Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / ee568306449b9034dee5891d4a815a796975e9cf / . / src / crypto / pkcs12.c
blob: 3ab8a385e02bb7945ff49bc24315f3dd2df41e08 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * pkcs12.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
5 *
6 * Certificate transport (PKCS12) handling code,
7 * mostly thin wrappers around OpenSSL.
8 * See the file RATIONALE for a short explanation of why
9 * this module was written.
10 *
11 * Reviewed 2001-07-23
12 */
13#include <Python.h>
14#define crypto_MODULE
15#include "crypto.h"
16
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]17/*
18 * PKCS12 is a standard exchange format for digital certificates.
19 * See e.g. the OpenSSL homepage http://www.openssl.org/ for more information
20 */
21
22static void crypto_PKCS12_dealloc(crypto_PKCS12Obj *self);
23
24static char crypto_PKCS12_get_certificate_doc[] = "\n\
25Return certificate portion of the PKCS12 structure\n\
26\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]27@return: X509 object containing the certificate\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]28";
29static PyObject *
30crypto_PKCS12_get_certificate(crypto_PKCS12Obj *self, PyObject *args)
31{
32 if (!PyArg_ParseTuple(args, ":get_certificate"))
33 return NULL;
34
35 Py_INCREF(self->cert);
36 return self->cert;
37}
38
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]39static char crypto_PKCS12_set_certificate_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]40Replace the certificate portion of the PKCS12 structure\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]41\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]42@param cert: The new certificate.\n\
43@type cert: L{X509}\n\
Rick Dean379917c2009-07-21 11:37:41 -0500[diff] [blame]44@return: None\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]45";
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]46static PyObject *
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]47crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
48{
49 PyObject *cert = NULL;
50 static char *kwlist[] = {"cert", NULL};
51
52 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_certificate",
53 kwlist, &cert))
54 return NULL;
55
56 if (cert != Py_None && ! PyObject_IsInstance(cert, (PyObject *) &crypto_X509_Type)) {
57 PyErr_SetString(PyExc_TypeError, "cert must be type X509 or None");
58 return NULL;
59 }
60
61 Py_INCREF(cert); /* Make consistent before calling Py_DECREF() */
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]62 Py_DECREF(self->cert);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]63 self->cert = cert;
64
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]65 Py_INCREF(Py_None);
66 return Py_None;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]67}
68
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]69static char crypto_PKCS12_get_privatekey_doc[] = "\n\
70Return private key portion of the PKCS12 structure\n\
71\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]72@returns: PKey object containing the private key\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]73";
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]74static crypto_PKeyObj *
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]75crypto_PKCS12_get_privatekey(crypto_PKCS12Obj *self, PyObject *args)
76{
77 if (!PyArg_ParseTuple(args, ":get_privatekey"))
78 return NULL;
79
80 Py_INCREF(self->key);
Rick Dean864e15e2009-07-17 15:21:23 -0500[diff] [blame]81 return (crypto_PKeyObj *) self->key;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]82}
83
84static char crypto_PKCS12_set_privatekey_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]85Replace or set the certificate portion of the PKCS12 structure\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]86\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]87@param pkey: The new private key.\n\
88@type pkey: L{PKey}\n\
89@return: None\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]90";
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]91static PyObject *
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]92crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
93{
94 PyObject *pkey = NULL;
95 static char *kwlist[] = {"pkey", NULL};
96
97 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_privatekey",
98 kwlist, &pkey))
99 return NULL;
100
101 if (pkey != Py_None && ! PyObject_IsInstance(pkey, (PyObject *) &crypto_PKey_Type)) {
102 PyErr_SetString(PyExc_TypeError, "pkey must be type X509 or None");
103 return NULL;
104 }
105
106 Py_INCREF(pkey); /* Make consistent before calling Py_DECREF() */
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]107 Py_DECREF(self->key);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]108 self->key = pkey;
109
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]110 Py_INCREF(Py_None);
111 return Py_None;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]112}
113
114static char crypto_PKCS12_get_ca_certificates_doc[] = "\n\
115Return CA certificates within of the PKCS12 object\n\
116\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]117@return: A newly created tuple containing the CA certificates in the chain,\n\
118 if any are present, or None if no CA certificates are present.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]119";
120static PyObject *
121crypto_PKCS12_get_ca_certificates(crypto_PKCS12Obj *self, PyObject *args)
122{
123 if (!PyArg_ParseTuple(args, ":get_ca_certificates"))
124 return NULL;
125
126 Py_INCREF(self->cacerts);
127 return self->cacerts;
128}
129
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]130static char crypto_PKCS12_set_ca_certificates_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]131Replace or set the CA certificates withing the PKCS12 object.\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]132\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]133@param cacerts: The new CA certificates.\n\
134@type cacerts: Sequence of L{X509}\n\
135@return: None\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]136";
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]137static PyObject *
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]138crypto_PKCS12_set_ca_certificates(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
139{
140 PyObject *cacerts;
141 static char *kwlist[] = {"cacerts", NULL};
Rick Dean25bcc1f2009-07-20 11:53:13 -0500[diff] [blame]142 int i, len; /* Py_ssize_t for Python 2.5+ */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]143
144 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_ca_certificates",
145 kwlist, &cacerts))
146 return NULL;
147 if (cacerts == Py_None) {
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]148 Py_INCREF(cacerts);
Rick Dean25bcc1f2009-07-20 11:53:13 -0500[diff] [blame]149 } else if ((len = PySequence_Length(cacerts)) >= 0) { /* is iterable */
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]150 cacerts = PySequence_Tuple(cacerts);
151 if(cacerts == NULL) {
152 PyErr_SetString(PyExc_TypeError, "untupleable" /* failed to convert cacerts to a tuple */);
153 return NULL;
154 }
Rick Dean48305252009-07-18 15:28:38 -0500[diff] [blame]155 /* Check is's a simple list filled only with X509 objects. */
Rick Dean25bcc1f2009-07-20 11:53:13 -0500[diff] [blame]156 for(i = 0;i < len;i++) { /* For each CA cert */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]157 PyObject *obj;
158 obj = PySequence_GetItem(cacerts, i);
Rick Dean25bcc1f2009-07-20 11:53:13 -0500[diff] [blame]159 if(obj == NULL) {
160 break;
161 }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]162 if (PyObject_Type(obj) != (PyObject *) &crypto_X509_Type) {
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]163 Py_DECREF(cacerts);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]164 Py_DECREF(obj);
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]165 PyErr_SetString(PyExc_TypeError, "iterable must only contain X509Type");
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]166 return NULL;
167 }
168 Py_DECREF(obj);
169 }
170 } else {
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]171 PyErr_SetString(PyExc_TypeError, "must be iterable or None");
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]172 return NULL;
173 }
174
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]175 Py_DECREF(self->cacerts);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]176 self->cacerts = cacerts;
177
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]178 Py_INCREF(Py_None);
179 return Py_None;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]180}
181
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]182static char crypto_PKCS12_get_friendlyname_doc[] = "\n\
183Return friendly name portion of the PKCS12 structure\n\
184\n\
185@returns: String containing the friendlyname\n\
186";
Rick Dean99251c22009-07-24 09:32:46 -0500[diff] [blame]187static PyObject *
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]188crypto_PKCS12_get_friendlyname(crypto_PKCS12Obj *self, PyObject *args)
189{
190 if (!PyArg_ParseTuple(args, ":get_friendlyname"))
191 return NULL;
192
193 Py_INCREF(self->friendlyname);
Rick Dean99251c22009-07-24 09:32:46 -0500[diff] [blame]194 return (PyObject *) self->friendlyname;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]195}
196
197static char crypto_PKCS12_set_friendlyname_doc[] = "\n\
198Replace or set the certificate portion of the PKCS12 structure\n\
199\n\
200@param name: The new friendly name.\n\
201@type name: L{str}\n\
202@return: None\n\
203";
204static PyObject *
205crypto_PKCS12_set_friendlyname(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
206{
207 PyObject *name = NULL;
208 static char *kwlist[] = {"name", NULL};
209
210 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_friendlyname",
211 kwlist, &name))
212 return NULL;
213
Rick Dean37273112009-07-24 09:38:17 -0500[diff] [blame]214 if (name != Py_None && ! PyString_CheckExact(name)) {
215 PyErr_SetString(PyExc_TypeError, "name must be a str or None");
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]216 return NULL;
217 }
218
219 Py_INCREF(name); /* Make consistent before calling Py_DECREF() */
220 Py_DECREF(self->friendlyname);
221 self->friendlyname = name;
222
223 Py_INCREF(Py_None);
224 return Py_None;
225}
226
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]227static char crypto_PKCS12_export_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]228export([passphrase=None][, friendly_name=None][, iter=2048][, maciter=1]\n\
229Dump a PKCS12 object as a string. See also \"man PKCS12_create\".\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]230\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]231@param passphrase: used to encrypt the PKCS12\n\
232@type passphrase: L{str}\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]233@param iter: How many times to repeat the encryption\n\
234@type iter: L{int}\n\
235@param maciter: How many times to repeat the MAC\n\
236@type maciter: L{int}\n\
237@return: The string containing the PKCS12\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]238";
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]239static PyObject *
240crypto_PKCS12_export(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
241{
242 int buf_len;
243 PyObject *buffer;
244 char *temp, *passphrase = NULL, *friendly_name = NULL;
245 BIO *bio;
246 PKCS12 *p12;
247 EVP_PKEY *pkey = NULL;
248 STACK_OF(X509) *cacerts = NULL;
249 X509 *x509 = NULL;
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]250 int iter = 0; /* defaults to PKCS12_DEFAULT_ITER */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]251 int maciter = 0;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]252 static char *kwlist[] = {"passphrase", "iter", "maciter", NULL};
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]253
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]254 if (!PyArg_ParseTupleAndKeywords(args, keywds, "|zii:export",
255 kwlist, &passphrase, &iter, &maciter))
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]256 return NULL;
257
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]258 if (self->key != Py_None) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]259 pkey = ((crypto_PKeyObj*) self->key)->pkey;
260 }
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]261 if (self->cert != Py_None) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]262 x509 = ((crypto_X509Obj*) self->cert)->x509;
263 }
264 cacerts = sk_X509_new_null();
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]265 if (self->cacerts != Py_None) {
Rick Dean864e15e2009-07-17 15:21:23 -0500[diff] [blame]266 int i; /* Py_ssize_t for Python 2.5+ */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]267 PyObject *obj;
268 for(i = 0;i < PySequence_Length(self->cacerts);i++) { /* For each CA cert */
269 obj = PySequence_GetItem(self->cacerts, i);
270 /* assert(PyObject_IsInstance(obj, (PyObject *) &crypto_X509_Type )); */
271 sk_X509_push(cacerts, (( crypto_X509Obj* ) obj)->x509);
272 Py_DECREF(obj);
273 }
274 }
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]275 if (self->friendlyname != Py_None) {
276 friendly_name = PyString_AsString(self->friendlyname);
277 }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]278
279 p12 = PKCS12_create(passphrase, friendly_name, pkey, x509, cacerts,
280 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
281 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
282 iter, maciter, 0);
283 if( p12 == NULL ) {
284 exception_from_error_queue(crypto_Error);
285 return NULL;
286 }
287 bio = BIO_new(BIO_s_mem());
288 i2d_PKCS12_bio(bio, p12);
289 buf_len = BIO_get_mem_data(bio, &temp);
290 buffer = PyString_FromStringAndSize(temp, buf_len);
291 BIO_free(bio);
292 return buffer;
293}
294
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]295/*
296 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
297 * { 'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc }
298 * for convenience
299 */
300#define ADD_METHOD(name) \
301 { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS, crypto_PKCS12_##name##_doc }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]302#define ADD_KW_METHOD(name) \
303 { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS | METH_KEYWORDS, crypto_PKCS12_##name##_doc }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]304static PyMethodDef crypto_PKCS12_methods[] =
305{
306 ADD_METHOD(get_certificate),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]307 ADD_KW_METHOD(set_certificate),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]308 ADD_METHOD(get_privatekey),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]309 ADD_KW_METHOD(set_privatekey),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]310 ADD_METHOD(get_ca_certificates),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]311 ADD_KW_METHOD(set_ca_certificates),
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]312 ADD_METHOD(get_friendlyname),
313 ADD_KW_METHOD(set_friendlyname),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]314 ADD_KW_METHOD(export),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]315 { NULL, NULL }
316};
317#undef ADD_METHOD
318
319/*
320 * Constructor for PKCS12 objects, never called by Python code directly.
321 * The strategy for this object is to create all the Python objects
322 * corresponding to the cert/key/CA certs right away
323 *
324 * Arguments: p12 - A "real" PKCS12 object
325 * passphrase - Passphrase to use when decrypting the PKCS12 object
326 * Returns: The newly created PKCS12 object
327 */
328crypto_PKCS12Obj *
329crypto_PKCS12_New(PKCS12 *p12, char *passphrase)
330{
331 crypto_PKCS12Obj *self;
332 PyObject *cacertobj = NULL;
333
334 X509 *cert = NULL;
335 EVP_PKEY *pkey = NULL;
336 STACK_OF(X509) *cacerts = NULL;
337
338 int i, cacert_count = 0;
339
340 /* allocate space for the CA cert stack */
341 cacerts = sk_X509_new_null();
342
343 /* parse the PKCS12 lump */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]344 if (p12 && !(cacerts && PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)))
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]345 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]346 exception_from_error_queue(crypto_Error);
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame^]347 goto error;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]348 }
349
350 if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type)))
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame^]351 goto error;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]352
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]353 Py_INCREF(Py_None);
354 self->cacerts = Py_None;
355
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]356 if (cert == NULL) {
357 Py_INCREF(Py_None);
358 self->cert = Py_None;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]359 Py_INCREF(Py_None);
360 self->friendlyname = Py_None;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]361 } else {
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]362 unsigned char *alstr;
363 int allen;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]364 if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL)
365 goto error;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]366
367 /* Now we need to extract the friendlyName of the PKCS12
368 * that was stored by PKCS_pasrse() in the alias of the
369 * certificate. */
370 alstr = X509_alias_get0(cert, &allen);
371 if (alstr && (self->friendlyname = Py_BuildValue("s#", alstr, allen))){
372 /* success */
373 } else {
374 Py_INCREF(Py_None);
375 self->friendlyname = Py_None;
376 }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]377 }
378 if (pkey == NULL) {
379 Py_INCREF(Py_None);
380 self->key = Py_None;
381 } else {
382 if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
383 goto error;
384 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]385
386 /* Make a tuple for the CA certs */
387 cacert_count = sk_X509_num(cacerts);
388 if (cacert_count > 0)
389 {
390 Py_DECREF(self->cacerts);
391 if ((self->cacerts = PyTuple_New(cacert_count)) == NULL)
392 goto error;
393
394 for (i = 0; i < cacert_count; i++)
395 {
396 cert = sk_X509_value(cacerts, i);
397 if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL)
398 goto error;
399 PyTuple_SET_ITEM(self->cacerts, i, cacertobj);
400 }
401 }
402
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]403 PyObject_GC_Track(self);
404
405 return self;
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame^]406
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]407error:
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame^]408 if(cacerts)
409 sk_X509_free(cacerts); /* don't free the certs, just the stack */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]410 crypto_PKCS12_dealloc(self);
411 return NULL;
412}
413
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]414static char crypto_PKCS12_doc[] = "\n\
415PKCS12() -> PKCS12 instance\n\
416\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]417Create a new empty PKCS12 object.\n\
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]418\n\
419@returns: The PKCS12 object\n\
420";
421static PyObject *
422crypto_PKCS12_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs)
423{
424 if (!PyArg_ParseTuple(args, ":PKCS12")) {
425 return NULL;
426 }
427
428 return (PyObject *)crypto_PKCS12_New(NULL, NULL);
429}
430
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]431/*
432 * Find attribute
433 *
434 * Arguments: self - The PKCS12 object
435 * name - The attribute name
436 * Returns: A Python object for the attribute, or NULL if something went
437 * wrong
438 */
439static PyObject *
440crypto_PKCS12_getattr(crypto_PKCS12Obj *self, char *name)
441{
442 return Py_FindMethod(crypto_PKCS12_methods, (PyObject *)self, name);
443}
444
445/*
446 * Call the visitproc on all contained objects.
447 *
448 * Arguments: self - The PKCS12 object
449 * visit - Function to call
450 * arg - Extra argument to visit
451 * Returns: 0 if all goes well, otherwise the return code from the first
452 * call that gave non-zero result.
453 */
454static int
455crypto_PKCS12_traverse(crypto_PKCS12Obj *self, visitproc visit, void *arg)
456{
457 int ret = 0;
458
459 if (ret == 0 && self->cert != NULL)
460 ret = visit(self->cert, arg);
461 if (ret == 0 && self->key != NULL)
462 ret = visit(self->key, arg);
463 if (ret == 0 && self->cacerts != NULL)
464 ret = visit(self->cacerts, arg);
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]465 if (ret == 0 && self->friendlyname != NULL)
466 ret = visit(self->friendlyname, arg);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]467 return ret;
468}
469
470/*
471 * Decref all contained objects and zero the pointers.
472 *
473 * Arguments: self - The PKCS12 object
474 * Returns: Always 0.
475 */
476static int
477crypto_PKCS12_clear(crypto_PKCS12Obj *self)
478{
479 Py_XDECREF(self->cert);
480 self->cert = NULL;
481 Py_XDECREF(self->key);
482 self->key = NULL;
483 Py_XDECREF(self->cacerts);
484 self->cacerts = NULL;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]485 Py_XDECREF(self->friendlyname);
486 self->friendlyname = NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]487 return 0;
488}
489
490/*
491 * Deallocate the memory used by the PKCS12 object
492 *
493 * Arguments: self - The PKCS12 object
494 * Returns: None
495 */
496static void
497crypto_PKCS12_dealloc(crypto_PKCS12Obj *self)
498{
499 PyObject_GC_UnTrack(self);
500 crypto_PKCS12_clear(self);
501 PyObject_GC_Del(self);
502}
503
504PyTypeObject crypto_PKCS12_Type = {
505 PyObject_HEAD_INIT(NULL)
506 0,
507 "PKCS12",
508 sizeof(crypto_PKCS12Obj),
509 0,
510 (destructor)crypto_PKCS12_dealloc,
511 NULL, /* print */
512 (getattrfunc)crypto_PKCS12_getattr,
513 NULL, /* setattr */
514 NULL, /* compare */
515 NULL, /* repr */
516 NULL, /* as_number */
517 NULL, /* as_sequence */
518 NULL, /* as_mapping */
519 NULL, /* hash */
520 NULL, /* call */
521 NULL, /* str */
522 NULL, /* getattro */
523 NULL, /* setattro */
524 NULL, /* as_buffer */
525 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]526 crypto_PKCS12_doc,
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]527 (traverseproc)crypto_PKCS12_traverse,
528 (inquiry)crypto_PKCS12_clear,
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]529 NULL, /* tp_richcompare */
530 0, /* tp_weaklistoffset */
531 NULL, /* tp_iter */
532 NULL, /* tp_iternext */
533 crypto_PKCS12_methods, /* tp_methods */
534 NULL, /* tp_members */
535 NULL, /* tp_getset */
536 NULL, /* tp_base */
537 NULL, /* tp_dict */
538 NULL, /* tp_descr_get */
539 NULL, /* tp_descr_set */
540 0, /* tp_dictoffset */
541 NULL, /* tp_init */
542 NULL, /* tp_alloc */
543 crypto_PKCS12_new, /* tp_new */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]544};
545
546/*
547 * Initialize the PKCS12 part of the crypto sub module
548 *
Jean-Paul Calderonedc138fa2009-06-27 14:32:07 -0400[diff] [blame]549 * Arguments: module - The crypto module
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]550 * Returns: None
551 */
552int
Jean-Paul Calderonedc138fa2009-06-27 14:32:07 -0400[diff] [blame]553init_crypto_pkcs12(PyObject *module) {
554 if (PyType_Ready(&crypto_PKCS12_Type) < 0) {
555 return 0;
556 }
557
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]558 if (PyModule_AddObject(module, "PKCS12", (PyObject *)&crypto_PKCS12_Type) != 0) {
559 return 0;
560 }
561
Jean-Paul Calderonedc138fa2009-06-27 14:32:07 -0400[diff] [blame]562 if (PyModule_AddObject(module, "PKCS12Type", (PyObject *)&crypto_PKCS12_Type) != 0) {
563 return 0;
564 }
565
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]566 return 1;
567}
568