Blame - src/crypto/x509.c - platform/external/python/pyopenssl

blob: 13a4c71b6617ef11df3a1f58c52060a536054fa2 [file] [log] [blame]

Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	1	/*
				2	* x509.c
				3	*
				4	* Copyright (C) AB Strakt 2001, All rights reserved
				5	*
				6	* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
				7	* See the file RATIONALE for a short explanation of why this module was written.
				8	*
				9	* Reviewed 2001-07-23
				10	*/
				11	#include <Python.h>
				12	#define crypto_MODULE
				13	#include "crypto.h"
				14
				15	static char *CVSid = "@(#) $Id: x509.c,v 1.20 2004/08/10 10:37:31 martin Exp $";
				16
				17	/*
				18	* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
				19	* http://www.openssl.org/ for more information
				20	*/
				21
				22	static char crypto_X509_get_version_doc[] = "\n\
				23	Return version number of the certificate\n\
				24	\n\
				25	Arguments: self - The X509 object\n\
				26	args - The Python argument tuple, should be empty\n\
				27	Returns: Version number as a Python integer\n\
				28	";
				29
				30	static PyObject *
				31	crypto_X509_get_version(crypto_X509Obj self, PyObject args)
				32	{
				33	if (!PyArg_ParseTuple(args, ":get_version"))
				34	return NULL;
				35
				36	return PyInt_FromLong((long)X509_get_version(self->x509));
				37	}
				38
				39	static char crypto_X509_set_version_doc[] = "\n\
				40	Set version number of the certificate\n\
				41	\n\
				42	Arguments: self - The X509 object\n\
				43	args - The Python argument tuple, should be:\n\
				44	version - The version number\n\
				45	Returns: None\n\
				46	";
				47
				48	static PyObject *
				49	crypto_X509_set_version(crypto_X509Obj self, PyObject args)
				50	{
				51	int version;
				52
				53	if (!PyArg_ParseTuple(args, "i:set_version", &version))
				54	return NULL;
				55
				56	X509_set_version(self->x509, version);
				57
				58	Py_INCREF(Py_None);
				59	return Py_None;
				60	}
				61
				62	static char crypto_X509_get_serial_number_doc[] = "\n\
				63	Return serial number of the certificate\n\
				64	\n\
				65	Arguments: self - The X509 object\n\
				66	args - The Python argument tuple, should be empty\n\
				67	Returns: Serial number as a Python integer\n\
				68	";
				69
				70	static PyObject *
				71	crypto_X509_get_serial_number(crypto_X509Obj self, PyObject args)
				72	{
				73	ASN1_INTEGER *asn1_i;
				74
				75	if (!PyArg_ParseTuple(args, ":get_serial_number"))
				76	return NULL;
				77
				78	asn1_i = X509_get_serialNumber(self->x509);
				79	return PyInt_FromLong(ASN1_INTEGER_get(asn1_i));
				80	}
				81
				82	static char crypto_X509_set_serial_number_doc[] = "\n\
				83	Set serial number of the certificate\n\
				84	\n\
				85	Arguments: self - The X509 object\n\
				86	args - The Python argument tuple, should be:\n\
				87	serial - The serial number\n\
				88	Returns: None\n\
				89	";
				90
				91	static PyObject *
				92	crypto_X509_set_serial_number(crypto_X509Obj self, PyObject args)
				93	{
				94	long serial;
				95
				96	if (!PyArg_ParseTuple(args, "l:set_serial_number", &serial))
				97	return NULL;
				98
				99	ASN1_INTEGER_set(X509_get_serialNumber(self->x509), serial);
				100
				101	Py_INCREF(Py_None);
				102	return Py_None;
				103	}
				104
				105	static char crypto_X509_get_issuer_doc[] = "\n\
				106	Create an X509Name object for the issuer of the certificate\n\
				107	\n\
				108	Arguments: self - The X509 object\n\
				109	args - The Python argument tuple, should be empty\n\
				110	Returns: An X509Name object\n\
				111	";
				112
				113	static PyObject *
				114	crypto_X509_get_issuer(crypto_X509Obj self, PyObject args)
				115	{
				116	crypto_X509NameObj *pyname;
				117	X509_NAME *name;
				118
				119	if (!PyArg_ParseTuple(args, ":get_issuer"))
				120	return NULL;
				121
				122	name = X509_get_issuer_name(self->x509);
				123	pyname = crypto_X509Name_New(name, 0);
				124	if (pyname != NULL)
				125	{
				126	pyname->parent_cert = (PyObject *)self;
				127	Py_INCREF(self);
				128	}
				129	return (PyObject *)pyname;
				130	}
				131
				132	static char crypto_X509_set_issuer_doc[] = "\n\
				133	Set the issuer of the certificate\n\
				134	\n\
				135	Arguments: self - The X509 object\n\
				136	args - The Python argument tuple, should be:\n\
				137	issuer - The issuer name\n\
				138	Returns: None\n\
				139	";
				140
				141	static PyObject *
				142	crypto_X509_set_issuer(crypto_X509Obj self, PyObject args)
				143	{
				144	crypto_X509NameObj *issuer;
				145
				146	if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
				147	&issuer))
				148	return NULL;
				149
				150	if (!X509_set_issuer_name(self->x509, issuer->x509_name))
				151	{
				152	exception_from_error_queue();
				153	return NULL;
				154	}
				155
				156	Py_INCREF(Py_None);
				157	return Py_None;
				158	}
				159
				160	static char crypto_X509_get_subject_doc[] = "\n\
				161	Create an X509Name object for the subject of the certificate\n\
				162	\n\
				163	Arguments: self - The X509 object\n\
				164	args - The Python argument tuple, should be empty\n\
				165	Returns: An X509Name object\n\
				166	";
				167
				168	static PyObject *
				169	crypto_X509_get_subject(crypto_X509Obj self, PyObject args)
				170	{
				171	crypto_X509NameObj *pyname;
				172	X509_NAME *name;
				173
				174	if (!PyArg_ParseTuple(args, ":get_subject"))
				175	return NULL;
				176
				177	name = X509_get_subject_name(self->x509);
				178	pyname = crypto_X509Name_New(name, 0);
				179	if (pyname != NULL)
				180	{
				181	pyname->parent_cert = (PyObject *)self;
				182	Py_INCREF(self);
				183	}
				184	return (PyObject *)pyname;
				185	}
				186
				187	static char crypto_X509_set_subject_doc[] = "\n\
				188	Set the subject of the certificate\n\
				189	\n\
				190	Arguments: self - The X509 object\n\
				191	args - The Python argument tuple, should be:\n\
				192	subject - The subject name\n\
				193	Returns: None\n\
				194	";
				195
				196	static PyObject *
				197	crypto_X509_set_subject(crypto_X509Obj self, PyObject args)
				198	{
				199	crypto_X509NameObj *subject;
				200
				201	if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
				202	&subject))
				203	return NULL;
				204
				205	if (!X509_set_subject_name(self->x509, subject->x509_name))
				206	{
				207	exception_from_error_queue();
				208	return NULL;
				209	}
				210
				211	Py_INCREF(Py_None);
				212	return Py_None;
				213	}
				214
				215	static char crypto_X509_get_pubkey_doc[] = "\n\
				216	Get the public key of the certificate\n\
				217	\n\
				218	Arguments: self - The X509 object\n\
				219	args - The Python argument tuple, should be empty\n\
				220	Returns: The public key\n\
				221	";
				222
				223	static PyObject *
				224	crypto_X509_get_pubkey(crypto_X509Obj self, PyObject args)
				225	{
				226	crypto_PKeyObj crypto_PKey_New(EVP_PKEY , int);
				227	EVP_PKEY *pkey;
				228
				229	if (!PyArg_ParseTuple(args, ":get_pubkey"))
				230	return NULL;
				231
				232	if ((pkey = X509_get_pubkey(self->x509)) == NULL)
				233	{
				234	exception_from_error_queue();
				235	return NULL;
				236	}
				237
Jean-Paul Calderone	19555b9	2008-02-19 22:29:57 -0500	[diff] [blame^]	238	return (PyObject *)crypto_PKey_New(pkey, 1);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	239	}
				240
				241	static char crypto_X509_set_pubkey_doc[] = "\n\
				242	Set the public key of the certificate\n\
				243	\n\
				244	Arguments: self - The X509 object\n\
				245	args - The Python argument tuple, should be:\n\
				246	pkey - The public key\n\
				247	Returns: None\n\
				248	";
				249
				250	static PyObject *
				251	crypto_X509_set_pubkey(crypto_X509Obj self, PyObject args)
				252	{
				253	crypto_PKeyObj *pkey;
				254
				255	if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
				256	return NULL;
				257
				258	if (!X509_set_pubkey(self->x509, pkey->pkey))
				259	{
				260	exception_from_error_queue();
				261	return NULL;
				262	}
				263
				264	Py_INCREF(Py_None);
				265	return Py_None;
				266	}
				267
				268	static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
				269	Adjust the time stamp for when the certificate starts being valid\n\
				270	\n\
				271	Arguments: self - The X509 object\n\
				272	args - The Python argument tuple, should be:\n\
				273	i - The adjustment\n\
				274	Returns: None\n\
				275	";
				276
				277	static PyObject *
				278	crypto_X509_gmtime_adj_notBefore(crypto_X509Obj self, PyObject args)
				279	{
				280	long i;
				281
				282	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &i))
				283	return NULL;
				284
				285	X509_gmtime_adj(X509_get_notBefore(self->x509), i);
				286
				287	Py_INCREF(Py_None);
				288	return Py_None;
				289	}
				290
				291	static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
				292	Adjust the time stamp for when the certificate stops being valid\n\
				293	\n\
				294	Arguments: self - The X509 object\n\
				295	args - The Python argument tuple, should be:\n\
				296	i - The adjustment\n\
				297	Returns: None\n\
				298	";
				299
				300	static PyObject *
				301	crypto_X509_gmtime_adj_notAfter(crypto_X509Obj self, PyObject args)
				302	{
				303	long i;
				304
				305	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &i))
				306	return NULL;
				307
				308	X509_gmtime_adj(X509_get_notAfter(self->x509), i);
				309
				310	Py_INCREF(Py_None);
				311	return Py_None;
				312	}
				313
				314	static char crypto_X509_sign_doc[] = "\n\
				315	Sign the certificate using the supplied key and digest\n\
				316	\n\
				317	Arguments: self - The X509 object\n\
				318	args - The Python argument tuple, should be:\n\
				319	pkey - The key to sign with\n\
				320	digest - The message digest to use\n\
				321	Returns: None\n\
				322	";
				323
				324	static PyObject *
				325	crypto_X509_sign(crypto_X509Obj self, PyObject args)
				326	{
				327	crypto_PKeyObj *pkey;
				328	char *digest_name;
				329	const EVP_MD *digest;
				330
				331	if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
				332	&digest_name))
				333	return NULL;
				334
				335	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				336	{
				337	PyErr_SetString(PyExc_ValueError, "No such digest method");
				338	return NULL;
				339	}
				340
				341	if (!X509_sign(self->x509, pkey->pkey, digest))
				342	{
				343	exception_from_error_queue();
				344	return NULL;
				345	}
				346
				347	Py_INCREF(Py_None);
				348	return Py_None;
				349	}
				350
				351	static char crypto_X509_has_expired_doc[] = "\n\
				352	Check whether the certificate has expired.\n\
				353	\n\
				354	Arguments: self - The X509 object\n\
				355	args - The Python argument tuple, should be empty\n\
				356	Returns: True if the certificate has expired, false otherwise\n\
				357	";
				358
				359	static PyObject *
				360	crypto_X509_has_expired(crypto_X509Obj self, PyObject args)
				361	{
				362	time_t tnow;
				363
				364	if (!PyArg_ParseTuple(args, ":has_expired"))
				365	return NULL;
				366
				367	tnow = time(NULL);
				368	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
				369	return PyInt_FromLong(1L);
				370	else
				371	return PyInt_FromLong(0L);
				372	}
				373
				374	static char crypto_X509_subject_name_hash_doc[] = "\n\
				375	Return the hash of the X509 subject.\n\
				376	\n\
				377	Arguments: self - The X509 object\n\
				378	args - The Python argument tuple, should be empty\n\
				379	Returns: The hash of the subject\n\
				380	";
				381
				382	static PyObject *
				383	crypto_X509_subject_name_hash(crypto_X509Obj self, PyObject args)
				384	{
				385	if (!PyArg_ParseTuple(args, ":subject_name_hash"))
				386	return NULL;
				387
				388	return PyLong_FromLong(X509_subject_name_hash(self->x509));
				389	}
				390
				391	static char crypto_X509_digest_doc[] = "\n\
				392	Return the digest of the X509 object.\n\
				393	\n\
				394	Arguments: self - The X509 object\n\
				395	args - The Python argument tuple, should be empty\n\
				396	Returns: The digest of the object\n\
				397	";
				398
				399	static PyObject *
				400	crypto_X509_digest(crypto_X509Obj self, PyObject args)
				401	{
				402	unsigned char fp[EVP_MAX_MD_SIZE];
				403	char *tmp;
				404	char *digest_name;
				405	int len,i;
				406	PyObject *ret;
				407	const EVP_MD *digest;
				408
				409	if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
				410	return NULL;
				411
				412	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				413	{
				414	PyErr_SetString(PyExc_ValueError, "No such digest method");
				415	return NULL;
				416	}
				417
				418	if (!X509_digest(self->x509,digest,fp,&len))
				419	{
				420	exception_from_error_queue();
				421	}
				422	tmp = malloc(3*len+1);
				423	memset(tmp, 0, 3*len+1);
				424	for (i = 0; i < len; i++) {
				425	sprintf(tmp+i*3,"%02X:",fp[i]);
				426	}
				427	tmp[3*len-1] = 0;
				428	ret = PyString_FromStringAndSize(tmp,3*len-1);
				429	free(tmp);
				430	return ret;
				431	}
				432
				433
				434	static char crypto_X509_add_extensions_doc[] = "\n\
				435	Add extensions to the certificate.\n\
				436	\n\
				437	Arguments: self - X509 object\n\
				438	args - The Python argument tuple, should be:\n\
				439	extensions - a sequence of X509Extension objects\n\
				440	Returns: None\n\
				441	";
				442
				443	static PyObject *
				444	crypto_X509_add_extensions(crypto_X509Obj self, PyObject args)
				445	{
				446	PyObject extensions, seq;
				447	crypto_X509ExtensionObj *ext;
				448	int nr_of_extensions, i;
				449
				450	if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
				451	return NULL;
				452
				453	seq = PySequence_Fast(extensions, "Expected a sequence");
				454	if (seq == NULL)
				455	return NULL;
				456
				457	nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
				458
				459	for (i = 0; i < nr_of_extensions; i++)
				460	{
				461	ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
				462	if (!crypto_X509Extension_Check(ext))
				463	{
				464	Py_DECREF(seq);
				465	PyErr_SetString(PyExc_ValueError,
				466	"One of the elements is not an X509Extension");
				467	return NULL;
				468	}
				469	if (!X509_add_ext(self->x509, ext->x509_extension, -1))
				470	{
				471	Py_DECREF(seq);
				472	exception_from_error_queue();
				473	return NULL;
				474	}
				475	}
				476
				477	Py_INCREF(Py_None);
				478	return Py_None;
				479	}
				480
				481	/*
				482	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
				483	* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
				484	* for convenience
				485	*/
				486	#define ADD_METHOD(name) \
				487	{ #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
				488	static PyMethodDef crypto_X509_methods[] =
				489	{
				490	ADD_METHOD(get_version),
				491	ADD_METHOD(set_version),
				492	ADD_METHOD(get_serial_number),
				493	ADD_METHOD(set_serial_number),
				494	ADD_METHOD(get_issuer),
				495	ADD_METHOD(set_issuer),
				496	ADD_METHOD(get_subject),
				497	ADD_METHOD(set_subject),
				498	ADD_METHOD(get_pubkey),
				499	ADD_METHOD(set_pubkey),
				500	ADD_METHOD(gmtime_adj_notBefore),
				501	ADD_METHOD(gmtime_adj_notAfter),
				502	ADD_METHOD(sign),
				503	ADD_METHOD(has_expired),
				504	ADD_METHOD(subject_name_hash),
				505	ADD_METHOD(digest),
				506	ADD_METHOD(add_extensions),
				507	{ NULL, NULL }
				508	};
				509	#undef ADD_METHOD
				510
				511
				512	/*
				513	* Constructor for X509 objects, never called by Python code directly
				514	*
				515	* Arguments: cert - A "real" X509 certificate object
				516	* dealloc - Boolean value to specify whether the destructor should
				517	* free the "real" X509 object
				518	* Returns: The newly created X509 object
				519	*/
				520	crypto_X509Obj *
				521	crypto_X509_New(X509 *cert, int dealloc)
				522	{
				523	crypto_X509Obj *self;
				524
				525	self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
				526
				527	if (self == NULL)
				528	return NULL;
				529
				530	self->x509 = cert;
				531	self->dealloc = dealloc;
				532
				533	return self;
				534	}
				535
				536	/*
				537	* Deallocate the memory used by the X509 object
				538	*
				539	* Arguments: self - The X509 object
				540	* Returns: None
				541	*/
				542	static void
				543	crypto_X509_dealloc(crypto_X509Obj *self)
				544	{
				545	/* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
				546	if (self->dealloc)
				547	X509_free(self->x509);
				548
				549	PyObject_Del(self);
				550	}
				551
				552	/*
				553	* Find attribute
				554	*
				555	* Arguments: self - The X509 object
				556	* name - The attribute name
				557	* Returns: A Python object for the attribute, or NULL if something went
				558	* wrong
				559	*/
				560	static PyObject *
				561	crypto_X509_getattr(crypto_X509Obj self, char name)
				562	{
				563	return Py_FindMethod(crypto_X509_methods, (PyObject *)self, name);
				564	}
				565
				566	PyTypeObject crypto_X509_Type = {
				567	PyObject_HEAD_INIT(NULL)
				568	0,
				569	"X509",
				570	sizeof(crypto_X509Obj),
				571	0,
				572	(destructor)crypto_X509_dealloc,
				573	NULL, /* print */
				574	(getattrfunc)crypto_X509_getattr,
				575	};
				576
				577	/*
				578	* Initialize the X509 part of the crypto sub module
				579	*
				580	* Arguments: dict - The crypto module dictionary
				581	* Returns: None
				582	*/
				583	int
				584	init_crypto_x509(PyObject *dict)
				585	{
				586	crypto_X509_Type.ob_type = &PyType_Type;
				587	Py_INCREF(&crypto_X509_Type);
				588	PyDict_SetItemString(dict, "X509Type", (PyObject *)&crypto_X509_Type);
				589	return 1;
				590	}
				591