> builder = x509.CertificateRevocationListBuilder() + >>> builder = builder.issuer_name(x509.Name([ + ... x509.NameAttribute(NameOID.COMMON_NAME, u'cryptography.io CA'), + ... ])) + >>> builder = builder.last_update(datetime.datetime.today()) + >>> builder = builder.next_update(datetime.datetime.today() + one_day) + >>> crl = builder.sign( + ... private_key=private_key, algorithm=hashes.SHA256(), + ... backend=default_backend() + ... ) + >>> isinstance(crl, x509.CertificateRevocationList) + True + + .. method:: issuer_name(name) + + Sets the issuer's distinguished name. + + :param name: The :class:`~cryptography.x509.Name` that describes the + issuer (CA). + + .. method:: last_update(time) + + Sets the CRL's activation time. This is the time from which + clients can start trusting the CRL. It may be different from + the time at which the CRL was created. This is also known as the + ``thisUpdate`` time. + + :param time: The :class:`datetime.datetime` object (in UTC) that marks the + activation time for the CRL. The CRL may not be trusted if it is + used before this time. + + .. method:: next_update(time) + + Sets the CRL's next update time. This is the time by which + a new CRL will be issued. The next CRL could be issued before this + , but it will not be issued any later than the indicated date. + + :param time: The :class:`datetime.datetime` object (in UTC) that marks the + next update time for the CRL. + + .. method:: sign(private_key, algorithm, backend) + + Sign the CRL using the CA's private key. + + :param private_key: The + :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, + :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or + :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` + that will be used to sign the certificate. + + :param algorithm: The + :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` that + will be used to generate the signature. + + :param backend: Backend that will be used to build the CRL. + Must support the + :class:`~cryptography.hazmat.backends.interfaces.X509Backend` + interface. + + :returns: :class:`~cryptography.x509.CertificateRevocationList` + X.509 Revoked Certificate Object ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |