Blame - OpenSSL/crypto/x509.c - platform/external/python/pyopenssl

blob: 0b54c8dfaa390893da6e0ab51aaa39efe0d9a844 [file] [log] [blame]

Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	1	/*
				2	* x509.c
				3	*
				4	* Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone	8b63d45	2008-03-21 18:31:12 -0400	[diff] [blame]	5	* Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	6	*
				7	* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
				8	* See the file RATIONALE for a short explanation of why this module was written.
				9	*
				10	* Reviewed 2001-07-23
				11	*/
				12	#include <Python.h>
				13	#define crypto_MODULE
				14	#include "crypto.h"
				15
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	16	/*
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	17	* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
				18	* http://www.openssl.org/ for more information
				19	*/
				20
				21	static char crypto_X509_get_version_doc[] = "\n\
				22	Return version number of the certificate\n\
				23	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	24	@return: Version number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	25	";
				26
				27	static PyObject *
				28	crypto_X509_get_version(crypto_X509Obj self, PyObject args)
				29	{
				30	if (!PyArg_ParseTuple(args, ":get_version"))
				31	return NULL;
				32
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	33	return PyLong_FromLong((long)X509_get_version(self->x509));
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	34	}
				35
				36	static char crypto_X509_set_version_doc[] = "\n\
				37	Set version number of the certificate\n\
				38	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	39	@param version: The version number\n\
				40	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	41	";
				42
				43	static PyObject *
				44	crypto_X509_set_version(crypto_X509Obj self, PyObject args)
				45	{
				46	int version;
				47
				48	if (!PyArg_ParseTuple(args, "i:set_version", &version))
				49	return NULL;
				50
				51	X509_set_version(self->x509, version);
				52
				53	Py_INCREF(Py_None);
				54	return Py_None;
				55	}
				56
				57	static char crypto_X509_get_serial_number_doc[] = "\n\
				58	Return serial number of the certificate\n\
				59	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	60	@return: Serial number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	61	";
				62
				63	static PyObject *
				64	crypto_X509_get_serial_number(crypto_X509Obj self, PyObject args)
				65	{
				66	ASN1_INTEGER *asn1_i;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	67	BIGNUM *bignum;
				68	char *hex;
				69	PyObject *res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	70
				71	if (!PyArg_ParseTuple(args, ":get_serial_number"))
				72	return NULL;
				73
				74	asn1_i = X509_get_serialNumber(self->x509);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	75	bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
				76	hex = BN_bn2hex(bignum);
				77	res = PyLong_FromString(hex, NULL, 16);
				78	BN_free(bignum);
				79	free(hex);
				80	return res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	81	}
				82
				83	static char crypto_X509_set_serial_number_doc[] = "\n\
				84	Set serial number of the certificate\n\
				85	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	86	@param serial: The serial number\n\
				87	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	88	";
				89
				90	static PyObject *
				91	crypto_X509_set_serial_number(crypto_X509Obj self, PyObject args)
				92	{
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	93	long small_serial;
				94	PyObject *serial = NULL;
				95	PyObject *hex = NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	96	ASN1_INTEGER *asn1_i = NULL;
				97	BIGNUM *bignum = NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	98
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	99	if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	100	return NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	101	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	102
Jean-Paul Calderone	c18669e	2010-08-12 00:03:05 -0400	[diff] [blame]	103	if (!PyOpenSSL_Integer_Check(serial)) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	104	PyErr_SetString(
				105	PyExc_TypeError, "serial number must be integer");
				106	goto err;
				107	}
				108
Jean-Paul Calderone	a5a032f	2010-08-12 20:03:32 -0400	[diff] [blame]	109	if ((hex = PyOpenSSL_LongToHex(serial)) == NULL) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	110	goto err;
				111	}
				112
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	113	#ifdef PY3
				114	{
				115	PyObject *hexbytes = PyUnicode_AsASCIIString(hex);
				116	Py_DECREF(hex);
				117	hex = hexbytes;
				118	}
				119	#endif
				120
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	121	/**
				122	* BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
				123	* it. If bignum is still NULL after this call, then the return value
				124	* is actually the result. I hope. -exarkun
				125	*/
Jean-Paul Calderone	c18669e	2010-08-12 00:03:05 -0400	[diff] [blame]	126	/* +2 to skip the "0x" */
				127	small_serial = BN_hex2bn(&bignum, PyBytes_AsString(hex) + 2);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	128
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	129	Py_DECREF(hex);
				130	hex = NULL;
				131
				132	if (bignum == NULL) {
				133	if (ASN1_INTEGER_set(X509_get_serialNumber(self->x509), small_serial)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	134	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	135	goto err;
				136	}
				137	} else {
				138	asn1_i = BN_to_ASN1_INTEGER(bignum, NULL);
				139	BN_free(bignum);
				140	bignum = NULL;
				141	if (asn1_i == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	142	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	143	goto err;
				144	}
				145	if (!X509_set_serialNumber(self->x509, asn1_i)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	146	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	147	goto err;
				148	}
				149	ASN1_INTEGER_free(asn1_i);
				150	asn1_i = NULL;
				151	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	152
				153	Py_INCREF(Py_None);
				154	return Py_None;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	155
				156	err:
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	157	if (hex) {
				158	Py_DECREF(hex);
				159	}
				160	if (bignum) {
				161	BN_free(bignum);
				162	}
				163	if (asn1_i) {
				164	ASN1_INTEGER_free(asn1_i);
				165	}
				166	return NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	167	}
				168
				169	static char crypto_X509_get_issuer_doc[] = "\n\
				170	Create an X509Name object for the issuer of the certificate\n\
				171	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	172	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	173	";
				174
				175	static PyObject *
				176	crypto_X509_get_issuer(crypto_X509Obj self, PyObject args)
				177	{
				178	crypto_X509NameObj *pyname;
				179	X509_NAME *name;
				180
				181	if (!PyArg_ParseTuple(args, ":get_issuer"))
				182	return NULL;
				183
				184	name = X509_get_issuer_name(self->x509);
				185	pyname = crypto_X509Name_New(name, 0);
				186	if (pyname != NULL)
				187	{
				188	pyname->parent_cert = (PyObject *)self;
				189	Py_INCREF(self);
				190	}
				191	return (PyObject *)pyname;
				192	}
				193
				194	static char crypto_X509_set_issuer_doc[] = "\n\
				195	Set the issuer of the certificate\n\
				196	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	197	@param issuer: The issuer name\n\
				198	@type issuer: L{X509Name}\n\
				199	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	200	";
				201
				202	static PyObject *
				203	crypto_X509_set_issuer(crypto_X509Obj self, PyObject args)
				204	{
				205	crypto_X509NameObj *issuer;
				206
				207	if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
				208	&issuer))
				209	return NULL;
				210
				211	if (!X509_set_issuer_name(self->x509, issuer->x509_name))
				212	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	213	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	214	return NULL;
				215	}
				216
				217	Py_INCREF(Py_None);
				218	return Py_None;
				219	}
				220
				221	static char crypto_X509_get_subject_doc[] = "\n\
				222	Create an X509Name object for the subject of the certificate\n\
				223	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	224	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	225	";
				226
				227	static PyObject *
				228	crypto_X509_get_subject(crypto_X509Obj self, PyObject args)
				229	{
				230	crypto_X509NameObj *pyname;
				231	X509_NAME *name;
				232
				233	if (!PyArg_ParseTuple(args, ":get_subject"))
				234	return NULL;
				235
				236	name = X509_get_subject_name(self->x509);
				237	pyname = crypto_X509Name_New(name, 0);
				238	if (pyname != NULL)
				239	{
				240	pyname->parent_cert = (PyObject *)self;
				241	Py_INCREF(self);
				242	}
				243	return (PyObject *)pyname;
				244	}
				245
				246	static char crypto_X509_set_subject_doc[] = "\n\
				247	Set the subject of the certificate\n\
				248	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	249	@param subject: The subject name\n\
				250	@type subject: L{X509Name}\n\
				251	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	252	";
				253
				254	static PyObject *
				255	crypto_X509_set_subject(crypto_X509Obj self, PyObject args)
				256	{
				257	crypto_X509NameObj *subject;
				258
				259	if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
				260	&subject))
				261	return NULL;
				262
				263	if (!X509_set_subject_name(self->x509, subject->x509_name))
				264	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	265	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	266	return NULL;
				267	}
				268
				269	Py_INCREF(Py_None);
				270	return Py_None;
				271	}
				272
				273	static char crypto_X509_get_pubkey_doc[] = "\n\
				274	Get the public key of the certificate\n\
				275	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	276	@return: The public key\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	277	";
				278
				279	static PyObject *
				280	crypto_X509_get_pubkey(crypto_X509Obj self, PyObject args)
				281	{
				282	crypto_PKeyObj crypto_PKey_New(EVP_PKEY , int);
				283	EVP_PKEY *pkey;
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	284	crypto_PKeyObj *py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	285
				286	if (!PyArg_ParseTuple(args, ":get_pubkey"))
				287	return NULL;
				288
				289	if ((pkey = X509_get_pubkey(self->x509)) == NULL)
				290	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	291	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	292	return NULL;
				293	}
				294
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	295	py_pkey = crypto_PKey_New(pkey, 1);
				296	if (py_pkey != NULL) {
				297	py_pkey->only_public = 1;
				298	}
Jean-Paul Calderone	f60beec	2008-07-22 21:19:02 -0400	[diff] [blame]	299	return (PyObject *)py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	300	}
				301
				302	static char crypto_X509_set_pubkey_doc[] = "\n\
				303	Set the public key of the certificate\n\
				304	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	305	@param pkey: The public key\n\
				306	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	307	";
				308
				309	static PyObject *
				310	crypto_X509_set_pubkey(crypto_X509Obj self, PyObject args)
				311	{
				312	crypto_PKeyObj *pkey;
				313
				314	if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
				315	return NULL;
				316
				317	if (!X509_set_pubkey(self->x509, pkey->pkey))
				318	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	319	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	320	return NULL;
				321	}
				322
				323	Py_INCREF(Py_None);
				324	return Py_None;
				325	}
				326
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	327	PyObject*
				328	_set_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	329	{
				330	char *when;
				331
				332	if (!PyArg_ParseTuple(args, format, &when))
				333	return NULL;
				334
				335	if (ASN1_GENERALIZEDTIME_set_string(timestamp, when) == 0) {
				336	ASN1_GENERALIZEDTIME dummy;
				337	dummy.type = V_ASN1_GENERALIZEDTIME;
				338	dummy.length = strlen(when);
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	339	dummy.data = (unsigned char *)when;
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	340	if (!ASN1_GENERALIZEDTIME_check(&dummy)) {
				341	PyErr_SetString(PyExc_ValueError, "Invalid string");
				342	} else {
				343	PyErr_SetString(PyExc_RuntimeError, "Unknown ASN1_GENERALIZEDTIME_set_string failure");
				344	}
				345	return NULL;
				346	}
				347	Py_INCREF(Py_None);
				348	return Py_None;
				349	}
				350
				351	static char crypto_X509_set_notBefore_doc[] = "\n\
				352	Set the time stamp for when the certificate starts being valid\n\
				353	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	354	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	355	\n\
				356	YYYYMMDDhhmmssZ\n\
				357	YYYYMMDDhhmmss+hhmm\n\
				358	YYYYMMDDhhmmss-hhmm\n\
				359	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	360	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	361	";
				362
				363	static PyObject*
				364	crypto_X509_set_notBefore(crypto_X509Obj self, PyObject args)
				365	{
				366	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	367	"s:set_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	368	}
				369
				370	static char crypto_X509_set_notAfter_doc[] = "\n\
				371	Set the time stamp for when the certificate stops being valid\n\
				372	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	373	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	374	\n\
				375	YYYYMMDDhhmmssZ\n\
				376	YYYYMMDDhhmmss+hhmm\n\
				377	YYYYMMDDhhmmss-hhmm\n\
				378	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	379	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	380	";
				381
				382	static PyObject*
				383	crypto_X509_set_notAfter(crypto_X509Obj self, PyObject args)
				384	{
				385	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	386	"s:set_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	387	}
				388
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	389	PyObject*
				390	_get_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	391	{
				392	ASN1_GENERALIZEDTIME *gt_timestamp = NULL;
				393	PyObject *py_timestamp = NULL;
				394
				395	if (!PyArg_ParseTuple(args, format)) {
				396	return NULL;
				397	}
				398
				399	/*
				400	* http://www.columbia.edu/~ariel/ssleay/asn1-time.html
				401	*/
				402	/*
				403	* There must be a way to do this without touching timestamp->data
				404	* directly. -exarkun
				405	*/
Jean-Paul Calderone	e0615b5	2008-03-09 21:44:46 -0400	[diff] [blame]	406	if (timestamp->length == 0) {
				407	Py_INCREF(Py_None);
				408	return Py_None;
				409	} else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	410	return PyBytes_FromString((char *)timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	411	} else {
				412	ASN1_TIME_to_generalizedtime(timestamp, &gt_timestamp);
Jean-Paul Calderone	38a646d	2008-03-25 15:16:18 -0400	[diff] [blame]	413	if (gt_timestamp == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	414	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	415	return NULL;
				416	} else {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	417	py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	418	ASN1_GENERALIZEDTIME_free(gt_timestamp);
				419	return py_timestamp;
				420	}
				421	}
				422	}
				423
				424	static char crypto_X509_get_notBefore_doc[] = "\n\
				425	Retrieve the time stamp for when the certificate starts being valid\n\
				426	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	427	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	428	\n\
				429	YYYYMMDDhhmmssZ\n\
				430	YYYYMMDDhhmmss+hhmm\n\
				431	YYYYMMDDhhmmss-hhmm\n\
				432	or None if there is no value set.\n\
				433	";
				434
				435	static PyObject*
				436	crypto_X509_get_notBefore(crypto_X509Obj self, PyObject args)
				437	{
				438	/*
				439	* X509_get_notBefore returns a borrowed reference.
				440	*/
				441	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	442	":get_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	443	}
				444
				445
				446	static char crypto_X509_get_notAfter_doc[] = "\n\
				447	Retrieve the time stamp for when the certificate stops being valid\n\
				448	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	449	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	450	\n\
				451	YYYYMMDDhhmmssZ\n\
				452	YYYYMMDDhhmmss+hhmm\n\
				453	YYYYMMDDhhmmss-hhmm\n\
				454	or None if there is no value set.\n\
				455	";
				456
				457	static PyObject*
				458	crypto_X509_get_notAfter(crypto_X509Obj self, PyObject args)
				459	{
				460	/*
				461	* X509_get_notAfter returns a borrowed reference.
				462	*/
				463	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	464	":get_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	465	}
				466
				467
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	468	static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	469	Change the timestamp for when the certificate starts being valid to the current\n\
				470	time plus an offset.\n \
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	471	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	472	@param amount: The number of seconds by which to adjust the starting validity\n\
				473	time.\n\
				474	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	475	";
				476
				477	static PyObject *
				478	crypto_X509_gmtime_adj_notBefore(crypto_X509Obj self, PyObject args)
				479	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	480	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	481
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	482	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	483	return NULL;
				484
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	485	X509_gmtime_adj(X509_get_notBefore(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	486
				487	Py_INCREF(Py_None);
				488	return Py_None;
				489	}
				490
				491	static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
				492	Adjust the time stamp for when the certificate stops being valid\n\
				493	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	494	@param amount: The number of seconds by which to adjust the ending validity\n\
				495	time.\n\
				496	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	497	";
				498
				499	static PyObject *
				500	crypto_X509_gmtime_adj_notAfter(crypto_X509Obj self, PyObject args)
				501	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	502	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	503
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	504	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	505	return NULL;
				506
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	507	X509_gmtime_adj(X509_get_notAfter(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	508
				509	Py_INCREF(Py_None);
				510	return Py_None;
				511	}
				512
				513	static char crypto_X509_sign_doc[] = "\n\
				514	Sign the certificate using the supplied key and digest\n\
				515	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	516	@param pkey: The key to sign with\n\
				517	@param digest: The message digest to use\n\
				518	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	519	";
				520
				521	static PyObject *
				522	crypto_X509_sign(crypto_X509Obj self, PyObject args)
				523	{
				524	crypto_PKeyObj *pkey;
				525	char *digest_name;
				526	const EVP_MD *digest;
				527
				528	if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
				529	&digest_name))
				530	return NULL;
				531
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	532	if (pkey->only_public) {
				533	PyErr_SetString(PyExc_ValueError, "Key has only public part");
				534	return NULL;
				535	}
				536
				537	if (!pkey->initialized) {
				538	PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
				539	return NULL;
				540	}
				541
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	542	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				543	{
				544	PyErr_SetString(PyExc_ValueError, "No such digest method");
				545	return NULL;
				546	}
				547
				548	if (!X509_sign(self->x509, pkey->pkey, digest))
				549	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	550	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	551	return NULL;
				552	}
				553
				554	Py_INCREF(Py_None);
				555	return Py_None;
				556	}
				557
				558	static char crypto_X509_has_expired_doc[] = "\n\
				559	Check whether the certificate has expired.\n\
				560	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	561	@return: True if the certificate has expired, false otherwise\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	562	";
				563
				564	static PyObject *
				565	crypto_X509_has_expired(crypto_X509Obj self, PyObject args)
				566	{
				567	time_t tnow;
				568
				569	if (!PyArg_ParseTuple(args, ":has_expired"))
				570	return NULL;
				571
				572	tnow = time(NULL);
				573	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	574	return PyLong_FromLong(1L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	575	else
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	576	return PyLong_FromLong(0L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	577	}
				578
				579	static char crypto_X509_subject_name_hash_doc[] = "\n\
				580	Return the hash of the X509 subject.\n\
				581	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	582	@return: The hash of the subject\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	583	";
				584
				585	static PyObject *
				586	crypto_X509_subject_name_hash(crypto_X509Obj self, PyObject args)
				587	{
				588	if (!PyArg_ParseTuple(args, ":subject_name_hash"))
				589	return NULL;
				590
				591	return PyLong_FromLong(X509_subject_name_hash(self->x509));
				592	}
				593
				594	static char crypto_X509_digest_doc[] = "\n\
				595	Return the digest of the X509 object.\n\
				596	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	597	@return: The digest of the object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	598	";
				599
				600	static PyObject *
				601	crypto_X509_digest(crypto_X509Obj self, PyObject args)
				602	{
				603	unsigned char fp[EVP_MAX_MD_SIZE];
				604	char *tmp;
				605	char *digest_name;
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	606	unsigned int len,i;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	607	PyObject *ret;
				608	const EVP_MD *digest;
				609
				610	if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
				611	return NULL;
				612
				613	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				614	{
				615	PyErr_SetString(PyExc_ValueError, "No such digest method");
				616	return NULL;
				617	}
				618
				619	if (!X509_digest(self->x509,digest,fp,&len))
				620	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	621	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	622	}
				623	tmp = malloc(3*len+1);
				624	memset(tmp, 0, 3*len+1);
				625	for (i = 0; i < len; i++) {
				626	sprintf(tmp+i*3,"%02X:",fp[i]);
				627	}
				628	tmp[3*len-1] = 0;
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	629	ret = PyBytes_FromStringAndSize(tmp,3*len-1);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	630	free(tmp);
				631	return ret;
				632	}
				633
				634
				635	static char crypto_X509_add_extensions_doc[] = "\n\
				636	Add extensions to the certificate.\n\
				637	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	638	@param extensions: a sequence of X509Extension objects\n\
				639	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	640	";
				641
				642	static PyObject *
				643	crypto_X509_add_extensions(crypto_X509Obj self, PyObject args)
				644	{
				645	PyObject extensions, seq;
				646	crypto_X509ExtensionObj *ext;
				647	int nr_of_extensions, i;
				648
				649	if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
				650	return NULL;
				651
				652	seq = PySequence_Fast(extensions, "Expected a sequence");
				653	if (seq == NULL)
				654	return NULL;
				655
				656	nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
				657
				658	for (i = 0; i < nr_of_extensions; i++)
				659	{
				660	ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
				661	if (!crypto_X509Extension_Check(ext))
				662	{
				663	Py_DECREF(seq);
				664	PyErr_SetString(PyExc_ValueError,
				665	"One of the elements is not an X509Extension");
				666	return NULL;
				667	}
				668	if (!X509_add_ext(self->x509, ext->x509_extension, -1))
				669	{
				670	Py_DECREF(seq);
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	671	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	672	return NULL;
				673	}
				674	}
				675
				676	Py_INCREF(Py_None);
				677	return Py_None;
				678	}
				679
				680	/*
				681	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
				682	* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
				683	* for convenience
				684	*/
				685	#define ADD_METHOD(name) \
				686	{ #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
				687	static PyMethodDef crypto_X509_methods[] =
				688	{
				689	ADD_METHOD(get_version),
				690	ADD_METHOD(set_version),
				691	ADD_METHOD(get_serial_number),
				692	ADD_METHOD(set_serial_number),
				693	ADD_METHOD(get_issuer),
				694	ADD_METHOD(set_issuer),
				695	ADD_METHOD(get_subject),
				696	ADD_METHOD(set_subject),
				697	ADD_METHOD(get_pubkey),
				698	ADD_METHOD(set_pubkey),
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	699	ADD_METHOD(get_notBefore),
				700	ADD_METHOD(set_notBefore),
				701	ADD_METHOD(get_notAfter),
				702	ADD_METHOD(set_notAfter),
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	703	ADD_METHOD(gmtime_adj_notBefore),
				704	ADD_METHOD(gmtime_adj_notAfter),
				705	ADD_METHOD(sign),
				706	ADD_METHOD(has_expired),
				707	ADD_METHOD(subject_name_hash),
				708	ADD_METHOD(digest),
				709	ADD_METHOD(add_extensions),
				710	{ NULL, NULL }
				711	};
				712	#undef ADD_METHOD
				713
				714
				715	/*
				716	* Constructor for X509 objects, never called by Python code directly
				717	*
				718	* Arguments: cert - A "real" X509 certificate object
				719	* dealloc - Boolean value to specify whether the destructor should
				720	* free the "real" X509 object
				721	* Returns: The newly created X509 object
				722	*/
				723	crypto_X509Obj *
				724	crypto_X509_New(X509 *cert, int dealloc)
				725	{
				726	crypto_X509Obj *self;
				727
				728	self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
				729
				730	if (self == NULL)
				731	return NULL;
				732
				733	self->x509 = cert;
				734	self->dealloc = dealloc;
				735
				736	return self;
				737	}
				738
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	739
				740	static char crypto_X509_doc[] = "\n\
				741	X509() -> X509 instance\n\
				742	\n\
				743	Create a new X509 object.\n\
				744	\n\
				745	@returns: The X509 object\n\
				746	";
				747
				748	static PyObject *
				749	crypto_X509_new(PyTypeObject subtype, PyObject args, PyObject *kwargs)
				750	{
				751	if (!PyArg_ParseTuple(args, ":X509")) {
				752	return NULL;
				753	}
				754
				755	return (PyObject *)crypto_X509_New(X509_new(), 1);
				756	}
				757
				758
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	759	/*
				760	* Deallocate the memory used by the X509 object
				761	*
				762	* Arguments: self - The X509 object
				763	* Returns: None
				764	*/
				765	static void
				766	crypto_X509_dealloc(crypto_X509Obj *self)
				767	{
				768	/* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
				769	if (self->dealloc)
				770	X509_free(self->x509);
				771
				772	PyObject_Del(self);
				773	}
				774
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	775	PyTypeObject crypto_X509_Type = {
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	776	PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	777	"X509",
				778	sizeof(crypto_X509Obj),
				779	0,
				780	(destructor)crypto_X509_dealloc,
				781	NULL, /* print */
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	782	NULL, /* getattr */
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	783	NULL, /* setattr */
				784	NULL, /* compare */
				785	NULL, /* repr */
				786	NULL, /* as_number */
				787	NULL, /* as_sequence */
				788	NULL, /* as_mapping */
				789	NULL, /* hash */
				790	NULL, /* call */
				791	NULL, /* str */
				792	NULL, /* getattro */
				793	NULL, /* setattro */
				794	NULL, /* as_buffer */
				795	Py_TPFLAGS_DEFAULT,
				796	crypto_X509_doc, /* doc */
				797	NULL, /* traverse */
				798	NULL, /* clear */
				799	NULL, /* tp_richcompare */
				800	0, /* tp_weaklistoffset */
				801	NULL, /* tp_iter */
				802	NULL, /* tp_iternext */
				803	crypto_X509_methods, /* tp_methods */
				804	NULL, /* tp_members */
				805	NULL, /* tp_getset */
				806	NULL, /* tp_base */
				807	NULL, /* tp_dict */
				808	NULL, /* tp_descr_get */
				809	NULL, /* tp_descr_set */
				810	0, /* tp_dictoffset */
				811	NULL, /* tp_init */
				812	NULL, /* tp_alloc */
				813	crypto_X509_new, /* tp_new */
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	814	};
				815
				816	/*
				817	* Initialize the X509 part of the crypto sub module
				818	*
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	819	* Arguments: module - The crypto module
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	820	* Returns: None
				821	*/
				822	int
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	823	init_crypto_x509(PyObject *module)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	824	{
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	825	if (PyType_Ready(&crypto_X509_Type) < 0) {
				826	return 0;
				827	}
				828
				829	if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
				830	return 0;
				831	}
				832
				833	if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
				834	return 0;
				835	}
				836
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	837	return 1;
				838	}
				839