Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 68481c3e78d08b7defdd716b72b7563fb0ee5469 / . / docs / x509.rst
blob: ba52d91a01f22fc89a98100dc149ddb145dbfc7e [file] [log] [blame]
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]1.. hazmat::
2
3X.509
4=====
5
Paul Kehrera9d78c12014-11-26 10:59:03 -1000[diff] [blame]6.. currentmodule:: cryptography.x509
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]7
8X.509 is an ITU-T standard for a `public key infrastructure`_. X.509v3 is
Paul Kehrera68fd332014-11-27 07:08:40 -1000[diff] [blame]9defined in :rfc:`5280` (which obsoletes :rfc:`2459` and :rfc:`3280`). X.509
10certificates are commonly used in protocols like `TLS`_.
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]11
12Loading
13~~~~~~~
14
15.. function:: load_pem_x509_certificate(data, backend)
16
17 .. versionadded:: 0.7
18
19 Deserialize a certificate from PEM encoded data.
20
21 :param bytes data: The PEM encoded certificate data.
22
23 :param backend: A backend supporting the
24 :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
25 interface.
26
27 :returns: An instance of
28 :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
29
30.. function:: load_der_x509_certificate(data, backend)
31
32 .. versionadded:: 0.7
33
34 Deserialize a certificate from DER encoded data.
35
36 :param bytes data: The DER encoded certificate data.
37
38 :param backend: A backend supporting the
39 :class:`~cryptography.hazmat.backends.interfaces.X509Backend`
40 interface.
41
42 :returns: An instance of
43 :class:`~cryptography.hazmat.primitives.interfaces.X509Certificate`.
44
45.. testsetup::
46
47 pem_data = b"""
48 -----BEGIN CERTIFICATE-----
49 MIIDfDCCAmSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf
50 MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg
51 QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowQDELMAkGA1UE
52 BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExEDAOBgNVBAMT
53 B0dvb2QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQWJpHYo37
54 Xfb7oJSPe+WvfTlzIG21WQ7MyMbGtK/m8mejCzR6c+f/pJhEH/OcDSMsXq8h5kXa
55 BGqWK+vSwD/Pzp5OYGptXmGPcthDtAwlrafkGOS4GqIJ8+k9XGKs+vQUXJKsOk47
56 RuzD6PZupq4s16xaLVqYbUC26UcY08GpnoLNHJZS/EmXw1ZZ3d4YZjNlpIpWFNHn
57 UGmdiGKXUPX/9H0fVjIAaQwjnGAbpgyCumWgzIwPpX+ElFOUr3z7BoVnFKhIXze+
58 VmQGSWxZxvWDUN90Ul0tLEpLgk3OVxUB4VUGuf15OJOpgo1xibINPmWt14Vda2N9
59 yrNKloJGZNqLAgMBAAGjfDB6MB8GA1UdIwQYMBaAFOR9X9FclYYILAWuvnW2ZafZ
60 XahmMB0GA1UdDgQWBBRYAYQkG7wrUpRKPaUQchRR9a86yTAOBgNVHQ8BAf8EBAMC
61 AQYwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
62 KoZIhvcNAQELBQADggEBADWHlxbmdTXNwBL/llwhQqwnazK7CC2WsXBBqgNPWj7m
63 tvQ+aLG8/50Qc2Sun7o2VnwF9D18UUe8Gj3uPUYH+oSI1vDdyKcjmMbKRU4rk0eo
64 3UHNDXwqIVc9CQS9smyV+x1HCwL4TTrq+LXLKx/qVij0Yqk+UJfAtrg2jnYKXsCu
65 FMBQQnWCGrwa1g1TphRp/RmYHnMynYFmZrXtzFz+U9XEA7C+gPq4kqDI/iVfIT1s
66 6lBtdB50lrDVwl2oYfAvW/6sC2se2QleZidUmrziVNP4oEeXINokU6T6p//HM1FG
67 QYw2jOvpKcKtWCSAnegEbgsGYzATKjmPJPJ0npHFqzM=
68 -----END CERTIFICATE-----
69 """.strip()
70
71.. doctest::
72
73 >>> from cryptography.x509 import load_pem_x509_certificate
74 >>> from cryptography.hazmat.backends import default_backend
75 >>> cert = load_pem_x509_certificate(pem_data, default_backend())
76 >>> cert.serial
77 2
78
79Support Classes
80~~~~~~~~~~~~~~~
81
82.. class:: X509Version
83
84 .. versionadded:: 0.7
85
86 An enumeration for X.509 versions.
87
88 .. attribute:: v1
89
90 For version 1 X.509 certificates.
91
92 .. attribute:: v3
93
94 For version 3 X.509 certificates.
95
Paul Kehrera68fd332014-11-27 07:08:40 -1000[diff] [blame]96.. class:: InvalidX509Version
97
98 This is raised when an X.509 certificate has an invalid version number.
Paul Kehrer016e08a2014-11-26 09:41:18 -1000[diff] [blame]99
100
101.. _`public key infrastructure`: https://en.wikipedia.org/wiki/Public_key_infrastructure
Paul Kehrera68fd332014-11-27 07:08:40 -1000[diff] [blame]102.. _`TLS`: https://en.wikipedia.org/wiki/Transport_Layer_Security