Blame - OpenSSL/crypto/x509.c - platform/external/python/pyopenssl

blob: a4264661a1a0bcc001c67bce4e13507256490f63 [file] [log] [blame]

Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	1	/*
				2	* x509.c
				3	*
				4	* Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone	8b63d45	2008-03-21 18:31:12 -0400	[diff] [blame]	5	* Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	6	*
				7	* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
				8	* See the file RATIONALE for a short explanation of why this module was written.
				9	*
				10	* Reviewed 2001-07-23
				11	*/
				12	#include <Python.h>
				13	#define crypto_MODULE
				14	#include "crypto.h"
				15
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	16	/*
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	17	* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
				18	* http://www.openssl.org/ for more information
				19	*/
				20
				21	static char crypto_X509_get_version_doc[] = "\n\
				22	Return version number of the certificate\n\
				23	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	24	@return: Version number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	25	";
				26
				27	static PyObject *
				28	crypto_X509_get_version(crypto_X509Obj self, PyObject args)
				29	{
				30	if (!PyArg_ParseTuple(args, ":get_version"))
				31	return NULL;
				32
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	33	return PyLong_FromLong((long)X509_get_version(self->x509));
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	34	}
				35
				36	static char crypto_X509_set_version_doc[] = "\n\
				37	Set version number of the certificate\n\
				38	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	39	@param version: The version number\n\
				40	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	41	";
				42
				43	static PyObject *
				44	crypto_X509_set_version(crypto_X509Obj self, PyObject args)
				45	{
				46	int version;
				47
				48	if (!PyArg_ParseTuple(args, "i:set_version", &version))
				49	return NULL;
				50
				51	X509_set_version(self->x509, version);
				52
				53	Py_INCREF(Py_None);
				54	return Py_None;
				55	}
				56
				57	static char crypto_X509_get_serial_number_doc[] = "\n\
				58	Return serial number of the certificate\n\
				59	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	60	@return: Serial number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	61	";
				62
				63	static PyObject *
				64	crypto_X509_get_serial_number(crypto_X509Obj self, PyObject args)
				65	{
				66	ASN1_INTEGER *asn1_i;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	67	BIGNUM *bignum;
				68	char *hex;
				69	PyObject *res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	70
				71	if (!PyArg_ParseTuple(args, ":get_serial_number"))
				72	return NULL;
				73
				74	asn1_i = X509_get_serialNumber(self->x509);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	75	bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
				76	hex = BN_bn2hex(bignum);
				77	res = PyLong_FromString(hex, NULL, 16);
				78	BN_free(bignum);
				79	free(hex);
				80	return res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	81	}
				82
				83	static char crypto_X509_set_serial_number_doc[] = "\n\
				84	Set serial number of the certificate\n\
				85	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	86	@param serial: The serial number\n\
				87	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	88	";
				89
				90	static PyObject *
				91	crypto_X509_set_serial_number(crypto_X509Obj self, PyObject args)
				92	{
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	93	long small_serial;
				94	PyObject *serial = NULL;
				95	PyObject *hex = NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	96	ASN1_INTEGER *asn1_i = NULL;
				97	BIGNUM *bignum = NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	98
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	99	if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	100	return NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	101	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	102
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	103	if (!PyLong_Check(serial)) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	104	PyErr_SetString(
				105	PyExc_TypeError, "serial number must be integer");
				106	goto err;
				107	}
				108
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	109	if ((hex = PyNumber_ToBase(serial, 16)) == NULL) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	110	goto err;
				111	}
				112
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	113	#ifdef PY3
				114	{
				115	PyObject *hexbytes = PyUnicode_AsASCIIString(hex);
				116	Py_DECREF(hex);
				117	hex = hexbytes;
				118	}
				119	#endif
				120
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	121	/**
				122	* BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
				123	* it. If bignum is still NULL after this call, then the return value
				124	* is actually the result. I hope. -exarkun
				125	*/
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	126	small_serial = BN_hex2bn(&bignum, PyBytes_AsString(hex));
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	127
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	128	Py_DECREF(hex);
				129	hex = NULL;
				130
				131	if (bignum == NULL) {
				132	if (ASN1_INTEGER_set(X509_get_serialNumber(self->x509), small_serial)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	133	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	134	goto err;
				135	}
				136	} else {
				137	asn1_i = BN_to_ASN1_INTEGER(bignum, NULL);
				138	BN_free(bignum);
				139	bignum = NULL;
				140	if (asn1_i == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	141	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	142	goto err;
				143	}
				144	if (!X509_set_serialNumber(self->x509, asn1_i)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	145	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	146	goto err;
				147	}
				148	ASN1_INTEGER_free(asn1_i);
				149	asn1_i = NULL;
				150	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	151
				152	Py_INCREF(Py_None);
				153	return Py_None;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	154
				155	err:
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	156	if (hex) {
				157	Py_DECREF(hex);
				158	}
				159	if (bignum) {
				160	BN_free(bignum);
				161	}
				162	if (asn1_i) {
				163	ASN1_INTEGER_free(asn1_i);
				164	}
				165	return NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	166	}
				167
				168	static char crypto_X509_get_issuer_doc[] = "\n\
				169	Create an X509Name object for the issuer of the certificate\n\
				170	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	171	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	172	";
				173
				174	static PyObject *
				175	crypto_X509_get_issuer(crypto_X509Obj self, PyObject args)
				176	{
				177	crypto_X509NameObj *pyname;
				178	X509_NAME *name;
				179
				180	if (!PyArg_ParseTuple(args, ":get_issuer"))
				181	return NULL;
				182
				183	name = X509_get_issuer_name(self->x509);
				184	pyname = crypto_X509Name_New(name, 0);
				185	if (pyname != NULL)
				186	{
				187	pyname->parent_cert = (PyObject *)self;
				188	Py_INCREF(self);
				189	}
				190	return (PyObject *)pyname;
				191	}
				192
				193	static char crypto_X509_set_issuer_doc[] = "\n\
				194	Set the issuer of the certificate\n\
				195	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	196	@param issuer: The issuer name\n\
				197	@type issuer: L{X509Name}\n\
				198	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	199	";
				200
				201	static PyObject *
				202	crypto_X509_set_issuer(crypto_X509Obj self, PyObject args)
				203	{
				204	crypto_X509NameObj *issuer;
				205
				206	if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
				207	&issuer))
				208	return NULL;
				209
				210	if (!X509_set_issuer_name(self->x509, issuer->x509_name))
				211	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	212	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	213	return NULL;
				214	}
				215
				216	Py_INCREF(Py_None);
				217	return Py_None;
				218	}
				219
				220	static char crypto_X509_get_subject_doc[] = "\n\
				221	Create an X509Name object for the subject of the certificate\n\
				222	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	223	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	224	";
				225
				226	static PyObject *
				227	crypto_X509_get_subject(crypto_X509Obj self, PyObject args)
				228	{
				229	crypto_X509NameObj *pyname;
				230	X509_NAME *name;
				231
				232	if (!PyArg_ParseTuple(args, ":get_subject"))
				233	return NULL;
				234
				235	name = X509_get_subject_name(self->x509);
				236	pyname = crypto_X509Name_New(name, 0);
				237	if (pyname != NULL)
				238	{
				239	pyname->parent_cert = (PyObject *)self;
				240	Py_INCREF(self);
				241	}
				242	return (PyObject *)pyname;
				243	}
				244
				245	static char crypto_X509_set_subject_doc[] = "\n\
				246	Set the subject of the certificate\n\
				247	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	248	@param subject: The subject name\n\
				249	@type subject: L{X509Name}\n\
				250	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	251	";
				252
				253	static PyObject *
				254	crypto_X509_set_subject(crypto_X509Obj self, PyObject args)
				255	{
				256	crypto_X509NameObj *subject;
				257
				258	if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
				259	&subject))
				260	return NULL;
				261
				262	if (!X509_set_subject_name(self->x509, subject->x509_name))
				263	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	264	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	265	return NULL;
				266	}
				267
				268	Py_INCREF(Py_None);
				269	return Py_None;
				270	}
				271
				272	static char crypto_X509_get_pubkey_doc[] = "\n\
				273	Get the public key of the certificate\n\
				274	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	275	@return: The public key\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	276	";
				277
				278	static PyObject *
				279	crypto_X509_get_pubkey(crypto_X509Obj self, PyObject args)
				280	{
				281	crypto_PKeyObj crypto_PKey_New(EVP_PKEY , int);
				282	EVP_PKEY *pkey;
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	283	crypto_PKeyObj *py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	284
				285	if (!PyArg_ParseTuple(args, ":get_pubkey"))
				286	return NULL;
				287
				288	if ((pkey = X509_get_pubkey(self->x509)) == NULL)
				289	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	290	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	291	return NULL;
				292	}
				293
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	294	py_pkey = crypto_PKey_New(pkey, 1);
				295	if (py_pkey != NULL) {
				296	py_pkey->only_public = 1;
				297	}
Jean-Paul Calderone	f60beec	2008-07-22 21:19:02 -0400	[diff] [blame]	298	return (PyObject *)py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	299	}
				300
				301	static char crypto_X509_set_pubkey_doc[] = "\n\
				302	Set the public key of the certificate\n\
				303	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	304	@param pkey: The public key\n\
				305	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	306	";
				307
				308	static PyObject *
				309	crypto_X509_set_pubkey(crypto_X509Obj self, PyObject args)
				310	{
				311	crypto_PKeyObj *pkey;
				312
				313	if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
				314	return NULL;
				315
				316	if (!X509_set_pubkey(self->x509, pkey->pkey))
				317	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	318	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	319	return NULL;
				320	}
				321
				322	Py_INCREF(Py_None);
				323	return Py_None;
				324	}
				325
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	326	PyObject*
				327	_set_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	328	{
				329	char *when;
				330
				331	if (!PyArg_ParseTuple(args, format, &when))
				332	return NULL;
				333
				334	if (ASN1_GENERALIZEDTIME_set_string(timestamp, when) == 0) {
				335	ASN1_GENERALIZEDTIME dummy;
				336	dummy.type = V_ASN1_GENERALIZEDTIME;
				337	dummy.length = strlen(when);
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	338	dummy.data = (unsigned char *)when;
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	339	if (!ASN1_GENERALIZEDTIME_check(&dummy)) {
				340	PyErr_SetString(PyExc_ValueError, "Invalid string");
				341	} else {
				342	PyErr_SetString(PyExc_RuntimeError, "Unknown ASN1_GENERALIZEDTIME_set_string failure");
				343	}
				344	return NULL;
				345	}
				346	Py_INCREF(Py_None);
				347	return Py_None;
				348	}
				349
				350	static char crypto_X509_set_notBefore_doc[] = "\n\
				351	Set the time stamp for when the certificate starts being valid\n\
				352	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	353	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	354	\n\
				355	YYYYMMDDhhmmssZ\n\
				356	YYYYMMDDhhmmss+hhmm\n\
				357	YYYYMMDDhhmmss-hhmm\n\
				358	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	359	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	360	";
				361
				362	static PyObject*
				363	crypto_X509_set_notBefore(crypto_X509Obj self, PyObject args)
				364	{
				365	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	366	"s:set_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	367	}
				368
				369	static char crypto_X509_set_notAfter_doc[] = "\n\
				370	Set the time stamp for when the certificate stops being valid\n\
				371	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	372	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	373	\n\
				374	YYYYMMDDhhmmssZ\n\
				375	YYYYMMDDhhmmss+hhmm\n\
				376	YYYYMMDDhhmmss-hhmm\n\
				377	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	378	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	379	";
				380
				381	static PyObject*
				382	crypto_X509_set_notAfter(crypto_X509Obj self, PyObject args)
				383	{
				384	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	385	"s:set_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	386	}
				387
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	388	PyObject*
				389	_get_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	390	{
				391	ASN1_GENERALIZEDTIME *gt_timestamp = NULL;
				392	PyObject *py_timestamp = NULL;
				393
				394	if (!PyArg_ParseTuple(args, format)) {
				395	return NULL;
				396	}
				397
				398	/*
				399	* http://www.columbia.edu/~ariel/ssleay/asn1-time.html
				400	*/
				401	/*
				402	* There must be a way to do this without touching timestamp->data
				403	* directly. -exarkun
				404	*/
Jean-Paul Calderone	e0615b5	2008-03-09 21:44:46 -0400	[diff] [blame]	405	if (timestamp->length == 0) {
				406	Py_INCREF(Py_None);
				407	return Py_None;
				408	} else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	409	return PyBytes_FromString((char *)timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	410	} else {
				411	ASN1_TIME_to_generalizedtime(timestamp, &gt_timestamp);
Jean-Paul Calderone	38a646d	2008-03-25 15:16:18 -0400	[diff] [blame]	412	if (gt_timestamp == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	413	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	414	return NULL;
				415	} else {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	416	py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	417	ASN1_GENERALIZEDTIME_free(gt_timestamp);
				418	return py_timestamp;
				419	}
				420	}
				421	}
				422
				423	static char crypto_X509_get_notBefore_doc[] = "\n\
				424	Retrieve the time stamp for when the certificate starts being valid\n\
				425	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	426	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	427	\n\
				428	YYYYMMDDhhmmssZ\n\
				429	YYYYMMDDhhmmss+hhmm\n\
				430	YYYYMMDDhhmmss-hhmm\n\
				431	or None if there is no value set.\n\
				432	";
				433
				434	static PyObject*
				435	crypto_X509_get_notBefore(crypto_X509Obj self, PyObject args)
				436	{
				437	/*
				438	* X509_get_notBefore returns a borrowed reference.
				439	*/
				440	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	441	":get_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	442	}
				443
				444
				445	static char crypto_X509_get_notAfter_doc[] = "\n\
				446	Retrieve the time stamp for when the certificate stops being valid\n\
				447	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	448	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	449	\n\
				450	YYYYMMDDhhmmssZ\n\
				451	YYYYMMDDhhmmss+hhmm\n\
				452	YYYYMMDDhhmmss-hhmm\n\
				453	or None if there is no value set.\n\
				454	";
				455
				456	static PyObject*
				457	crypto_X509_get_notAfter(crypto_X509Obj self, PyObject args)
				458	{
				459	/*
				460	* X509_get_notAfter returns a borrowed reference.
				461	*/
				462	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	463	":get_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	464	}
				465
				466
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	467	static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	468	Change the timestamp for when the certificate starts being valid to the current\n\
				469	time plus an offset.\n \
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	470	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	471	@param amount: The number of seconds by which to adjust the starting validity\n\
				472	time.\n\
				473	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	474	";
				475
				476	static PyObject *
				477	crypto_X509_gmtime_adj_notBefore(crypto_X509Obj self, PyObject args)
				478	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	479	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	480
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	481	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	482	return NULL;
				483
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	484	X509_gmtime_adj(X509_get_notBefore(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	485
				486	Py_INCREF(Py_None);
				487	return Py_None;
				488	}
				489
				490	static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
				491	Adjust the time stamp for when the certificate stops being valid\n\
				492	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	493	@param amount: The number of seconds by which to adjust the ending validity\n\
				494	time.\n\
				495	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	496	";
				497
				498	static PyObject *
				499	crypto_X509_gmtime_adj_notAfter(crypto_X509Obj self, PyObject args)
				500	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	501	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	502
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	503	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	504	return NULL;
				505
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	506	X509_gmtime_adj(X509_get_notAfter(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	507
				508	Py_INCREF(Py_None);
				509	return Py_None;
				510	}
				511
				512	static char crypto_X509_sign_doc[] = "\n\
				513	Sign the certificate using the supplied key and digest\n\
				514	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	515	@param pkey: The key to sign with\n\
				516	@param digest: The message digest to use\n\
				517	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	518	";
				519
				520	static PyObject *
				521	crypto_X509_sign(crypto_X509Obj self, PyObject args)
				522	{
				523	crypto_PKeyObj *pkey;
				524	char *digest_name;
				525	const EVP_MD *digest;
				526
				527	if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
				528	&digest_name))
				529	return NULL;
				530
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	531	if (pkey->only_public) {
				532	PyErr_SetString(PyExc_ValueError, "Key has only public part");
				533	return NULL;
				534	}
				535
				536	if (!pkey->initialized) {
				537	PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
				538	return NULL;
				539	}
				540
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	541	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				542	{
				543	PyErr_SetString(PyExc_ValueError, "No such digest method");
				544	return NULL;
				545	}
				546
				547	if (!X509_sign(self->x509, pkey->pkey, digest))
				548	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	549	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	550	return NULL;
				551	}
				552
				553	Py_INCREF(Py_None);
				554	return Py_None;
				555	}
				556
				557	static char crypto_X509_has_expired_doc[] = "\n\
				558	Check whether the certificate has expired.\n\
				559	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	560	@return: True if the certificate has expired, false otherwise\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	561	";
				562
				563	static PyObject *
				564	crypto_X509_has_expired(crypto_X509Obj self, PyObject args)
				565	{
				566	time_t tnow;
				567
				568	if (!PyArg_ParseTuple(args, ":has_expired"))
				569	return NULL;
				570
				571	tnow = time(NULL);
				572	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	573	return PyLong_FromLong(1L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	574	else
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	575	return PyLong_FromLong(0L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	576	}
				577
				578	static char crypto_X509_subject_name_hash_doc[] = "\n\
				579	Return the hash of the X509 subject.\n\
				580	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	581	@return: The hash of the subject\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	582	";
				583
				584	static PyObject *
				585	crypto_X509_subject_name_hash(crypto_X509Obj self, PyObject args)
				586	{
				587	if (!PyArg_ParseTuple(args, ":subject_name_hash"))
				588	return NULL;
				589
				590	return PyLong_FromLong(X509_subject_name_hash(self->x509));
				591	}
				592
				593	static char crypto_X509_digest_doc[] = "\n\
				594	Return the digest of the X509 object.\n\
				595	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	596	@return: The digest of the object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	597	";
				598
				599	static PyObject *
				600	crypto_X509_digest(crypto_X509Obj self, PyObject args)
				601	{
				602	unsigned char fp[EVP_MAX_MD_SIZE];
				603	char *tmp;
				604	char *digest_name;
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	605	unsigned int len,i;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	606	PyObject *ret;
				607	const EVP_MD *digest;
				608
				609	if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
				610	return NULL;
				611
				612	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				613	{
				614	PyErr_SetString(PyExc_ValueError, "No such digest method");
				615	return NULL;
				616	}
				617
				618	if (!X509_digest(self->x509,digest,fp,&len))
				619	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	620	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	621	}
				622	tmp = malloc(3*len+1);
				623	memset(tmp, 0, 3*len+1);
				624	for (i = 0; i < len; i++) {
				625	sprintf(tmp+i*3,"%02X:",fp[i]);
				626	}
				627	tmp[3*len-1] = 0;
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	628	ret = PyBytes_FromStringAndSize(tmp,3*len-1);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	629	free(tmp);
				630	return ret;
				631	}
				632
				633
				634	static char crypto_X509_add_extensions_doc[] = "\n\
				635	Add extensions to the certificate.\n\
				636	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	637	@param extensions: a sequence of X509Extension objects\n\
				638	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	639	";
				640
				641	static PyObject *
				642	crypto_X509_add_extensions(crypto_X509Obj self, PyObject args)
				643	{
				644	PyObject extensions, seq;
				645	crypto_X509ExtensionObj *ext;
				646	int nr_of_extensions, i;
				647
				648	if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
				649	return NULL;
				650
				651	seq = PySequence_Fast(extensions, "Expected a sequence");
				652	if (seq == NULL)
				653	return NULL;
				654
				655	nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
				656
				657	for (i = 0; i < nr_of_extensions; i++)
				658	{
				659	ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
				660	if (!crypto_X509Extension_Check(ext))
				661	{
				662	Py_DECREF(seq);
				663	PyErr_SetString(PyExc_ValueError,
				664	"One of the elements is not an X509Extension");
				665	return NULL;
				666	}
				667	if (!X509_add_ext(self->x509, ext->x509_extension, -1))
				668	{
				669	Py_DECREF(seq);
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	670	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	671	return NULL;
				672	}
				673	}
				674
				675	Py_INCREF(Py_None);
				676	return Py_None;
				677	}
				678
				679	/*
				680	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
				681	* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
				682	* for convenience
				683	*/
				684	#define ADD_METHOD(name) \
				685	{ #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
				686	static PyMethodDef crypto_X509_methods[] =
				687	{
				688	ADD_METHOD(get_version),
				689	ADD_METHOD(set_version),
				690	ADD_METHOD(get_serial_number),
				691	ADD_METHOD(set_serial_number),
				692	ADD_METHOD(get_issuer),
				693	ADD_METHOD(set_issuer),
				694	ADD_METHOD(get_subject),
				695	ADD_METHOD(set_subject),
				696	ADD_METHOD(get_pubkey),
				697	ADD_METHOD(set_pubkey),
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	698	ADD_METHOD(get_notBefore),
				699	ADD_METHOD(set_notBefore),
				700	ADD_METHOD(get_notAfter),
				701	ADD_METHOD(set_notAfter),
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	702	ADD_METHOD(gmtime_adj_notBefore),
				703	ADD_METHOD(gmtime_adj_notAfter),
				704	ADD_METHOD(sign),
				705	ADD_METHOD(has_expired),
				706	ADD_METHOD(subject_name_hash),
				707	ADD_METHOD(digest),
				708	ADD_METHOD(add_extensions),
				709	{ NULL, NULL }
				710	};
				711	#undef ADD_METHOD
				712
				713
				714	/*
				715	* Constructor for X509 objects, never called by Python code directly
				716	*
				717	* Arguments: cert - A "real" X509 certificate object
				718	* dealloc - Boolean value to specify whether the destructor should
				719	* free the "real" X509 object
				720	* Returns: The newly created X509 object
				721	*/
				722	crypto_X509Obj *
				723	crypto_X509_New(X509 *cert, int dealloc)
				724	{
				725	crypto_X509Obj *self;
				726
				727	self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
				728
				729	if (self == NULL)
				730	return NULL;
				731
				732	self->x509 = cert;
				733	self->dealloc = dealloc;
				734
				735	return self;
				736	}
				737
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	738
				739	static char crypto_X509_doc[] = "\n\
				740	X509() -> X509 instance\n\
				741	\n\
				742	Create a new X509 object.\n\
				743	\n\
				744	@returns: The X509 object\n\
				745	";
				746
				747	static PyObject *
				748	crypto_X509_new(PyTypeObject subtype, PyObject args, PyObject *kwargs)
				749	{
				750	if (!PyArg_ParseTuple(args, ":X509")) {
				751	return NULL;
				752	}
				753
				754	return (PyObject *)crypto_X509_New(X509_new(), 1);
				755	}
				756
				757
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	758	/*
				759	* Deallocate the memory used by the X509 object
				760	*
				761	* Arguments: self - The X509 object
				762	* Returns: None
				763	*/
				764	static void
				765	crypto_X509_dealloc(crypto_X509Obj *self)
				766	{
				767	/* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
				768	if (self->dealloc)
				769	X509_free(self->x509);
				770
				771	PyObject_Del(self);
				772	}
				773
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	774	PyTypeObject crypto_X509_Type = {
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	775	PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	776	"X509",
				777	sizeof(crypto_X509Obj),
				778	0,
				779	(destructor)crypto_X509_dealloc,
				780	NULL, /* print */
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	781	NULL, /* getattr */
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	782	NULL, /* setattr */
				783	NULL, /* compare */
				784	NULL, /* repr */
				785	NULL, /* as_number */
				786	NULL, /* as_sequence */
				787	NULL, /* as_mapping */
				788	NULL, /* hash */
				789	NULL, /* call */
				790	NULL, /* str */
				791	NULL, /* getattro */
				792	NULL, /* setattro */
				793	NULL, /* as_buffer */
				794	Py_TPFLAGS_DEFAULT,
				795	crypto_X509_doc, /* doc */
				796	NULL, /* traverse */
				797	NULL, /* clear */
				798	NULL, /* tp_richcompare */
				799	0, /* tp_weaklistoffset */
				800	NULL, /* tp_iter */
				801	NULL, /* tp_iternext */
				802	crypto_X509_methods, /* tp_methods */
				803	NULL, /* tp_members */
				804	NULL, /* tp_getset */
				805	NULL, /* tp_base */
				806	NULL, /* tp_dict */
				807	NULL, /* tp_descr_get */
				808	NULL, /* tp_descr_set */
				809	0, /* tp_dictoffset */
				810	NULL, /* tp_init */
				811	NULL, /* tp_alloc */
				812	crypto_X509_new, /* tp_new */
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	813	};
				814
				815	/*
				816	* Initialize the X509 part of the crypto sub module
				817	*
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	818	* Arguments: module - The crypto module
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	819	* Returns: None
				820	*/
				821	int
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	822	init_crypto_x509(PyObject *module)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	823	{
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	824	if (PyType_Ready(&crypto_X509_Type) < 0) {
				825	return 0;
				826	}
				827
				828	if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
				829	return 0;
				830	}
				831
				832	if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
				833	return 0;
				834	}
				835
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	836	return 1;
				837	}
				838