Modules/_ssl/cert.c - platform/external/python/cpython3 - Gitiles

 #include "Python.h"
 #include "../_ssl.h"

 #include "openssl/err.h"
 #include "openssl/bio.h"
 #include "openssl/pem.h"
 #include "openssl/x509.h"

 /*[clinic input]
 module _ssl
 class _ssl.Certificate "PySSLCertificate *" "PySSLCertificate_Type"
 [clinic start generated code]*/
 /*[clinic end generated code: output=da39a3ee5e6b4b0d input=780fc647948cfffc]*/

 #include "clinic/cert.c.h"

 static PyObject *
 newCertificate(PyTypeObject *type, X509 *cert, int upref)
 {
     PySSLCertificate *self;

     assert(type != NULL && type->tp_alloc != NULL);
     assert(cert != NULL);

     self = (PySSLCertificate *) type->tp_alloc(type, 0);
     if (self == NULL) {
         return NULL;
     }
     if (upref == 1) {
         X509_up_ref(cert);
     }
     self->cert = cert;
     self->hash = -1;

     return (PyObject *) self;
 }

 static PyObject *
 _PySSL_CertificateFromX509(_sslmodulestate *state, X509 *cert, int upref)
 {
     return newCertificate(state->PySSLCertificate_Type, cert, upref);
 }

 static PyObject*
 _PySSL_CertificateFromX509Stack(_sslmodulestate *state, STACK_OF(X509) *stack, int upref)
 {
     int len, i;
     PyObject *result = NULL;

     len = sk_X509_num(stack);
     result = PyList_New(len);
     if (result == NULL) {
         return NULL;
     }
     for (i = 0; i < len; i++) {
         X509 *cert = sk_X509_value(stack, i);
         PyObject *ocert = _PySSL_CertificateFromX509(state, cert, upref);
         if (ocert == NULL) {
             Py_DECREF(result);
             return NULL;
         }
         PyList_SetItem(result, i, ocert);
     }
     return result;
 }

 /*[clinic input]
 _ssl.Certificate.public_bytes
     format: int(c_default="PY_SSL_ENCODING_PEM") = Encoding.PEM

 [clinic start generated code]*/

 static PyObject *
 _ssl_Certificate_public_bytes_impl(PySSLCertificate *self, int format)
 /*[clinic end generated code: output=c01ddbb697429e12 input=4d38c45e874b0e64]*/
 {
     BIO *bio;
     int retcode;
     PyObject *result;
     _sslmodulestate *state = get_state_cert(self);

     bio = BIO_new(BIO_s_mem());
     if (bio == NULL) {
         PyErr_SetString(state->PySSLErrorObject,
                         "failed to allocate BIO");
         return NULL;
     }
     switch(format) {
     case PY_SSL_ENCODING_PEM:
         retcode = PEM_write_bio_X509(bio, self->cert);
         break;
     case PY_SSL_ENCODING_PEM_AUX:
         retcode = PEM_write_bio_X509_AUX(bio, self->cert);
         break;
     case PY_SSL_ENCODING_DER:
         retcode = i2d_X509_bio(bio, self->cert);
         break;
     default:
         PyErr_SetString(PyExc_ValueError, "Unsupported format");
         BIO_free(bio);
         return NULL;
     }
     if (retcode != 1) {
         BIO_free(bio);
         _setSSLError(state, NULL, 0, __FILE__, __LINE__);
         return NULL;
     }
     if (format == PY_SSL_ENCODING_DER) {
         result = _PySSL_BytesFromBIO(state, bio);
     } else {
         result = _PySSL_UnicodeFromBIO(state, bio, "error");
     }
     BIO_free(bio);
     return result;
 }


 /*[clinic input]
 _ssl.Certificate.get_info

 [clinic start generated code]*/

 static PyObject *
 _ssl_Certificate_get_info_impl(PySSLCertificate *self)
 /*[clinic end generated code: output=0f0deaac54f4408b input=ba2c1694b39d0778]*/
 {
     return _decode_certificate(get_state_cert(self), self->cert);
 }

 static PyObject*
 _x509name_print(_sslmodulestate *state, X509_NAME *name, int indent, unsigned long flags)
 {
     PyObject *res;
     BIO *biobuf;

     biobuf = BIO_new(BIO_s_mem());
     if (biobuf == NULL) {
         PyErr_SetString(PyExc_MemoryError, "failed to allocate BIO");
         return NULL;
     }

     if (X509_NAME_print_ex(biobuf, name, indent, flags) <= 0) {
         _setSSLError(state, NULL, 0, __FILE__, __LINE__);
         BIO_free(biobuf);
         return NULL;
     }
     res = _PySSL_UnicodeFromBIO(state, biobuf, "strict");
     BIO_free(biobuf);
     return res;
 }

 /* ************************************************************************
  * PySSLCertificate_Type
  */

 static PyObject *
 certificate_repr(PySSLCertificate *self)
 {
     PyObject *osubject, *result;

     /* subject string is ASCII encoded, UTF-8 chars are quoted */
     osubject = _x509name_print(
         get_state_cert(self),
         X509_get_subject_name(self->cert),
         0,
         XN_FLAG_RFC2253
     );
     if (osubject == NULL)
         return NULL;
     result = PyUnicode_FromFormat(
         "<%s '%U'>",
         Py_TYPE(self)->tp_name, osubject
     );
     Py_DECREF(osubject);
     return result;
 }

 static Py_hash_t
 certificate_hash(PySSLCertificate *self)
 {
     if (self->hash == (Py_hash_t)-1) {
         unsigned long hash;
         hash = X509_subject_name_hash(self->cert);
         if ((Py_hash_t)hash == (Py_hash_t)-1) {
             self->hash = -2;
         } else {
             self->hash = (Py_hash_t)hash;
         }
     }
     return self->hash;
 }

 static PyObject *
 certificate_richcompare(PySSLCertificate *self, PyObject *other, int op)
 {
     int cmp;
     _sslmodulestate *state = get_state_cert(self);

     if (Py_TYPE(other) != state->PySSLCertificate_Type) {
         Py_RETURN_NOTIMPLEMENTED;
     }
     /* only support == and != */
     if ((op != Py_EQ) && (op != Py_NE)) {
         Py_RETURN_NOTIMPLEMENTED;
     }
     cmp = X509_cmp(self->cert, ((PySSLCertificate*)other)->cert);
     if (((op == Py_EQ) && (cmp == 0)) || ((op == Py_NE) && (cmp != 0))) {
         Py_RETURN_TRUE;
     } else {
         Py_RETURN_FALSE;
     }
 }

 static void
 certificate_dealloc(PySSLCertificate *self)
 {
     PyTypeObject *tp = Py_TYPE(self);
     X509_free(self->cert);
     Py_TYPE(self)->tp_free(self);
     Py_DECREF(tp);
 }

 static PyMethodDef certificate_methods[] = {
     /* methods */
     _SSL_CERTIFICATE_PUBLIC_BYTES_METHODDEF
     _SSL_CERTIFICATE_GET_INFO_METHODDEF
     {NULL, NULL}
 };

 static PyType_Slot PySSLCertificate_slots[] = {
     {Py_tp_dealloc, certificate_dealloc},
     {Py_tp_repr, certificate_repr},
     {Py_tp_hash, certificate_hash},
     {Py_tp_richcompare, certificate_richcompare},
     {Py_tp_methods, certificate_methods},
     {0, 0},
 };

 static PyType_Spec PySSLCertificate_spec = {
     "_ssl.Certificate",
     sizeof(PySSLCertificate),
     0,
     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION | Py_TPFLAGS_IMMUTABLETYPE,
     PySSLCertificate_slots,
 };
	#include "Python.h"
	#include "../_ssl.h"

	#include "openssl/err.h"
	#include "openssl/bio.h"
	#include "openssl/pem.h"
	#include "openssl/x509.h"

	/*[clinic input]
	module _ssl
	class _ssl.Certificate "PySSLCertificate *" "PySSLCertificate_Type"
	[clinic start generated code]*/
	/[clinic end generated code: output=da39a3ee5e6b4b0d input=780fc647948cfffc]/

	#include "clinic/cert.c.h"

	static PyObject *
	newCertificate(PyTypeObject type, X509 cert, int upref)
	{
	PySSLCertificate *self;

	assert(type != NULL && type->tp_alloc != NULL);
	assert(cert != NULL);

	self = (PySSLCertificate *) type->tp_alloc(type, 0);
	if (self == NULL) {
	return NULL;
	}
	if (upref == 1) {
	X509_up_ref(cert);
	}
	self->cert = cert;
	self->hash = -1;

	return (PyObject *) self;
	}

	static PyObject *
	_PySSL_CertificateFromX509(_sslmodulestate state, X509 cert, int upref)
	{
	return newCertificate(state->PySSLCertificate_Type, cert, upref);
	}

	static PyObject*
	_PySSL_CertificateFromX509Stack(_sslmodulestate state, STACK_OF(X509) stack, int upref)
	{
	int len, i;
	PyObject *result = NULL;

	len = sk_X509_num(stack);
	result = PyList_New(len);
	if (result == NULL) {
	return NULL;
	}
	for (i = 0; i < len; i++) {
	X509 *cert = sk_X509_value(stack, i);
	PyObject *ocert = _PySSL_CertificateFromX509(state, cert, upref);
	if (ocert == NULL) {
	Py_DECREF(result);
	return NULL;
	}
	PyList_SetItem(result, i, ocert);
	}
	return result;
	}

	/*[clinic input]
	_ssl.Certificate.public_bytes
	format: int(c_default="PY_SSL_ENCODING_PEM") = Encoding.PEM

	[clinic start generated code]*/

	static PyObject *
	_ssl_Certificate_public_bytes_impl(PySSLCertificate *self, int format)
	/[clinic end generated code: output=c01ddbb697429e12 input=4d38c45e874b0e64]/
	{
	BIO *bio;
	int retcode;
	PyObject *result;
	_sslmodulestate *state = get_state_cert(self);

	bio = BIO_new(BIO_s_mem());
	if (bio == NULL) {
	PyErr_SetString(state->PySSLErrorObject,
	"failed to allocate BIO");
	return NULL;
	}
	switch(format) {
	case PY_SSL_ENCODING_PEM:
	retcode = PEM_write_bio_X509(bio, self->cert);
	break;
	case PY_SSL_ENCODING_PEM_AUX:
	retcode = PEM_write_bio_X509_AUX(bio, self->cert);
	break;
	case PY_SSL_ENCODING_DER:
	retcode = i2d_X509_bio(bio, self->cert);
	break;
	default:
	PyErr_SetString(PyExc_ValueError, "Unsupported format");
	BIO_free(bio);
	return NULL;
	}
	if (retcode != 1) {
	BIO_free(bio);
	_setSSLError(state, NULL, 0, __FILE__, __LINE__);
	return NULL;
	}
	if (format == PY_SSL_ENCODING_DER) {
	result = _PySSL_BytesFromBIO(state, bio);
	} else {
	result = _PySSL_UnicodeFromBIO(state, bio, "error");
	}
	BIO_free(bio);
	return result;
	}


	/*[clinic input]
	_ssl.Certificate.get_info

	[clinic start generated code]*/

	static PyObject *
	_ssl_Certificate_get_info_impl(PySSLCertificate *self)
	/[clinic end generated code: output=0f0deaac54f4408b input=ba2c1694b39d0778]/
	{
	return _decode_certificate(get_state_cert(self), self->cert);
	}

	static PyObject*
	_x509name_print(_sslmodulestate state, X509_NAME name, int indent, unsigned long flags)
	{
	PyObject *res;
	BIO *biobuf;

	biobuf = BIO_new(BIO_s_mem());
	if (biobuf == NULL) {
	PyErr_SetString(PyExc_MemoryError, "failed to allocate BIO");
	return NULL;
	}

	if (X509_NAME_print_ex(biobuf, name, indent, flags) <= 0) {
	_setSSLError(state, NULL, 0, __FILE__, __LINE__);
	BIO_free(biobuf);
	return NULL;
	}
	res = _PySSL_UnicodeFromBIO(state, biobuf, "strict");
	BIO_free(biobuf);
	return res;
	}

	/* ************************************************************************
	* PySSLCertificate_Type
	*/

	static PyObject *
	certificate_repr(PySSLCertificate *self)
	{
	PyObject osubject, result;

	/* subject string is ASCII encoded, UTF-8 chars are quoted */
	osubject = _x509name_print(
	get_state_cert(self),
	X509_get_subject_name(self->cert),
	0,
	XN_FLAG_RFC2253
	);
	if (osubject == NULL)
	return NULL;
	result = PyUnicode_FromFormat(
	"<%s '%U'>",
	Py_TYPE(self)->tp_name, osubject
	);
	Py_DECREF(osubject);
	return result;
	}

	static Py_hash_t
	certificate_hash(PySSLCertificate *self)
	{
	if (self->hash == (Py_hash_t)-1) {
	unsigned long hash;
	hash = X509_subject_name_hash(self->cert);
	if ((Py_hash_t)hash == (Py_hash_t)-1) {
	self->hash = -2;
	} else {
	self->hash = (Py_hash_t)hash;
	}
	}
	return self->hash;
	}

	static PyObject *
	certificate_richcompare(PySSLCertificate self, PyObject other, int op)
	{
	int cmp;
	_sslmodulestate *state = get_state_cert(self);

	if (Py_TYPE(other) != state->PySSLCertificate_Type) {
	Py_RETURN_NOTIMPLEMENTED;
	}
	/* only support == and != */
	if ((op != Py_EQ) && (op != Py_NE)) {
	Py_RETURN_NOTIMPLEMENTED;
	}
	cmp = X509_cmp(self->cert, ((PySSLCertificate*)other)->cert);
	if (((op == Py_EQ) && (cmp == 0)) \|\| ((op == Py_NE) && (cmp != 0))) {
	Py_RETURN_TRUE;
	} else {
	Py_RETURN_FALSE;
	}
	}

	static void
	certificate_dealloc(PySSLCertificate *self)
	{
	PyTypeObject *tp = Py_TYPE(self);
	X509_free(self->cert);
	Py_TYPE(self)->tp_free(self);
	Py_DECREF(tp);
	}

	static PyMethodDef certificate_methods[] = {
	/* methods */
	_SSL_CERTIFICATE_PUBLIC_BYTES_METHODDEF
	_SSL_CERTIFICATE_GET_INFO_METHODDEF
	{NULL, NULL}
	};

	static PyType_Slot PySSLCertificate_slots[] = {
	{Py_tp_dealloc, certificate_dealloc},
	{Py_tp_repr, certificate_repr},
	{Py_tp_hash, certificate_hash},
	{Py_tp_richcompare, certificate_richcompare},
	{Py_tp_methods, certificate_methods},
	{0, 0},
	};

	static PyType_Spec PySSLCertificate_spec = {
	"_ssl.Certificate",
	sizeof(PySSLCertificate),
	0,
	Py_TPFLAGS_DEFAULT \| Py_TPFLAGS_DISALLOW_INSTANTIATION \| Py_TPFLAGS_IMMUTABLETYPE,
	PySSLCertificate_slots,
	};