Blame - OpenSSL/crypto/x509.c - platform/external/python/pyopenssl

blob: 6156da042f209e76713a9ffb276cb5da3841babe [file] [log] [blame]

Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	1	/*
				2	* x509.c
				3	*
				4	* Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone	8b63d45	2008-03-21 18:31:12 -0400	[diff] [blame]	5	* Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	6	*
				7	* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
				8	* See the file RATIONALE for a short explanation of why this module was written.
				9	*
				10	* Reviewed 2001-07-23
				11	*/
				12	#include <Python.h>
				13	#define crypto_MODULE
				14	#include "crypto.h"
				15
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	16	/*
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	17	* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
				18	* http://www.openssl.org/ for more information
				19	*/
				20
				21	static char crypto_X509_get_version_doc[] = "\n\
				22	Return version number of the certificate\n\
				23	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	24	@return: Version number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	25	";
				26
				27	static PyObject *
				28	crypto_X509_get_version(crypto_X509Obj self, PyObject args)
				29	{
				30	if (!PyArg_ParseTuple(args, ":get_version"))
				31	return NULL;
				32
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	33	return PyLong_FromLong((long)X509_get_version(self->x509));
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	34	}
				35
				36	static char crypto_X509_set_version_doc[] = "\n\
				37	Set version number of the certificate\n\
				38	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	39	@param version: The version number\n\
				40	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	41	";
				42
				43	static PyObject *
				44	crypto_X509_set_version(crypto_X509Obj self, PyObject args)
				45	{
				46	int version;
				47
				48	if (!PyArg_ParseTuple(args, "i:set_version", &version))
				49	return NULL;
				50
				51	X509_set_version(self->x509, version);
				52
				53	Py_INCREF(Py_None);
				54	return Py_None;
				55	}
				56
				57	static char crypto_X509_get_serial_number_doc[] = "\n\
				58	Return serial number of the certificate\n\
				59	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	60	@return: Serial number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	61	";
				62
				63	static PyObject *
				64	crypto_X509_get_serial_number(crypto_X509Obj self, PyObject args)
				65	{
				66	ASN1_INTEGER *asn1_i;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	67	BIGNUM *bignum;
				68	char *hex;
				69	PyObject *res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	70
				71	if (!PyArg_ParseTuple(args, ":get_serial_number"))
				72	return NULL;
				73
				74	asn1_i = X509_get_serialNumber(self->x509);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	75	bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
				76	hex = BN_bn2hex(bignum);
				77	res = PyLong_FromString(hex, NULL, 16);
				78	BN_free(bignum);
				79	free(hex);
				80	return res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	81	}
				82
				83	static char crypto_X509_set_serial_number_doc[] = "\n\
				84	Set serial number of the certificate\n\
				85	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	86	@param serial: The serial number\n\
				87	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	88	";
				89
				90	static PyObject *
				91	crypto_X509_set_serial_number(crypto_X509Obj self, PyObject args)
				92	{
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	93	long small_serial;
				94	PyObject *serial = NULL;
				95	PyObject *hex = NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	96	ASN1_INTEGER *asn1_i = NULL;
				97	BIGNUM *bignum = NULL;
Jean-Paul Calderone	728eba9	2010-08-12 20:17:59 -0400	[diff] [blame^]	98	char *hexbytes;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	99
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	100	if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	101	return NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	102	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	103
Jean-Paul Calderone	c18669e	2010-08-12 00:03:05 -0400	[diff] [blame]	104	if (!PyOpenSSL_Integer_Check(serial)) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	105	PyErr_SetString(
				106	PyExc_TypeError, "serial number must be integer");
				107	goto err;
				108	}
				109
Jean-Paul Calderone	a5a032f	2010-08-12 20:03:32 -0400	[diff] [blame]	110	if ((hex = PyOpenSSL_LongToHex(serial)) == NULL) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	111	goto err;
				112	}
				113
				114	/**
				115	* BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
				116	* it. If bignum is still NULL after this call, then the return value
				117	* is actually the result. I hope. -exarkun
				118	*/
Jean-Paul Calderone	728eba9	2010-08-12 20:17:59 -0400	[diff] [blame^]	119	hexbytes = PyBytes_AsString(hex);
				120	if (hexbytes[2] == 'x') {
				121	/* +2 to skip the "0x" */
				122	hexbytes += 2;
				123	}
				124	small_serial = BN_hex2bn(&bignum, hexbytes);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	125
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	126	Py_DECREF(hex);
				127	hex = NULL;
				128
				129	if (bignum == NULL) {
				130	if (ASN1_INTEGER_set(X509_get_serialNumber(self->x509), small_serial)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	131	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	132	goto err;
				133	}
				134	} else {
				135	asn1_i = BN_to_ASN1_INTEGER(bignum, NULL);
				136	BN_free(bignum);
				137	bignum = NULL;
				138	if (asn1_i == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	139	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	140	goto err;
				141	}
				142	if (!X509_set_serialNumber(self->x509, asn1_i)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	143	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	144	goto err;
				145	}
				146	ASN1_INTEGER_free(asn1_i);
				147	asn1_i = NULL;
				148	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	149
				150	Py_INCREF(Py_None);
				151	return Py_None;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	152
				153	err:
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	154	if (hex) {
				155	Py_DECREF(hex);
				156	}
				157	if (bignum) {
				158	BN_free(bignum);
				159	}
				160	if (asn1_i) {
				161	ASN1_INTEGER_free(asn1_i);
				162	}
				163	return NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	164	}
				165
				166	static char crypto_X509_get_issuer_doc[] = "\n\
				167	Create an X509Name object for the issuer of the certificate\n\
				168	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	169	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	170	";
				171
				172	static PyObject *
				173	crypto_X509_get_issuer(crypto_X509Obj self, PyObject args)
				174	{
				175	crypto_X509NameObj *pyname;
				176	X509_NAME *name;
				177
				178	if (!PyArg_ParseTuple(args, ":get_issuer"))
				179	return NULL;
				180
				181	name = X509_get_issuer_name(self->x509);
				182	pyname = crypto_X509Name_New(name, 0);
				183	if (pyname != NULL)
				184	{
				185	pyname->parent_cert = (PyObject *)self;
				186	Py_INCREF(self);
				187	}
				188	return (PyObject *)pyname;
				189	}
				190
				191	static char crypto_X509_set_issuer_doc[] = "\n\
				192	Set the issuer of the certificate\n\
				193	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	194	@param issuer: The issuer name\n\
				195	@type issuer: L{X509Name}\n\
				196	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	197	";
				198
				199	static PyObject *
				200	crypto_X509_set_issuer(crypto_X509Obj self, PyObject args)
				201	{
				202	crypto_X509NameObj *issuer;
				203
				204	if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
				205	&issuer))
				206	return NULL;
				207
				208	if (!X509_set_issuer_name(self->x509, issuer->x509_name))
				209	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	210	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	211	return NULL;
				212	}
				213
				214	Py_INCREF(Py_None);
				215	return Py_None;
				216	}
				217
				218	static char crypto_X509_get_subject_doc[] = "\n\
				219	Create an X509Name object for the subject of the certificate\n\
				220	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	221	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	222	";
				223
				224	static PyObject *
				225	crypto_X509_get_subject(crypto_X509Obj self, PyObject args)
				226	{
				227	crypto_X509NameObj *pyname;
				228	X509_NAME *name;
				229
				230	if (!PyArg_ParseTuple(args, ":get_subject"))
				231	return NULL;
				232
				233	name = X509_get_subject_name(self->x509);
				234	pyname = crypto_X509Name_New(name, 0);
				235	if (pyname != NULL)
				236	{
				237	pyname->parent_cert = (PyObject *)self;
				238	Py_INCREF(self);
				239	}
				240	return (PyObject *)pyname;
				241	}
				242
				243	static char crypto_X509_set_subject_doc[] = "\n\
				244	Set the subject of the certificate\n\
				245	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	246	@param subject: The subject name\n\
				247	@type subject: L{X509Name}\n\
				248	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	249	";
				250
				251	static PyObject *
				252	crypto_X509_set_subject(crypto_X509Obj self, PyObject args)
				253	{
				254	crypto_X509NameObj *subject;
				255
				256	if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
				257	&subject))
				258	return NULL;
				259
				260	if (!X509_set_subject_name(self->x509, subject->x509_name))
				261	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	262	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	263	return NULL;
				264	}
				265
				266	Py_INCREF(Py_None);
				267	return Py_None;
				268	}
				269
				270	static char crypto_X509_get_pubkey_doc[] = "\n\
				271	Get the public key of the certificate\n\
				272	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	273	@return: The public key\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	274	";
				275
				276	static PyObject *
				277	crypto_X509_get_pubkey(crypto_X509Obj self, PyObject args)
				278	{
				279	crypto_PKeyObj crypto_PKey_New(EVP_PKEY , int);
				280	EVP_PKEY *pkey;
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	281	crypto_PKeyObj *py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	282
				283	if (!PyArg_ParseTuple(args, ":get_pubkey"))
				284	return NULL;
				285
				286	if ((pkey = X509_get_pubkey(self->x509)) == NULL)
				287	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	288	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	289	return NULL;
				290	}
				291
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	292	py_pkey = crypto_PKey_New(pkey, 1);
				293	if (py_pkey != NULL) {
				294	py_pkey->only_public = 1;
				295	}
Jean-Paul Calderone	f60beec	2008-07-22 21:19:02 -0400	[diff] [blame]	296	return (PyObject *)py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	297	}
				298
				299	static char crypto_X509_set_pubkey_doc[] = "\n\
				300	Set the public key of the certificate\n\
				301	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	302	@param pkey: The public key\n\
				303	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	304	";
				305
				306	static PyObject *
				307	crypto_X509_set_pubkey(crypto_X509Obj self, PyObject args)
				308	{
				309	crypto_PKeyObj *pkey;
				310
				311	if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
				312	return NULL;
				313
				314	if (!X509_set_pubkey(self->x509, pkey->pkey))
				315	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	316	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	317	return NULL;
				318	}
				319
				320	Py_INCREF(Py_None);
				321	return Py_None;
				322	}
				323
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	324	PyObject*
				325	_set_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	326	{
				327	char *when;
				328
				329	if (!PyArg_ParseTuple(args, format, &when))
				330	return NULL;
				331
				332	if (ASN1_GENERALIZEDTIME_set_string(timestamp, when) == 0) {
				333	ASN1_GENERALIZEDTIME dummy;
				334	dummy.type = V_ASN1_GENERALIZEDTIME;
				335	dummy.length = strlen(when);
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	336	dummy.data = (unsigned char *)when;
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	337	if (!ASN1_GENERALIZEDTIME_check(&dummy)) {
				338	PyErr_SetString(PyExc_ValueError, "Invalid string");
				339	} else {
				340	PyErr_SetString(PyExc_RuntimeError, "Unknown ASN1_GENERALIZEDTIME_set_string failure");
				341	}
				342	return NULL;
				343	}
				344	Py_INCREF(Py_None);
				345	return Py_None;
				346	}
				347
				348	static char crypto_X509_set_notBefore_doc[] = "\n\
				349	Set the time stamp for when the certificate starts being valid\n\
				350	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	351	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	352	\n\
				353	YYYYMMDDhhmmssZ\n\
				354	YYYYMMDDhhmmss+hhmm\n\
				355	YYYYMMDDhhmmss-hhmm\n\
				356	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	357	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	358	";
				359
				360	static PyObject*
				361	crypto_X509_set_notBefore(crypto_X509Obj self, PyObject args)
				362	{
				363	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	364	"s:set_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	365	}
				366
				367	static char crypto_X509_set_notAfter_doc[] = "\n\
				368	Set the time stamp for when the certificate stops being valid\n\
				369	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	370	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	371	\n\
				372	YYYYMMDDhhmmssZ\n\
				373	YYYYMMDDhhmmss+hhmm\n\
				374	YYYYMMDDhhmmss-hhmm\n\
				375	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	376	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	377	";
				378
				379	static PyObject*
				380	crypto_X509_set_notAfter(crypto_X509Obj self, PyObject args)
				381	{
				382	return _set_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	383	"s:set_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	384	}
				385
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	386	PyObject*
				387	_get_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	388	{
				389	ASN1_GENERALIZEDTIME *gt_timestamp = NULL;
				390	PyObject *py_timestamp = NULL;
				391
				392	if (!PyArg_ParseTuple(args, format)) {
				393	return NULL;
				394	}
				395
				396	/*
				397	* http://www.columbia.edu/~ariel/ssleay/asn1-time.html
				398	*/
				399	/*
				400	* There must be a way to do this without touching timestamp->data
				401	* directly. -exarkun
				402	*/
Jean-Paul Calderone	e0615b5	2008-03-09 21:44:46 -0400	[diff] [blame]	403	if (timestamp->length == 0) {
				404	Py_INCREF(Py_None);
				405	return Py_None;
				406	} else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	407	return PyBytes_FromString((char *)timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	408	} else {
				409	ASN1_TIME_to_generalizedtime(timestamp, &gt_timestamp);
Jean-Paul Calderone	38a646d	2008-03-25 15:16:18 -0400	[diff] [blame]	410	if (gt_timestamp == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	411	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	412	return NULL;
				413	} else {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	414	py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	415	ASN1_GENERALIZEDTIME_free(gt_timestamp);
				416	return py_timestamp;
				417	}
				418	}
				419	}
				420
				421	static char crypto_X509_get_notBefore_doc[] = "\n\
				422	Retrieve the time stamp for when the certificate starts being valid\n\
				423	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	424	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	425	\n\
				426	YYYYMMDDhhmmssZ\n\
				427	YYYYMMDDhhmmss+hhmm\n\
				428	YYYYMMDDhhmmss-hhmm\n\
				429	or None if there is no value set.\n\
				430	";
				431
				432	static PyObject*
				433	crypto_X509_get_notBefore(crypto_X509Obj self, PyObject args)
				434	{
				435	/*
				436	* X509_get_notBefore returns a borrowed reference.
				437	*/
				438	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	439	":get_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	440	}
				441
				442
				443	static char crypto_X509_get_notAfter_doc[] = "\n\
				444	Retrieve the time stamp for when the certificate stops being valid\n\
				445	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	446	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	447	\n\
				448	YYYYMMDDhhmmssZ\n\
				449	YYYYMMDDhhmmss+hhmm\n\
				450	YYYYMMDDhhmmss-hhmm\n\
				451	or None if there is no value set.\n\
				452	";
				453
				454	static PyObject*
				455	crypto_X509_get_notAfter(crypto_X509Obj self, PyObject args)
				456	{
				457	/*
				458	* X509_get_notAfter returns a borrowed reference.
				459	*/
				460	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	461	":get_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	462	}
				463
				464
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	465	static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	466	Change the timestamp for when the certificate starts being valid to the current\n\
				467	time plus an offset.\n \
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	468	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	469	@param amount: The number of seconds by which to adjust the starting validity\n\
				470	time.\n\
				471	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	472	";
				473
				474	static PyObject *
				475	crypto_X509_gmtime_adj_notBefore(crypto_X509Obj self, PyObject args)
				476	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	477	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	478
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	479	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	480	return NULL;
				481
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	482	X509_gmtime_adj(X509_get_notBefore(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	483
				484	Py_INCREF(Py_None);
				485	return Py_None;
				486	}
				487
				488	static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
				489	Adjust the time stamp for when the certificate stops being valid\n\
				490	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	491	@param amount: The number of seconds by which to adjust the ending validity\n\
				492	time.\n\
				493	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	494	";
				495
				496	static PyObject *
				497	crypto_X509_gmtime_adj_notAfter(crypto_X509Obj self, PyObject args)
				498	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	499	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	500
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	501	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	502	return NULL;
				503
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	504	X509_gmtime_adj(X509_get_notAfter(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	505
				506	Py_INCREF(Py_None);
				507	return Py_None;
				508	}
				509
				510	static char crypto_X509_sign_doc[] = "\n\
				511	Sign the certificate using the supplied key and digest\n\
				512	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	513	@param pkey: The key to sign with\n\
				514	@param digest: The message digest to use\n\
				515	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	516	";
				517
				518	static PyObject *
				519	crypto_X509_sign(crypto_X509Obj self, PyObject args)
				520	{
				521	crypto_PKeyObj *pkey;
				522	char *digest_name;
				523	const EVP_MD *digest;
				524
				525	if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
				526	&digest_name))
				527	return NULL;
				528
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	529	if (pkey->only_public) {
				530	PyErr_SetString(PyExc_ValueError, "Key has only public part");
				531	return NULL;
				532	}
				533
				534	if (!pkey->initialized) {
				535	PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
				536	return NULL;
				537	}
				538
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	539	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				540	{
				541	PyErr_SetString(PyExc_ValueError, "No such digest method");
				542	return NULL;
				543	}
				544
				545	if (!X509_sign(self->x509, pkey->pkey, digest))
				546	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	547	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	548	return NULL;
				549	}
				550
				551	Py_INCREF(Py_None);
				552	return Py_None;
				553	}
				554
				555	static char crypto_X509_has_expired_doc[] = "\n\
				556	Check whether the certificate has expired.\n\
				557	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	558	@return: True if the certificate has expired, false otherwise\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	559	";
				560
				561	static PyObject *
				562	crypto_X509_has_expired(crypto_X509Obj self, PyObject args)
				563	{
				564	time_t tnow;
				565
				566	if (!PyArg_ParseTuple(args, ":has_expired"))
				567	return NULL;
				568
				569	tnow = time(NULL);
				570	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	571	return PyLong_FromLong(1L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	572	else
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	573	return PyLong_FromLong(0L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	574	}
				575
				576	static char crypto_X509_subject_name_hash_doc[] = "\n\
				577	Return the hash of the X509 subject.\n\
				578	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	579	@return: The hash of the subject\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	580	";
				581
				582	static PyObject *
				583	crypto_X509_subject_name_hash(crypto_X509Obj self, PyObject args)
				584	{
				585	if (!PyArg_ParseTuple(args, ":subject_name_hash"))
				586	return NULL;
				587
				588	return PyLong_FromLong(X509_subject_name_hash(self->x509));
				589	}
				590
				591	static char crypto_X509_digest_doc[] = "\n\
				592	Return the digest of the X509 object.\n\
				593	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	594	@return: The digest of the object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	595	";
				596
				597	static PyObject *
				598	crypto_X509_digest(crypto_X509Obj self, PyObject args)
				599	{
				600	unsigned char fp[EVP_MAX_MD_SIZE];
				601	char *tmp;
				602	char *digest_name;
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	603	unsigned int len,i;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	604	PyObject *ret;
				605	const EVP_MD *digest;
				606
				607	if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
				608	return NULL;
				609
				610	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				611	{
				612	PyErr_SetString(PyExc_ValueError, "No such digest method");
				613	return NULL;
				614	}
				615
				616	if (!X509_digest(self->x509,digest,fp,&len))
				617	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	618	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	619	}
				620	tmp = malloc(3*len+1);
				621	memset(tmp, 0, 3*len+1);
				622	for (i = 0; i < len; i++) {
				623	sprintf(tmp+i*3,"%02X:",fp[i]);
				624	}
				625	tmp[3*len-1] = 0;
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	626	ret = PyBytes_FromStringAndSize(tmp,3*len-1);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	627	free(tmp);
				628	return ret;
				629	}
				630
				631
				632	static char crypto_X509_add_extensions_doc[] = "\n\
				633	Add extensions to the certificate.\n\
				634	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	635	@param extensions: a sequence of X509Extension objects\n\
				636	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	637	";
				638
				639	static PyObject *
				640	crypto_X509_add_extensions(crypto_X509Obj self, PyObject args)
				641	{
				642	PyObject extensions, seq;
				643	crypto_X509ExtensionObj *ext;
				644	int nr_of_extensions, i;
				645
				646	if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
				647	return NULL;
				648
				649	seq = PySequence_Fast(extensions, "Expected a sequence");
				650	if (seq == NULL)
				651	return NULL;
				652
				653	nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
				654
				655	for (i = 0; i < nr_of_extensions; i++)
				656	{
				657	ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
				658	if (!crypto_X509Extension_Check(ext))
				659	{
				660	Py_DECREF(seq);
				661	PyErr_SetString(PyExc_ValueError,
				662	"One of the elements is not an X509Extension");
				663	return NULL;
				664	}
				665	if (!X509_add_ext(self->x509, ext->x509_extension, -1))
				666	{
				667	Py_DECREF(seq);
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	668	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	669	return NULL;
				670	}
				671	}
				672
				673	Py_INCREF(Py_None);
				674	return Py_None;
				675	}
				676
				677	/*
				678	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
				679	* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
				680	* for convenience
				681	*/
				682	#define ADD_METHOD(name) \
				683	{ #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
				684	static PyMethodDef crypto_X509_methods[] =
				685	{
				686	ADD_METHOD(get_version),
				687	ADD_METHOD(set_version),
				688	ADD_METHOD(get_serial_number),
				689	ADD_METHOD(set_serial_number),
				690	ADD_METHOD(get_issuer),
				691	ADD_METHOD(set_issuer),
				692	ADD_METHOD(get_subject),
				693	ADD_METHOD(set_subject),
				694	ADD_METHOD(get_pubkey),
				695	ADD_METHOD(set_pubkey),
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	696	ADD_METHOD(get_notBefore),
				697	ADD_METHOD(set_notBefore),
				698	ADD_METHOD(get_notAfter),
				699	ADD_METHOD(set_notAfter),
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	700	ADD_METHOD(gmtime_adj_notBefore),
				701	ADD_METHOD(gmtime_adj_notAfter),
				702	ADD_METHOD(sign),
				703	ADD_METHOD(has_expired),
				704	ADD_METHOD(subject_name_hash),
				705	ADD_METHOD(digest),
				706	ADD_METHOD(add_extensions),
				707	{ NULL, NULL }
				708	};
				709	#undef ADD_METHOD
				710
				711
				712	/*
				713	* Constructor for X509 objects, never called by Python code directly
				714	*
				715	* Arguments: cert - A "real" X509 certificate object
				716	* dealloc - Boolean value to specify whether the destructor should
				717	* free the "real" X509 object
				718	* Returns: The newly created X509 object
				719	*/
				720	crypto_X509Obj *
				721	crypto_X509_New(X509 *cert, int dealloc)
				722	{
				723	crypto_X509Obj *self;
				724
				725	self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
				726
				727	if (self == NULL)
				728	return NULL;
				729
				730	self->x509 = cert;
				731	self->dealloc = dealloc;
				732
				733	return self;
				734	}
				735
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	736
				737	static char crypto_X509_doc[] = "\n\
				738	X509() -> X509 instance\n\
				739	\n\
				740	Create a new X509 object.\n\
				741	\n\
				742	@returns: The X509 object\n\
				743	";
				744
				745	static PyObject *
				746	crypto_X509_new(PyTypeObject subtype, PyObject args, PyObject *kwargs)
				747	{
				748	if (!PyArg_ParseTuple(args, ":X509")) {
				749	return NULL;
				750	}
				751
				752	return (PyObject *)crypto_X509_New(X509_new(), 1);
				753	}
				754
				755
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	756	/*
				757	* Deallocate the memory used by the X509 object
				758	*
				759	* Arguments: self - The X509 object
				760	* Returns: None
				761	*/
				762	static void
				763	crypto_X509_dealloc(crypto_X509Obj *self)
				764	{
				765	/* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
				766	if (self->dealloc)
				767	X509_free(self->x509);
				768
				769	PyObject_Del(self);
				770	}
				771
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	772	PyTypeObject crypto_X509_Type = {
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	773	PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	774	"X509",
				775	sizeof(crypto_X509Obj),
				776	0,
				777	(destructor)crypto_X509_dealloc,
				778	NULL, /* print */
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	779	NULL, /* getattr */
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	780	NULL, /* setattr */
				781	NULL, /* compare */
				782	NULL, /* repr */
				783	NULL, /* as_number */
				784	NULL, /* as_sequence */
				785	NULL, /* as_mapping */
				786	NULL, /* hash */
				787	NULL, /* call */
				788	NULL, /* str */
				789	NULL, /* getattro */
				790	NULL, /* setattro */
				791	NULL, /* as_buffer */
				792	Py_TPFLAGS_DEFAULT,
				793	crypto_X509_doc, /* doc */
				794	NULL, /* traverse */
				795	NULL, /* clear */
				796	NULL, /* tp_richcompare */
				797	0, /* tp_weaklistoffset */
				798	NULL, /* tp_iter */
				799	NULL, /* tp_iternext */
				800	crypto_X509_methods, /* tp_methods */
				801	NULL, /* tp_members */
				802	NULL, /* tp_getset */
				803	NULL, /* tp_base */
				804	NULL, /* tp_dict */
				805	NULL, /* tp_descr_get */
				806	NULL, /* tp_descr_set */
				807	0, /* tp_dictoffset */
				808	NULL, /* tp_init */
				809	NULL, /* tp_alloc */
				810	crypto_X509_new, /* tp_new */
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	811	};
				812
				813	/*
				814	* Initialize the X509 part of the crypto sub module
				815	*
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	816	* Arguments: module - The crypto module
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	817	* Returns: None
				818	*/
				819	int
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	820	init_crypto_x509(PyObject *module)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	821	{
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	822	if (PyType_Ready(&crypto_X509_Type) < 0) {
				823	return 0;
				824	}
				825
				826	if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
				827	return 0;
				828	}
				829
				830	if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
				831	return 0;
				832	}
				833
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	834	return 1;
				835	}
				836