Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 09654fe80485651048943099a0fecc65aa3bc7e8 / . / src / crypto / x509name.c
blob: 19c3fe049d1d44c4b88cd3189ce5e9bbab79d198 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * x509name.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]5 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]6 *
7 * X.509 Name handling, mostly thin wrapping.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 *
10 * Reviewed 2001-07-23
11 */
12#include <Python.h>
13#define crypto_MODULE
14#include "crypto.h"
15
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]16static PyMethodDef crypto_X509Name_methods[4];
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]17
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]18/*
19 * Constructor for X509Name, never called by Python code directly
20 *
21 * Arguments: name - A "real" X509_NAME object
22 * dealloc - Boolean value to specify whether the destructor should
23 * free the "real" X509_NAME object
24 * Returns: The newly created X509Name object
25 */
26crypto_X509NameObj *
27crypto_X509Name_New(X509_NAME *name, int dealloc)
28{
29 crypto_X509NameObj *self;
30
31 self = PyObject_GC_New(crypto_X509NameObj, &crypto_X509Name_Type);
32
33 if (self == NULL)
34 return NULL;
35
36 self->x509_name = name;
37 self->dealloc = dealloc;
38 self->parent_cert = NULL;
39
40 PyObject_GC_Track(self);
41 return self;
42}
43
44/*
45 * Return a name string given a X509_NAME object and a name identifier. Used
46 * by the getattr function.
47 *
48 * Arguments: name - The X509_NAME object
49 * nid - The name identifier
50 * Returns: The name as a Python string object
51 */
52static int
53get_name_by_nid(X509_NAME *name, int nid, char **utf8string)
54{
55 int entry_idx;
56 X509_NAME_ENTRY *entry;
57 ASN1_STRING *data;
58 int len;
59
60 if ((entry_idx = X509_NAME_get_index_by_NID(name, nid, -1)) == -1)
61 {
62 return 0;
63 }
64 entry = X509_NAME_get_entry(name, entry_idx);
65 data = X509_NAME_ENTRY_get_data(entry);
66 if ((len = ASN1_STRING_to_UTF8((unsigned char **)utf8string, data)) < 0)
67 {
68 exception_from_error_queue();
69 return -1;
70 }
71
72 return len;
73}
74
75/*
76 * Given a X509_NAME object and a name identifier, set the corresponding
77 * attribute to the given string. Used by the setattr function.
78 *
79 * Arguments: name - The X509_NAME object
80 * nid - The name identifier
81 * value - The string to set
82 * Returns: 0 for success, -1 on failure
83 */
84static int
85set_name_by_nid(X509_NAME *name, int nid, char *utf8string)
86{
87 X509_NAME_ENTRY *ne;
88 int i, entry_count, temp_nid;
89
90 /* If there's an old entry for this NID, remove it */
91 entry_count = X509_NAME_entry_count(name);
92 for (i = 0; i < entry_count; i++)
93 {
94 ne = X509_NAME_get_entry(name, i);
95 temp_nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(ne));
96 if (temp_nid == nid)
97 {
98 ne = X509_NAME_delete_entry(name, i);
99 X509_NAME_ENTRY_free(ne);
100 break;
101 }
102 }
103
104 /* Add the new entry */
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]105 if (!X509_NAME_add_entry_by_NID(name, nid, MBSTRING_UTF8,
106 (unsigned char *)utf8string,
107 -1, -1, 0))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]108 {
109 exception_from_error_queue();
110 return -1;
111 }
112 return 0;
113}
114
115
116/*
117 * Find attribute. An X509Name object has the following attributes:
118 * countryName (alias C), stateOrProvince (alias ST), locality (alias L),
119 * organization (alias O), organizationalUnit (alias OU), commonName (alias
120 * CN) and more...
121 *
122 * Arguments: self - The X509Name object
123 * name - The attribute name
124 * Returns: A Python object for the attribute, or NULL if something went
125 * wrong
126 */
127static PyObject *
128crypto_X509Name_getattr(crypto_X509NameObj *self, char *name)
129{
130 int nid, len;
131 char *utf8string;
132
133 if ((nid = OBJ_txt2nid(name)) == NID_undef)
134 {
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]135 return Py_FindMethod(crypto_X509Name_methods, (PyObject *)self, name);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]136 }
137
138 len = get_name_by_nid(self->x509_name, nid, &utf8string);
139 if (len < 0)
140 return NULL;
141 else if (len == 0)
142 {
143 Py_INCREF(Py_None);
144 return Py_None;
145 }
Jean-Paul Calderone5b8c5ee2008-02-19 00:43:02 -0500[diff] [blame]146 else {
147 PyObject* result = PyUnicode_Decode(utf8string, len, "utf-8", NULL);
148 OPENSSL_free(utf8string);
149 return result;
150 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]151}
152
153/*
154 * Set attribute
155 *
156 * Arguments: self - The X509Name object
157 * name - The attribute name
158 * value - The value to set
159 */
160static int
161crypto_X509Name_setattr(crypto_X509NameObj *self, char *name, PyObject *value)
162{
163 int nid;
Jean-Paul Calderone7b0443a2008-02-19 00:25:30 -0500[diff] [blame]164 int result;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]165 char *buffer;
166
167 if ((nid = OBJ_txt2nid(name)) == NID_undef)
168 {
169 PyErr_SetString(PyExc_AttributeError, "No such attribute");
170 return -1;
171 }
172
173 /* Something of a hack to get nice unicode behaviour */
174 if (!PyArg_Parse(value, "es:setattr", "utf-8", &buffer))
175 return -1;
Jean-Paul Calderone5b8c5ee2008-02-19 00:43:02 -0500[diff] [blame]176
Jean-Paul Calderone7b0443a2008-02-19 00:25:30 -0500[diff] [blame]177 result = set_name_by_nid(self->x509_name, nid, buffer);
178 PyMem_Free(buffer);
179 return result;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]180}
181
182/*
183 * Compare two X509Name structures.
184 *
185 * Arguments: n - The first X509Name
186 * m - The second X509Name
187 * Returns: <0 if n < m, 0 if n == m and >0 if n > m
188 */
189static int
190crypto_X509Name_compare(crypto_X509NameObj *n, crypto_X509NameObj *m)
191{
Jean-Paul Calderonee098dc72008-03-06 18:36:19 -0500[diff] [blame]192 int result = X509_NAME_cmp(n->x509_name, m->x509_name);
193 if (result < 0) {
194 return -1;
195 } else if (result > 0) {
196 return 1;
Jean-Paul Calderone138a3122008-12-30 15:05:38 -0500[diff] [blame]197 } else {
Jean-Paul Calderonee098dc72008-03-06 18:36:19 -0500[diff] [blame]198 return 0;
Jean-Paul Calderone138a3122008-12-30 15:05:38 -0500[diff] [blame]199 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]200}
201
202/*
203 * String representation of an X509Name
204 *
205 * Arguments: self - The X509Name object
206 * Returns: A string representation of the object
207 */
208static PyObject *
209crypto_X509Name_repr(crypto_X509NameObj *self)
210{
211 char tmpbuf[512] = "";
212 char realbuf[512+64];
213
214 if (X509_NAME_oneline(self->x509_name, tmpbuf, 512) == NULL)
215 {
216 exception_from_error_queue();
217 return NULL;
218 }
219 else
220 {
221 /* This is safe because tmpbuf is max 512 characters */
222 sprintf(realbuf, "<X509Name object '%s'>", tmpbuf);
223 return PyString_FromString(realbuf);
224 }
225}
226
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]227static char crypto_X509Name_hash_doc[] = "\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]228Return the hash value of this name\n\
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]229\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]230@return: None\n\
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]231";
232
233/*
234 * First four bytes of the MD5 digest of the DER form of an X509Name.
235 *
236 * Arguments: self - The X509Name object
237 * Returns: An integer giving the hash.
238 */
239static PyObject *
240crypto_X509Name_hash(crypto_X509NameObj *self, PyObject* args)
241{
242 unsigned long hash;
243
244 if (!PyArg_ParseTuple(args, ":hash")) {
245 return NULL;
246 }
247 hash = X509_NAME_hash(self->x509_name);
248 return PyInt_FromLong(hash);
249}
250
Jean-Paul Calderonee957a002008-03-25 15:16:51 -0400[diff] [blame]251static char crypto_X509Name_der_doc[] = "\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]252Return the DER encoding of this name\n\
Jean-Paul Calderonee957a002008-03-25 15:16:51 -0400[diff] [blame]253\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]254@return: None\n\
Jean-Paul Calderonee957a002008-03-25 15:16:51 -0400[diff] [blame]255";
256
257/*
258 * Arguments: self - The X509Name object
259 * Returns: The DER form of an X509Name.
260 */
261static PyObject *
262crypto_X509Name_der(crypto_X509NameObj *self, PyObject *args)
263{
264 if (!PyArg_ParseTuple(args, ":der")) {
265 return NULL;
266 }
267
268 i2d_X509_NAME(self->x509_name, 0);
269 return PyString_FromStringAndSize(self->x509_name->bytes->data,
270 self->x509_name->bytes->length);
271}
272
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]273
Jean-Paul Calderonec54cc182008-03-26 21:11:07 -0400[diff] [blame]274static char crypto_X509Name_get_components_doc[] = "\n\
275Returns the split-up components of this name.\n\
276\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]277@return: List of tuples (name, value).\n\
Jean-Paul Calderonec54cc182008-03-26 21:11:07 -0400[diff] [blame]278";
279
280static PyObject *
281crypto_X509Name_get_components(crypto_X509NameObj *self, PyObject *args)
282{
283 int n, i;
284 X509_NAME *name = self->x509_name;
285 PyObject *list;
286
287 if (!PyArg_ParseTuple(args, ":get_components"))
288 return NULL;
289
290 n = X509_NAME_entry_count(name);
291 list = PyList_New(n);
292 for (i = 0; i < n; i++)
293 {
294 X509_NAME_ENTRY *ent;
295 ASN1_OBJECT *fname;
296 ASN1_STRING *fval;
297 int nid;
298 int l;
Jean-Paul Calderonec54cc182008-03-26 21:11:07 -0400[diff] [blame]299 unsigned char *str;
300 PyObject *tuple;
301
302 ent = X509_NAME_get_entry(name, i);
303
304 fname = X509_NAME_ENTRY_get_object(ent);
305 fval = X509_NAME_ENTRY_get_data(ent);
306
307 l = ASN1_STRING_length(fval);
308 str = ASN1_STRING_data(fval);
309
310 nid = OBJ_obj2nid(fname);
311
312 /* printf("fname is %s len=%d str=%s\n", OBJ_nid2sn(nid), l, str); */
313
314 tuple = PyTuple_New(2);
315 PyTuple_SetItem(tuple, 0, PyString_FromString(OBJ_nid2sn(nid)));
Jean-Paul Calderone28ebb302008-12-29 16:25:30 -0500[diff] [blame]316 PyTuple_SetItem(tuple, 1, PyString_FromStringAndSize((char *)str, l));
Jean-Paul Calderonec54cc182008-03-26 21:11:07 -0400[diff] [blame]317
318 PyList_SetItem(list, i, tuple);
319 }
320
321 return list;
322}
323
324
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]325/*
326 * Call the visitproc on all contained objects.
327 *
328 * Arguments: self - The Connection object
329 * visit - Function to call
330 * arg - Extra argument to visit
331 * Returns: 0 if all goes well, otherwise the return code from the first
332 * call that gave non-zero result.
333 */
334static int
335crypto_X509Name_traverse(crypto_X509NameObj *self, visitproc visit, void *arg)
336{
337 int ret = 0;
338
339 if (ret == 0 && self->parent_cert != NULL)
340 ret = visit(self->parent_cert, arg);
341 return ret;
342}
343
344/*
345 * Decref all contained objects and zero the pointers.
346 *
347 * Arguments: self - The Connection object
348 * Returns: Always 0.
349 */
350static int
351crypto_X509Name_clear(crypto_X509NameObj *self)
352{
353 Py_XDECREF(self->parent_cert);
354 self->parent_cert = NULL;
355 return 0;
356}
357
358/*
359 * Deallocate the memory used by the X509Name object
360 *
361 * Arguments: self - The X509Name object
362 * Returns: None
363 */
364static void
365crypto_X509Name_dealloc(crypto_X509NameObj *self)
366{
367 PyObject_GC_UnTrack(self);
368 /* Sometimes we don't have to dealloc this */
369 if (self->dealloc)
370 X509_NAME_free(self->x509_name);
371
372 crypto_X509Name_clear(self);
373
374 PyObject_GC_Del(self);
375}
376
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]377/*
378 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
379 * { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
380 * for convenience
381 */
382#define ADD_METHOD(name) \
383 { #name, (PyCFunction)crypto_X509Name_##name, METH_VARARGS, crypto_X509Name_##name##_doc }
384static PyMethodDef crypto_X509Name_methods[] =
385{
386 ADD_METHOD(hash),
Jean-Paul Calderonee957a002008-03-25 15:16:51 -0400[diff] [blame]387 ADD_METHOD(der),
Jean-Paul Calderonec54cc182008-03-26 21:11:07 -0400[diff] [blame]388 ADD_METHOD(get_components),
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]389 { NULL, NULL }
390};
391#undef ADD_METHOD
392
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]393PyTypeObject crypto_X509Name_Type = {
394 PyObject_HEAD_INIT(NULL)
395 0,
396 "X509Name",
397 sizeof(crypto_X509NameObj),
398 0,
399 (destructor)crypto_X509Name_dealloc,
400 NULL, /* print */
401 (getattrfunc)crypto_X509Name_getattr,
402 (setattrfunc)crypto_X509Name_setattr,
403 (cmpfunc)crypto_X509Name_compare,
404 (reprfunc)crypto_X509Name_repr,
405 NULL, /* as_number */
406 NULL, /* as_sequence */
407 NULL, /* as_mapping */
408 NULL, /* hash */
409 NULL, /* call */
410 NULL, /* str */
411 NULL, /* getattro */
412 NULL, /* setattro */
413 NULL, /* as_buffer */
Jean-Paul Calderone110cd092008-03-24 17:27:42 -0400[diff] [blame]414 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC, /* tp_flags */
415 NULL, /* tp_doc */
416 (traverseproc)crypto_X509Name_traverse, /* tp_traverse */
417 (inquiry)crypto_X509Name_clear, /* tp_clear */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]418};
419
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]420/*
421 * Initialize the X509Name part of the crypto module
422 *
423 * Arguments: dict - The crypto module dictionary
424 * Returns: None
425 */
426int
427init_crypto_x509name(PyObject *dict)
428{
429 crypto_X509Name_Type.ob_type = &PyType_Type;
430 Py_INCREF(&crypto_X509Name_Type);
431 PyDict_SetItemString(dict, "X509NameType", (PyObject *)&crypto_X509Name_Type);
432 return 1;
433}