Blame - OpenSSL/crypto/x509.c - platform/external/python/pyopenssl

blob: 73f5e08532fcd7b4eefaee88eea4de0b6853952e [file] [log] [blame]

Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	1	/*
				2	* x509.c
				3	*
				4	* Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone	8b63d45	2008-03-21 18:31:12 -0400	[diff] [blame]	5	* Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	6	*
				7	* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
				8	* See the file RATIONALE for a short explanation of why this module was written.
				9	*
				10	* Reviewed 2001-07-23
				11	*/
				12	#include <Python.h>
				13	#define crypto_MODULE
				14	#include "crypto.h"
				15
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	16	/*
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	17	* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
				18	* http://www.openssl.org/ for more information
				19	*/
				20
				21	static char crypto_X509_get_version_doc[] = "\n\
				22	Return version number of the certificate\n\
				23	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	24	@return: Version number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	25	";
				26
				27	static PyObject *
				28	crypto_X509_get_version(crypto_X509Obj self, PyObject args)
				29	{
				30	if (!PyArg_ParseTuple(args, ":get_version"))
				31	return NULL;
				32
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	33	return PyLong_FromLong((long)X509_get_version(self->x509));
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	34	}
				35
				36	static char crypto_X509_set_version_doc[] = "\n\
				37	Set version number of the certificate\n\
				38	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	39	@param version: The version number\n\
				40	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	41	";
				42
				43	static PyObject *
				44	crypto_X509_set_version(crypto_X509Obj self, PyObject args)
				45	{
				46	int version;
				47
				48	if (!PyArg_ParseTuple(args, "i:set_version", &version))
				49	return NULL;
				50
				51	X509_set_version(self->x509, version);
				52
				53	Py_INCREF(Py_None);
				54	return Py_None;
				55	}
				56
				57	static char crypto_X509_get_serial_number_doc[] = "\n\
				58	Return serial number of the certificate\n\
				59	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	60	@return: Serial number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	61	";
				62
				63	static PyObject *
				64	crypto_X509_get_serial_number(crypto_X509Obj self, PyObject args)
				65	{
				66	ASN1_INTEGER *asn1_i;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	67	BIGNUM *bignum;
				68	char *hex;
				69	PyObject *res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	70
				71	if (!PyArg_ParseTuple(args, ":get_serial_number"))
				72	return NULL;
				73
				74	asn1_i = X509_get_serialNumber(self->x509);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	75	bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
				76	hex = BN_bn2hex(bignum);
				77	res = PyLong_FromString(hex, NULL, 16);
				78	BN_free(bignum);
				79	free(hex);
				80	return res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	81	}
				82
				83	static char crypto_X509_set_serial_number_doc[] = "\n\
				84	Set serial number of the certificate\n\
				85	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	86	@param serial: The serial number\n\
				87	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	88	";
				89
				90	static PyObject *
				91	crypto_X509_set_serial_number(crypto_X509Obj self, PyObject args)
				92	{
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	93	long small_serial;
				94	PyObject *serial = NULL;
				95	PyObject *hex = NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	96	ASN1_INTEGER *asn1_i = NULL;
				97	BIGNUM *bignum = NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	98
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	99	if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	100	return NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	101	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	102
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	103	if (!PyLong_Check(serial)) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	104	PyErr_SetString(
				105	PyExc_TypeError, "serial number must be integer");
				106	goto err;
				107	}
				108
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	109	if ((hex = PyNumber_ToBase(serial, 16)) == NULL) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	110	goto err;
				111	}
				112
				113	/**
				114	* BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
				115	* it. If bignum is still NULL after this call, then the return value
				116	* is actually the result. I hope. -exarkun
				117	*/
Jean-Paul Calderone	0f31ec5	2010-08-11 22:56:42 -0400	[diff] [blame]	118	small_serial = BN_hex2bn(&bignum, _PyUnicode_AsString(hex));
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	119
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	120	Py_DECREF(hex);
				121	hex = NULL;
				122
				123	if (bignum == NULL) {
				124	if (ASN1_INTEGER_set(X509_get_serialNumber(self->x509), small_serial)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	125	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	126	goto err;
				127	}
				128	} else {
				129	asn1_i = BN_to_ASN1_INTEGER(bignum, NULL);
				130	BN_free(bignum);
				131	bignum = NULL;
				132	if (asn1_i == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	133	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	134	goto err;
				135	}
				136	if (!X509_set_serialNumber(self->x509, asn1_i)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	137	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	138	goto err;
				139	}
				140	ASN1_INTEGER_free(asn1_i);
				141	asn1_i = NULL;
				142	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	143
				144	Py_INCREF(Py_None);
				145	return Py_None;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	146
				147	err:
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	148	if (hex) {
				149	Py_DECREF(hex);
				150	}
				151	if (bignum) {
				152	BN_free(bignum);
				153	}
				154	if (asn1_i) {
				155	ASN1_INTEGER_free(asn1_i);
				156	}
				157	return NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	158	}
				159
				160	static char crypto_X509_get_issuer_doc[] = "\n\
				161	Create an X509Name object for the issuer of the certificate\n\
				162	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	163	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	164	";
				165
				166	static PyObject *
				167	crypto_X509_get_issuer(crypto_X509Obj self, PyObject args)
				168	{
				169	crypto_X509NameObj *pyname;
				170	X509_NAME *name;
				171
				172	if (!PyArg_ParseTuple(args, ":get_issuer"))
				173	return NULL;
				174
				175	name = X509_get_issuer_name(self->x509);
				176	pyname = crypto_X509Name_New(name, 0);
				177	if (pyname != NULL)
				178	{
				179	pyname->parent_cert = (PyObject *)self;
				180	Py_INCREF(self);
				181	}
				182	return (PyObject *)pyname;
				183	}
				184
				185	static char crypto_X509_set_issuer_doc[] = "\n\
				186	Set the issuer of the certificate\n\
				187	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	188	@param issuer: The issuer name\n\
				189	@type issuer: L{X509Name}\n\
				190	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	191	";
				192
				193	static PyObject *
				194	crypto_X509_set_issuer(crypto_X509Obj self, PyObject args)
				195	{
				196	crypto_X509NameObj *issuer;
				197
				198	if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
				199	&issuer))
				200	return NULL;
				201
				202	if (!X509_set_issuer_name(self->x509, issuer->x509_name))
				203	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	204	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	205	return NULL;
				206	}
				207
				208	Py_INCREF(Py_None);
				209	return Py_None;
				210	}
				211
				212	static char crypto_X509_get_subject_doc[] = "\n\
				213	Create an X509Name object for the subject of the certificate\n\
				214	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	215	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	216	";
				217
				218	static PyObject *
				219	crypto_X509_get_subject(crypto_X509Obj self, PyObject args)
				220	{
				221	crypto_X509NameObj *pyname;
				222	X509_NAME *name;
				223
				224	if (!PyArg_ParseTuple(args, ":get_subject"))
				225	return NULL;
				226
				227	name = X509_get_subject_name(self->x509);
				228	pyname = crypto_X509Name_New(name, 0);
				229	if (pyname != NULL)
				230	{
				231	pyname->parent_cert = (PyObject *)self;
				232	Py_INCREF(self);
				233	}
				234	return (PyObject *)pyname;
				235	}
				236
				237	static char crypto_X509_set_subject_doc[] = "\n\
				238	Set the subject of the certificate\n\
				239	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	240	@param subject: The subject name\n\
				241	@type subject: L{X509Name}\n\
				242	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	243	";
				244
				245	static PyObject *
				246	crypto_X509_set_subject(crypto_X509Obj self, PyObject args)
				247	{
				248	crypto_X509NameObj *subject;
				249
				250	if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
				251	&subject))
				252	return NULL;
				253
				254	if (!X509_set_subject_name(self->x509, subject->x509_name))
				255	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	256	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	257	return NULL;
				258	}
				259
				260	Py_INCREF(Py_None);
				261	return Py_None;
				262	}
				263
				264	static char crypto_X509_get_pubkey_doc[] = "\n\
				265	Get the public key of the certificate\n\
				266	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	267	@return: The public key\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	268	";
				269
				270	static PyObject *
				271	crypto_X509_get_pubkey(crypto_X509Obj self, PyObject args)
				272	{
				273	crypto_PKeyObj crypto_PKey_New(EVP_PKEY , int);
				274	EVP_PKEY *pkey;
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	275	crypto_PKeyObj *py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	276
				277	if (!PyArg_ParseTuple(args, ":get_pubkey"))
				278	return NULL;
				279
				280	if ((pkey = X509_get_pubkey(self->x509)) == NULL)
				281	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	282	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	283	return NULL;
				284	}
				285
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	286	py_pkey = crypto_PKey_New(pkey, 1);
				287	if (py_pkey != NULL) {
				288	py_pkey->only_public = 1;
				289	}
Jean-Paul Calderone	f60beec	2008-07-22 21:19:02 -0400	[diff] [blame]	290	return (PyObject *)py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	291	}
				292
				293	static char crypto_X509_set_pubkey_doc[] = "\n\
				294	Set the public key of the certificate\n\
				295	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	296	@param pkey: The public key\n\
				297	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	298	";
				299
				300	static PyObject *
				301	crypto_X509_set_pubkey(crypto_X509Obj self, PyObject args)
				302	{
				303	crypto_PKeyObj *pkey;
				304
				305	if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
				306	return NULL;
				307
				308	if (!X509_set_pubkey(self->x509, pkey->pkey))
				309	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	310	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	311	return NULL;
				312	}
				313
				314	Py_INCREF(Py_None);
				315	return Py_None;
				316	}
				317
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	318	PyObject*
				319	_set_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	320	{
				321	char *when;
				322
				323	if (!PyArg_ParseTuple(args, format, &when))
				324	return NULL;
				325
				326	if (ASN1_GENERALIZEDTIME_set_string(timestamp, when) == 0) {
				327	ASN1_GENERALIZEDTIME dummy;
				328	dummy.type = V_ASN1_GENERALIZEDTIME;
				329	dummy.length = strlen(when);
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	330	dummy.data = (unsigned char *)when;
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	331	if (!ASN1_GENERALIZEDTIME_check(&dummy)) {
				332	PyErr_SetString(PyExc_ValueError, "Invalid string");
				333	} else {
				334	PyErr_SetString(PyExc_RuntimeError, "Unknown ASN1_GENERALIZEDTIME_set_string failure");
				335	}
				336	return NULL;
				337	}
				338	Py_INCREF(Py_None);
				339	return Py_None;
				340	}
				341
				342	static char crypto_X509_set_notBefore_doc[] = "\n\
				343	Set the time stamp for when the certificate starts being valid\n\
				344	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	345	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	346	\n\
				347	YYYYMMDDhhmmssZ\n\
				348	YYYYMMDDhhmmss+hhmm\n\
				349	YYYYMMDDhhmmss-hhmm\n\
				350	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	351	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	352	";
				353
				354	static PyObject*
				355	crypto_X509_set_notBefore(crypto_X509Obj self, PyObject args)
				356	{
				357	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	358	"s:set_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	359	}
				360
				361	static char crypto_X509_set_notAfter_doc[] = "\n\
				362	Set the time stamp for when the certificate stops being valid\n\
				363	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	364	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	365	\n\
				366	YYYYMMDDhhmmssZ\n\
				367	YYYYMMDDhhmmss+hhmm\n\
				368	YYYYMMDDhhmmss-hhmm\n\
				369	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	370	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	371	";
				372
				373	static PyObject*
				374	crypto_X509_set_notAfter(crypto_X509Obj self, PyObject args)
				375	{
				376	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	377	"s:set_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	378	}
				379
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	380	PyObject*
				381	_get_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	382	{
				383	ASN1_GENERALIZEDTIME *gt_timestamp = NULL;
				384	PyObject *py_timestamp = NULL;
				385
				386	if (!PyArg_ParseTuple(args, format)) {
				387	return NULL;
				388	}
				389
				390	/*
				391	* http://www.columbia.edu/~ariel/ssleay/asn1-time.html
				392	*/
				393	/*
				394	* There must be a way to do this without touching timestamp->data
				395	* directly. -exarkun
				396	*/
Jean-Paul Calderone	e0615b5	2008-03-09 21:44:46 -0400	[diff] [blame]	397	if (timestamp->length == 0) {
				398	Py_INCREF(Py_None);
				399	return Py_None;
				400	} else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	401	return PyBytes_FromString((char *)timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	402	} else {
				403	ASN1_TIME_to_generalizedtime(timestamp, &gt_timestamp);
Jean-Paul Calderone	38a646d	2008-03-25 15:16:18 -0400	[diff] [blame]	404	if (gt_timestamp == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	405	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	406	return NULL;
				407	} else {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	408	py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	409	ASN1_GENERALIZEDTIME_free(gt_timestamp);
				410	return py_timestamp;
				411	}
				412	}
				413	}
				414
				415	static char crypto_X509_get_notBefore_doc[] = "\n\
				416	Retrieve the time stamp for when the certificate starts being valid\n\
				417	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	418	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	419	\n\
				420	YYYYMMDDhhmmssZ\n\
				421	YYYYMMDDhhmmss+hhmm\n\
				422	YYYYMMDDhhmmss-hhmm\n\
				423	or None if there is no value set.\n\
				424	";
				425
				426	static PyObject*
				427	crypto_X509_get_notBefore(crypto_X509Obj self, PyObject args)
				428	{
				429	/*
				430	* X509_get_notBefore returns a borrowed reference.
				431	*/
				432	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	433	":get_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	434	}
				435
				436
				437	static char crypto_X509_get_notAfter_doc[] = "\n\
				438	Retrieve the time stamp for when the certificate stops being valid\n\
				439	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	440	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	441	\n\
				442	YYYYMMDDhhmmssZ\n\
				443	YYYYMMDDhhmmss+hhmm\n\
				444	YYYYMMDDhhmmss-hhmm\n\
				445	or None if there is no value set.\n\
				446	";
				447
				448	static PyObject*
				449	crypto_X509_get_notAfter(crypto_X509Obj self, PyObject args)
				450	{
				451	/*
				452	* X509_get_notAfter returns a borrowed reference.
				453	*/
				454	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	455	":get_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	456	}
				457
				458
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	459	static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	460	Change the timestamp for when the certificate starts being valid to the current\n\
				461	time plus an offset.\n \
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	462	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	463	@param amount: The number of seconds by which to adjust the starting validity\n\
				464	time.\n\
				465	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	466	";
				467
				468	static PyObject *
				469	crypto_X509_gmtime_adj_notBefore(crypto_X509Obj self, PyObject args)
				470	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	471	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	472
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	473	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	474	return NULL;
				475
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	476	X509_gmtime_adj(X509_get_notBefore(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	477
				478	Py_INCREF(Py_None);
				479	return Py_None;
				480	}
				481
				482	static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
				483	Adjust the time stamp for when the certificate stops being valid\n\
				484	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	485	@param amount: The number of seconds by which to adjust the ending validity\n\
				486	time.\n\
				487	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	488	";
				489
				490	static PyObject *
				491	crypto_X509_gmtime_adj_notAfter(crypto_X509Obj self, PyObject args)
				492	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	493	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	494
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	495	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	496	return NULL;
				497
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	498	X509_gmtime_adj(X509_get_notAfter(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	499
				500	Py_INCREF(Py_None);
				501	return Py_None;
				502	}
				503
				504	static char crypto_X509_sign_doc[] = "\n\
				505	Sign the certificate using the supplied key and digest\n\
				506	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	507	@param pkey: The key to sign with\n\
				508	@param digest: The message digest to use\n\
				509	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	510	";
				511
				512	static PyObject *
				513	crypto_X509_sign(crypto_X509Obj self, PyObject args)
				514	{
				515	crypto_PKeyObj *pkey;
				516	char *digest_name;
				517	const EVP_MD *digest;
				518
				519	if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
				520	&digest_name))
				521	return NULL;
				522
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	523	if (pkey->only_public) {
				524	PyErr_SetString(PyExc_ValueError, "Key has only public part");
				525	return NULL;
				526	}
				527
				528	if (!pkey->initialized) {
				529	PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
				530	return NULL;
				531	}
				532
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	533	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				534	{
				535	PyErr_SetString(PyExc_ValueError, "No such digest method");
				536	return NULL;
				537	}
				538
				539	if (!X509_sign(self->x509, pkey->pkey, digest))
				540	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	541	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	542	return NULL;
				543	}
				544
				545	Py_INCREF(Py_None);
				546	return Py_None;
				547	}
				548
				549	static char crypto_X509_has_expired_doc[] = "\n\
				550	Check whether the certificate has expired.\n\
				551	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	552	@return: True if the certificate has expired, false otherwise\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	553	";
				554
				555	static PyObject *
				556	crypto_X509_has_expired(crypto_X509Obj self, PyObject args)
				557	{
				558	time_t tnow;
				559
				560	if (!PyArg_ParseTuple(args, ":has_expired"))
				561	return NULL;
				562
				563	tnow = time(NULL);
				564	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	565	return PyLong_FromLong(1L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	566	else
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	567	return PyLong_FromLong(0L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	568	}
				569
				570	static char crypto_X509_subject_name_hash_doc[] = "\n\
				571	Return the hash of the X509 subject.\n\
				572	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	573	@return: The hash of the subject\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	574	";
				575
				576	static PyObject *
				577	crypto_X509_subject_name_hash(crypto_X509Obj self, PyObject args)
				578	{
				579	if (!PyArg_ParseTuple(args, ":subject_name_hash"))
				580	return NULL;
				581
				582	return PyLong_FromLong(X509_subject_name_hash(self->x509));
				583	}
				584
				585	static char crypto_X509_digest_doc[] = "\n\
				586	Return the digest of the X509 object.\n\
				587	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	588	@return: The digest of the object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	589	";
				590
				591	static PyObject *
				592	crypto_X509_digest(crypto_X509Obj self, PyObject args)
				593	{
				594	unsigned char fp[EVP_MAX_MD_SIZE];
				595	char *tmp;
				596	char *digest_name;
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	597	unsigned int len,i;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	598	PyObject *ret;
				599	const EVP_MD *digest;
				600
				601	if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
				602	return NULL;
				603
				604	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				605	{
				606	PyErr_SetString(PyExc_ValueError, "No such digest method");
				607	return NULL;
				608	}
				609
				610	if (!X509_digest(self->x509,digest,fp,&len))
				611	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	612	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	613	}
				614	tmp = malloc(3*len+1);
				615	memset(tmp, 0, 3*len+1);
				616	for (i = 0; i < len; i++) {
				617	sprintf(tmp+i*3,"%02X:",fp[i]);
				618	}
				619	tmp[3*len-1] = 0;
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	620	ret = PyBytes_FromStringAndSize(tmp,3*len-1);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	621	free(tmp);
				622	return ret;
				623	}
				624
				625
				626	static char crypto_X509_add_extensions_doc[] = "\n\
				627	Add extensions to the certificate.\n\
				628	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	629	@param extensions: a sequence of X509Extension objects\n\
				630	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	631	";
				632
				633	static PyObject *
				634	crypto_X509_add_extensions(crypto_X509Obj self, PyObject args)
				635	{
				636	PyObject extensions, seq;
				637	crypto_X509ExtensionObj *ext;
				638	int nr_of_extensions, i;
				639
				640	if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
				641	return NULL;
				642
				643	seq = PySequence_Fast(extensions, "Expected a sequence");
				644	if (seq == NULL)
				645	return NULL;
				646
				647	nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
				648
				649	for (i = 0; i < nr_of_extensions; i++)
				650	{
				651	ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
				652	if (!crypto_X509Extension_Check(ext))
				653	{
				654	Py_DECREF(seq);
				655	PyErr_SetString(PyExc_ValueError,
				656	"One of the elements is not an X509Extension");
				657	return NULL;
				658	}
				659	if (!X509_add_ext(self->x509, ext->x509_extension, -1))
				660	{
				661	Py_DECREF(seq);
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	662	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	663	return NULL;
				664	}
				665	}
				666
				667	Py_INCREF(Py_None);
				668	return Py_None;
				669	}
				670
				671	/*
				672	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
				673	* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
				674	* for convenience
				675	*/
				676	#define ADD_METHOD(name) \
				677	{ #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
				678	static PyMethodDef crypto_X509_methods[] =
				679	{
				680	ADD_METHOD(get_version),
				681	ADD_METHOD(set_version),
				682	ADD_METHOD(get_serial_number),
				683	ADD_METHOD(set_serial_number),
				684	ADD_METHOD(get_issuer),
				685	ADD_METHOD(set_issuer),
				686	ADD_METHOD(get_subject),
				687	ADD_METHOD(set_subject),
				688	ADD_METHOD(get_pubkey),
				689	ADD_METHOD(set_pubkey),
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	690	ADD_METHOD(get_notBefore),
				691	ADD_METHOD(set_notBefore),
				692	ADD_METHOD(get_notAfter),
				693	ADD_METHOD(set_notAfter),
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	694	ADD_METHOD(gmtime_adj_notBefore),
				695	ADD_METHOD(gmtime_adj_notAfter),
				696	ADD_METHOD(sign),
				697	ADD_METHOD(has_expired),
				698	ADD_METHOD(subject_name_hash),
				699	ADD_METHOD(digest),
				700	ADD_METHOD(add_extensions),
				701	{ NULL, NULL }
				702	};
				703	#undef ADD_METHOD
				704
				705
				706	/*
				707	* Constructor for X509 objects, never called by Python code directly
				708	*
				709	* Arguments: cert - A "real" X509 certificate object
				710	* dealloc - Boolean value to specify whether the destructor should
				711	* free the "real" X509 object
				712	* Returns: The newly created X509 object
				713	*/
				714	crypto_X509Obj *
				715	crypto_X509_New(X509 *cert, int dealloc)
				716	{
				717	crypto_X509Obj *self;
				718
				719	self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
				720
				721	if (self == NULL)
				722	return NULL;
				723
				724	self->x509 = cert;
				725	self->dealloc = dealloc;
				726
				727	return self;
				728	}
				729
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	730
				731	static char crypto_X509_doc[] = "\n\
				732	X509() -> X509 instance\n\
				733	\n\
				734	Create a new X509 object.\n\
				735	\n\
				736	@returns: The X509 object\n\
				737	";
				738
				739	static PyObject *
				740	crypto_X509_new(PyTypeObject subtype, PyObject args, PyObject *kwargs)
				741	{
				742	if (!PyArg_ParseTuple(args, ":X509")) {
				743	return NULL;
				744	}
				745
				746	return (PyObject *)crypto_X509_New(X509_new(), 1);
				747	}
				748
				749
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	750	/*
				751	* Deallocate the memory used by the X509 object
				752	*
				753	* Arguments: self - The X509 object
				754	* Returns: None
				755	*/
				756	static void
				757	crypto_X509_dealloc(crypto_X509Obj *self)
				758	{
				759	/* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
				760	if (self->dealloc)
				761	X509_free(self->x509);
				762
				763	PyObject_Del(self);
				764	}
				765
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	766	PyTypeObject crypto_X509_Type = {
Jean-Paul Calderone	4d0c321	2010-08-10 22:57:42 -0400	[diff] [blame]	767	PyVarObject_HEAD_INIT(&PyType_Type, 0)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	768	"X509",
				769	sizeof(crypto_X509Obj),
				770	0,
				771	(destructor)crypto_X509_dealloc,
				772	NULL, /* print */
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	773	NULL, /* getattr */
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	774	NULL, /* setattr */
				775	NULL, /* compare */
				776	NULL, /* repr */
				777	NULL, /* as_number */
				778	NULL, /* as_sequence */
				779	NULL, /* as_mapping */
				780	NULL, /* hash */
				781	NULL, /* call */
				782	NULL, /* str */
				783	NULL, /* getattro */
				784	NULL, /* setattro */
				785	NULL, /* as_buffer */
				786	Py_TPFLAGS_DEFAULT,
				787	crypto_X509_doc, /* doc */
				788	NULL, /* traverse */
				789	NULL, /* clear */
				790	NULL, /* tp_richcompare */
				791	0, /* tp_weaklistoffset */
				792	NULL, /* tp_iter */
				793	NULL, /* tp_iternext */
				794	crypto_X509_methods, /* tp_methods */
				795	NULL, /* tp_members */
				796	NULL, /* tp_getset */
				797	NULL, /* tp_base */
				798	NULL, /* tp_dict */
				799	NULL, /* tp_descr_get */
				800	NULL, /* tp_descr_set */
				801	0, /* tp_dictoffset */
				802	NULL, /* tp_init */
				803	NULL, /* tp_alloc */
				804	crypto_X509_new, /* tp_new */
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	805	};
				806
				807	/*
				808	* Initialize the X509 part of the crypto sub module
				809	*
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	810	* Arguments: module - The crypto module
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	811	* Returns: None
				812	*/
				813	int
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	814	init_crypto_x509(PyObject *module)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	815	{
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	816	if (PyType_Ready(&crypto_X509_Type) < 0) {
				817	return 0;
				818	}
				819
				820	if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
				821	return 0;
				822	}
				823
				824	if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
				825	return 0;
				826	}
				827
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	828	return 1;
				829	}
				830