Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 30c09ea56443797f5583dbfca4db0f53c0b92527 / . / src / crypto / x509req.c
blob: 143e4aaf4aff7d42ee885518a2e78278099afb24 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * x509req.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
5 *
6 * X.509 Request handling, mostly thin wrapping.
7 * See the file RATIONALE for a short explanation of why this module was written.
8 */
9#include <Python.h>
10#define crypto_MODULE
11#include "crypto.h"
12
13static char *CVSid = "@(#) $Id: x509req.c,v 1.15 2002/09/04 22:24:59 iko Exp $";
14
15
16static char crypto_X509Req_get_subject_doc[] = "\n\
17Create an X509Name object for the subject of the certificate request\n\
18\n\
19Arguments: self - The X509Req object\n\
20 args - The Python argument tuple, should be empty\n\
21Returns: An X509Name object\n\
22";
23
24static PyObject *
25crypto_X509Req_get_subject(crypto_X509ReqObj *self, PyObject *args)
26{
27 crypto_X509NameObj *crypto_X509Name_New(X509_NAME *, int);
28 X509_NAME *name;
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500[diff] [blame]29 crypto_X509NameObj* pyname;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]30
31 if (!PyArg_ParseTuple(args, ":get_subject"))
32 return NULL;
33
34 if ((name = X509_REQ_get_subject_name(self->x509_req)) == NULL)
35 {
36 exception_from_error_queue();
37 return NULL;
38 }
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500[diff] [blame]39 if ((pyname = crypto_X509Name_New(name, 0)) != NULL) {
40 pyname->parent_cert = (PyObject *)self;
41 Py_INCREF(self);
42 }
43 return (PyObject *)pyname;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]44}
45
46static char crypto_X509Req_get_pubkey_doc[] = "\n\
47Get the public key from the certificate request\n\
48\n\
49Arguments: self - The X509Req object\n\
50 args - The Python argument tuple, should be empty\n\
51Returns: The public key\n\
52";
53
54static PyObject *
55crypto_X509Req_get_pubkey(crypto_X509ReqObj *self, PyObject *args)
56{
57 crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
58 EVP_PKEY *pkey;
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]59 crypto_PKeyObj *py_pkey;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]60
61 if (!PyArg_ParseTuple(args, ":get_pubkey"))
62 return NULL;
63
64 if ((pkey = X509_REQ_get_pubkey(self->x509_req)) == NULL)
65 {
66 exception_from_error_queue();
67 return NULL;
68 }
69
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]70 py_pkey = crypto_PKey_New(pkey, 1);
71 if (py_pkey != NULL) {
72 py_pkey->only_public = 1;
73 }
74 return py_pkey;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]75}
76
77static char crypto_X509Req_set_pubkey_doc[] = "\n\
78Set the public key of the certificate request\n\
79\n\
80Arguments: self - The X509Req object\n\
81 args - The Python argument tuple, should be:\n\
82 pkey - The public key to use\n\
83Returns: None\n\
84";
85
86static PyObject *
87crypto_X509Req_set_pubkey(crypto_X509ReqObj *self, PyObject *args)
88{
89 crypto_PKeyObj *pkey;
90
91 if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
92 return NULL;
93
94 if (!X509_REQ_set_pubkey(self->x509_req, pkey->pkey))
95 {
96 exception_from_error_queue();
97 return NULL;
98 }
99
100 Py_INCREF(Py_None);
101 return Py_None;
102}
103
104static char crypto_X509Req_sign_doc[] = "\n\
105Sign the certificate request using the supplied key and digest\n\
106\n\
107Arguments: self - The X509Req object\n\
108 args - The Python argument tuple, should be:\n\
109 pkey - The key to sign with\n\
110 digest - The message digest to use\n\
111Returns: None\n\
112";
113
114static PyObject *
115crypto_X509Req_sign(crypto_X509ReqObj *self, PyObject *args)
116{
117 crypto_PKeyObj *pkey;
118 char *digest_name;
119 const EVP_MD *digest;
120
121 if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
122 &digest_name))
123 return NULL;
124
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]125 if (pkey->only_public) {
126 PyErr_SetString(PyExc_ValueError, "Key has only public part");
127 return NULL;
128 }
129
130 if (!pkey->initialized) {
131 PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
132 return NULL;
133 }
134
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]135 if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
136 {
137 PyErr_SetString(PyExc_ValueError, "No such digest method");
138 return NULL;
139 }
140
141 if (!X509_REQ_sign(self->x509_req, pkey->pkey, digest))
142 {
143 exception_from_error_queue();
144 return NULL;
145 }
146
147 Py_INCREF(Py_None);
148 return Py_None;
149}
150
151static char crypto_X509Req_verify_doc[] = "\n\
152Verifies a certificate request using the supplied public key\n\
153 \n\
154Arguments: self - X509Req object\n\
155 args - The Python argument tuple, should be:\n\
156 key - a public key\n\
157Returns: True, if the signature is correct, 0 otherwise.\n\
158";
159
160PyObject *
161crypto_X509Req_verify(crypto_X509ReqObj *self, PyObject *args)
162{
163 PyObject *obj;
164 crypto_PKeyObj *key;
165 int answer;
166
167 if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj))
168 return NULL;
169
170 key = (crypto_PKeyObj *)obj;
171
172 if ((answer = X509_REQ_verify(self->x509_req, key->pkey)) < 0)
173 {
174 exception_from_error_queue();
175 return NULL;
176 }
177
178 return PyInt_FromLong(answer);
179}
180
181static char crypto_X509Req_add_extensions_doc[] = "\n\
182Add extensions to the request.\n\
183\n\
184Arguments: self - X509Req object\n\
185 args - The Python argument tuple, should be:\n\
186 extensions - a sequence of X509Extension objects\n\
187Returns: None\n\
188";
189
190static PyObject *
191crypto_X509Req_add_extensions(crypto_X509ReqObj *self, PyObject *args)
192{
193 PyObject *extensions;
194 crypto_X509ExtensionObj *ext;
195 STACK_OF(X509_EXTENSION) *exts;
196 int nr_of_extensions, i;
197
198 if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
199 return NULL;
200
201 if (!PySequence_Check(extensions))
202 {
203 PyErr_SetString(PyExc_TypeError, "Expected a sequence");
204 return NULL;
205 }
206
207 /* Make a STACK_OF(X509_EXTENSION) from sequence */
208 if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
209 {
210 exception_from_error_queue();
211 return NULL;
212 }
213
214 /* Put the extensions in a stack */
215 nr_of_extensions = PySequence_Length(extensions);
216
217 for (i = 0; i < nr_of_extensions; i++)
218 {
219 ext = (crypto_X509ExtensionObj *)PySequence_GetItem(extensions, i);
220 if (!(crypto_X509Extension_Check(ext)))
221 {
222 PyErr_SetString(PyExc_ValueError,
223 "One of the elements is not an X509Extension");
224 sk_X509_EXTENSION_free(exts);
225 return NULL;
226 }
227 sk_X509_EXTENSION_push(exts, ext->x509_extension);
228 }
229
230 if (!X509_REQ_add_extensions(self->x509_req, exts))
231 {
232 sk_X509_EXTENSION_free(exts);
233 exception_from_error_queue();
234 return NULL;
235 }
236
237 sk_X509_EXTENSION_free(exts);
238
239 Py_INCREF(Py_None);
240 return Py_None;
241}
242
243/*
244 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
245 * { 'name', (PyCFunction)crypto_X509Req_name, METH_VARARGS }
246 * for convenience
247 */
248#define ADD_METHOD(name) \
249 { #name, (PyCFunction)crypto_X509Req_##name, METH_VARARGS, crypto_X509Req_##name##_doc }
250static PyMethodDef crypto_X509Req_methods[] =
251{
252 ADD_METHOD(get_subject),
253 ADD_METHOD(get_pubkey),
254 ADD_METHOD(set_pubkey),
255 ADD_METHOD(sign),
256 ADD_METHOD(verify),
257 ADD_METHOD(add_extensions),
258 { NULL, NULL }
259};
260#undef ADD_METHOD
261
262
263/*
264 * Constructor for X509Req, never called by Python code directly
265 *
266 * Arguments: name - A "real" X509_REQ object
267 * dealloc - Boolean value to specify whether the destructor should
268 * free the "real" X509_REQ object
269 * Returns: The newly created X509Req object
270 */
271crypto_X509ReqObj *
272crypto_X509Req_New(X509_REQ *req, int dealloc)
273{
274 crypto_X509ReqObj *self;
275
276 self = PyObject_New(crypto_X509ReqObj, &crypto_X509Req_Type);
277
278 if (self == NULL)
279 return NULL;
280
281 self->x509_req = req;
282 self->dealloc = dealloc;
283
284 return self;
285}
286
287/*
288 * Deallocate the memory used by the X509Req object
289 *
290 * Arguments: self - The X509Req object
291 * Returns: None
292 */
293static void
294crypto_X509Req_dealloc(crypto_X509ReqObj *self)
295{
296 /* Sometimes we don't have to dealloc this */
297 if (self->dealloc)
298 X509_REQ_free(self->x509_req);
299
300 PyObject_Del(self);
301}
302
303
304/*
305 * Find attribute.
306 *
307 * Arguments: self - The X509Req object
308 * name - The attribute name
309 * Returns: A Python object for the attribute, or NULL if something went
310 * wrong
311 */
312static PyObject *
313crypto_X509Req_getattr(crypto_X509ReqObj *self, char *name)
314{
315 return Py_FindMethod(crypto_X509Req_methods, (PyObject *)self, name);
316}
317
318PyTypeObject crypto_X509Req_Type = {
319 PyObject_HEAD_INIT(NULL)
320 0,
321 "X509Req",
322 sizeof(crypto_X509ReqObj),
323 0,
324 (destructor)crypto_X509Req_dealloc,
325 NULL, /* print */
326 (getattrfunc)crypto_X509Req_getattr,
327};
328
329
330/*
331 * Initialize the X509Req part of the crypto module
332 *
333 * Arguments: dict - The crypto module dictionary
334 * Returns: None
335 */
336int
337init_crypto_x509req(PyObject *dict)
338{
339 crypto_X509Req_Type.ob_type = &PyType_Type;
340 Py_INCREF(&crypto_X509Req_Type);
341 PyDict_SetItemString(dict, "X509ReqType", (PyObject *)&crypto_X509Req_Type);
342 return 1;
343}