Blame - OpenSSL/crypto/x509.c - platform/external/python/pyopenssl

blob: e68467af7c975a1f2d62810dceecd4530c758501 [file] [log] [blame]

Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	1	/*
				2	* x509.c
				3	*
				4	* Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone	8b63d45	2008-03-21 18:31:12 -0400	[diff] [blame]	5	* Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	6	*
				7	* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
				8	* See the file RATIONALE for a short explanation of why this module was written.
				9	*
				10	* Reviewed 2001-07-23
				11	*/
				12	#include <Python.h>
				13	#define crypto_MODULE
				14	#include "crypto.h"
				15
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	16	/*
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	17	* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
				18	* http://www.openssl.org/ for more information
				19	*/
				20
				21	static char crypto_X509_get_version_doc[] = "\n\
				22	Return version number of the certificate\n\
				23	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	24	@return: Version number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	25	";
				26
				27	static PyObject *
				28	crypto_X509_get_version(crypto_X509Obj self, PyObject args)
				29	{
				30	if (!PyArg_ParseTuple(args, ":get_version"))
				31	return NULL;
				32
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	33	return PyLong_FromLong((long)X509_get_version(self->x509));
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	34	}
				35
				36	static char crypto_X509_set_version_doc[] = "\n\
				37	Set version number of the certificate\n\
				38	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	39	@param version: The version number\n\
				40	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	41	";
				42
				43	static PyObject *
				44	crypto_X509_set_version(crypto_X509Obj self, PyObject args)
				45	{
				46	int version;
				47
				48	if (!PyArg_ParseTuple(args, "i:set_version", &version))
				49	return NULL;
				50
				51	X509_set_version(self->x509, version);
				52
				53	Py_INCREF(Py_None);
				54	return Py_None;
				55	}
				56
				57	static char crypto_X509_get_serial_number_doc[] = "\n\
				58	Return serial number of the certificate\n\
				59	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	60	@return: Serial number as a Python integer\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	61	";
				62
				63	static PyObject *
				64	crypto_X509_get_serial_number(crypto_X509Obj self, PyObject args)
				65	{
				66	ASN1_INTEGER *asn1_i;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	67	BIGNUM *bignum;
				68	char *hex;
				69	PyObject *res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	70
				71	if (!PyArg_ParseTuple(args, ":get_serial_number"))
				72	return NULL;
				73
				74	asn1_i = X509_get_serialNumber(self->x509);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	75	bignum = ASN1_INTEGER_to_BN(asn1_i, NULL);
				76	hex = BN_bn2hex(bignum);
				77	res = PyLong_FromString(hex, NULL, 16);
				78	BN_free(bignum);
				79	free(hex);
				80	return res;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	81	}
				82
				83	static char crypto_X509_set_serial_number_doc[] = "\n\
				84	Set serial number of the certificate\n\
				85	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	86	@param serial: The serial number\n\
				87	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	88	";
				89
				90	static PyObject *
				91	crypto_X509_set_serial_number(crypto_X509Obj self, PyObject args)
				92	{
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	93	long small_serial;
				94	PyObject *serial = NULL;
				95	PyObject *hex = NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	96	ASN1_INTEGER *asn1_i = NULL;
				97	BIGNUM *bignum = NULL;
Jean-Paul Calderone	dd467fb	2010-08-12 20:44:32 -0400	[diff] [blame]	98	char *hexstr;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	99
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	100	if (!PyArg_ParseTuple(args, "O:set_serial_number", &serial)) {
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	101	return NULL;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	102	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	103
Jean-Paul Calderone	c18669e	2010-08-12 00:03:05 -0400	[diff] [blame]	104	if (!PyOpenSSL_Integer_Check(serial)) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	105	PyErr_SetString(
				106	PyExc_TypeError, "serial number must be integer");
				107	goto err;
				108	}
				109
Jean-Paul Calderone	a5a032f	2010-08-12 20:03:32 -0400	[diff] [blame]	110	if ((hex = PyOpenSSL_LongToHex(serial)) == NULL) {
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	111	goto err;
				112	}
				113
Jean-Paul Calderone	dd467fb	2010-08-12 20:44:32 -0400	[diff] [blame]	114	#ifdef PY3
				115	{
				116	PyObject *hexbytes = PyUnicode_AsASCIIString(hex);
				117	Py_DECREF(hex);
				118	hex = hexbytes;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	119	}
Jean-Paul Calderone	dd467fb	2010-08-12 20:44:32 -0400	[diff] [blame]	120	#endif
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	121
				122	/**
				123	* BN_hex2bn stores the result in &bignum. Unless it doesn't feel like
				124	* it. If bignum is still NULL after this call, then the return value
				125	* is actually the result. I hope. -exarkun
				126	*/
Jean-Paul Calderone	dd467fb	2010-08-12 20:44:32 -0400	[diff] [blame]	127	hexstr = PyBytes_AsString(hex);
Jean-Paul Calderone	8eb46c7	2010-08-22 17:05:37 -0400	[diff] [blame]	128	if (hexstr[1] == 'x') {
Jean-Paul Calderone	728eba9	2010-08-12 20:17:59 -0400	[diff] [blame]	129	/* +2 to skip the "0x" */
Jean-Paul Calderone	dd467fb	2010-08-12 20:44:32 -0400	[diff] [blame]	130	hexstr += 2;
Jean-Paul Calderone	728eba9	2010-08-12 20:17:59 -0400	[diff] [blame]	131	}
Jean-Paul Calderone	dd467fb	2010-08-12 20:44:32 -0400	[diff] [blame]	132	small_serial = BN_hex2bn(&bignum, hexstr);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	133
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	134	Py_DECREF(hex);
				135	hex = NULL;
				136
				137	if (bignum == NULL) {
				138	if (ASN1_INTEGER_set(X509_get_serialNumber(self->x509), small_serial)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	139	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	140	goto err;
				141	}
				142	} else {
				143	asn1_i = BN_to_ASN1_INTEGER(bignum, NULL);
				144	BN_free(bignum);
				145	bignum = NULL;
				146	if (asn1_i == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	147	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	148	goto err;
				149	}
				150	if (!X509_set_serialNumber(self->x509, asn1_i)) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	151	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	152	goto err;
				153	}
				154	ASN1_INTEGER_free(asn1_i);
				155	asn1_i = NULL;
				156	}
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	157
				158	Py_INCREF(Py_None);
				159	return Py_None;
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	160
				161	err:
Jean-Paul Calderone	78381d2	2008-03-06 23:35:22 -0500	[diff] [blame]	162	if (hex) {
				163	Py_DECREF(hex);
				164	}
				165	if (bignum) {
				166	BN_free(bignum);
				167	}
				168	if (asn1_i) {
				169	ASN1_INTEGER_free(asn1_i);
				170	}
				171	return NULL;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	172	}
				173
				174	static char crypto_X509_get_issuer_doc[] = "\n\
				175	Create an X509Name object for the issuer of the certificate\n\
				176	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	177	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	178	";
				179
				180	static PyObject *
				181	crypto_X509_get_issuer(crypto_X509Obj self, PyObject args)
				182	{
				183	crypto_X509NameObj *pyname;
				184	X509_NAME *name;
				185
				186	if (!PyArg_ParseTuple(args, ":get_issuer"))
				187	return NULL;
				188
				189	name = X509_get_issuer_name(self->x509);
				190	pyname = crypto_X509Name_New(name, 0);
				191	if (pyname != NULL)
				192	{
				193	pyname->parent_cert = (PyObject *)self;
				194	Py_INCREF(self);
				195	}
				196	return (PyObject *)pyname;
				197	}
				198
				199	static char crypto_X509_set_issuer_doc[] = "\n\
				200	Set the issuer of the certificate\n\
				201	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	202	@param issuer: The issuer name\n\
				203	@type issuer: L{X509Name}\n\
				204	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	205	";
				206
				207	static PyObject *
				208	crypto_X509_set_issuer(crypto_X509Obj self, PyObject args)
				209	{
				210	crypto_X509NameObj *issuer;
				211
				212	if (!PyArg_ParseTuple(args, "O!:set_issuer", &crypto_X509Name_Type,
				213	&issuer))
				214	return NULL;
				215
				216	if (!X509_set_issuer_name(self->x509, issuer->x509_name))
				217	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	218	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	219	return NULL;
				220	}
				221
				222	Py_INCREF(Py_None);
				223	return Py_None;
				224	}
				225
				226	static char crypto_X509_get_subject_doc[] = "\n\
				227	Create an X509Name object for the subject of the certificate\n\
				228	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	229	@return: An X509Name object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	230	";
				231
				232	static PyObject *
				233	crypto_X509_get_subject(crypto_X509Obj self, PyObject args)
				234	{
				235	crypto_X509NameObj *pyname;
				236	X509_NAME *name;
				237
				238	if (!PyArg_ParseTuple(args, ":get_subject"))
				239	return NULL;
				240
				241	name = X509_get_subject_name(self->x509);
				242	pyname = crypto_X509Name_New(name, 0);
				243	if (pyname != NULL)
				244	{
				245	pyname->parent_cert = (PyObject *)self;
				246	Py_INCREF(self);
				247	}
				248	return (PyObject *)pyname;
				249	}
				250
				251	static char crypto_X509_set_subject_doc[] = "\n\
				252	Set the subject of the certificate\n\
				253	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	254	@param subject: The subject name\n\
				255	@type subject: L{X509Name}\n\
				256	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	257	";
				258
				259	static PyObject *
				260	crypto_X509_set_subject(crypto_X509Obj self, PyObject args)
				261	{
				262	crypto_X509NameObj *subject;
				263
				264	if (!PyArg_ParseTuple(args, "O!:set_subject", &crypto_X509Name_Type,
				265	&subject))
				266	return NULL;
				267
				268	if (!X509_set_subject_name(self->x509, subject->x509_name))
				269	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	270	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	271	return NULL;
				272	}
				273
				274	Py_INCREF(Py_None);
				275	return Py_None;
				276	}
				277
				278	static char crypto_X509_get_pubkey_doc[] = "\n\
				279	Get the public key of the certificate\n\
				280	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	281	@return: The public key\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	282	";
				283
				284	static PyObject *
				285	crypto_X509_get_pubkey(crypto_X509Obj self, PyObject args)
				286	{
				287	crypto_PKeyObj crypto_PKey_New(EVP_PKEY , int);
				288	EVP_PKEY *pkey;
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	289	crypto_PKeyObj *py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	290
				291	if (!PyArg_ParseTuple(args, ":get_pubkey"))
				292	return NULL;
				293
				294	if ((pkey = X509_get_pubkey(self->x509)) == NULL)
				295	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	296	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	297	return NULL;
				298	}
				299
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	300	py_pkey = crypto_PKey_New(pkey, 1);
				301	if (py_pkey != NULL) {
				302	py_pkey->only_public = 1;
				303	}
Jean-Paul Calderone	f60beec	2008-07-22 21:19:02 -0400	[diff] [blame]	304	return (PyObject *)py_pkey;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	305	}
				306
				307	static char crypto_X509_set_pubkey_doc[] = "\n\
				308	Set the public key of the certificate\n\
				309	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	310	@param pkey: The public key\n\
				311	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	312	";
				313
				314	static PyObject *
				315	crypto_X509_set_pubkey(crypto_X509Obj self, PyObject args)
				316	{
				317	crypto_PKeyObj *pkey;
				318
				319	if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
				320	return NULL;
				321
				322	if (!X509_set_pubkey(self->x509, pkey->pkey))
				323	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	324	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	325	return NULL;
				326	}
				327
				328	Py_INCREF(Py_None);
				329	return Py_None;
				330	}
				331
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	332	PyObject*
				333	_set_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	334	{
				335	char *when;
				336
				337	if (!PyArg_ParseTuple(args, format, &when))
				338	return NULL;
				339
				340	if (ASN1_GENERALIZEDTIME_set_string(timestamp, when) == 0) {
				341	ASN1_GENERALIZEDTIME dummy;
				342	dummy.type = V_ASN1_GENERALIZEDTIME;
				343	dummy.length = strlen(when);
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	344	dummy.data = (unsigned char *)when;
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	345	if (!ASN1_GENERALIZEDTIME_check(&dummy)) {
				346	PyErr_SetString(PyExc_ValueError, "Invalid string");
				347	} else {
				348	PyErr_SetString(PyExc_RuntimeError, "Unknown ASN1_GENERALIZEDTIME_set_string failure");
				349	}
				350	return NULL;
				351	}
				352	Py_INCREF(Py_None);
				353	return Py_None;
				354	}
				355
				356	static char crypto_X509_set_notBefore_doc[] = "\n\
				357	Set the time stamp for when the certificate starts being valid\n\
				358	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	359	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	360	\n\
				361	YYYYMMDDhhmmssZ\n\
				362	YYYYMMDDhhmmss+hhmm\n\
				363	YYYYMMDDhhmmss-hhmm\n\
				364	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	365	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	366	";
				367
				368	static PyObject*
				369	crypto_X509_set_notBefore(crypto_X509Obj self, PyObject args)
				370	{
				371	return _set_asn1_time(
Jean-Paul Calderone	40dd099	2010-08-22 17:52:07 -0400	[diff] [blame]	372	BYTESTRING_FMT ":set_notBefore",
				373	X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	374	}
				375
				376	static char crypto_X509_set_notAfter_doc[] = "\n\
				377	Set the time stamp for when the certificate stops being valid\n\
				378	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	379	@param when: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	380	\n\
				381	YYYYMMDDhhmmssZ\n\
				382	YYYYMMDDhhmmss+hhmm\n\
				383	YYYYMMDDhhmmss-hhmm\n\
				384	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	385	@return: None\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	386	";
				387
				388	static PyObject*
				389	crypto_X509_set_notAfter(crypto_X509Obj self, PyObject args)
				390	{
				391	return _set_asn1_time(
Jean-Paul Calderone	40dd099	2010-08-22 17:52:07 -0400	[diff] [blame]	392	BYTESTRING_FMT ":set_notAfter",
				393	X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	394	}
				395
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	396	PyObject*
				397	_get_asn1_time(char format, ASN1_TIME timestamp, PyObject *args)
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	398	{
				399	ASN1_GENERALIZEDTIME *gt_timestamp = NULL;
				400	PyObject *py_timestamp = NULL;
				401
				402	if (!PyArg_ParseTuple(args, format)) {
				403	return NULL;
				404	}
				405
				406	/*
				407	* http://www.columbia.edu/~ariel/ssleay/asn1-time.html
				408	*/
				409	/*
				410	* There must be a way to do this without touching timestamp->data
				411	* directly. -exarkun
				412	*/
Jean-Paul Calderone	e0615b5	2008-03-09 21:44:46 -0400	[diff] [blame]	413	if (timestamp->length == 0) {
				414	Py_INCREF(Py_None);
				415	return Py_None;
				416	} else if (timestamp->type == V_ASN1_GENERALIZEDTIME) {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	417	return PyBytes_FromString((char *)timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	418	} else {
				419	ASN1_TIME_to_generalizedtime(timestamp, &gt_timestamp);
Jean-Paul Calderone	38a646d	2008-03-25 15:16:18 -0400	[diff] [blame]	420	if (gt_timestamp == NULL) {
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	421	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	422	return NULL;
				423	} else {
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	424	py_timestamp = PyBytes_FromString((char *)gt_timestamp->data);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	425	ASN1_GENERALIZEDTIME_free(gt_timestamp);
				426	return py_timestamp;
				427	}
				428	}
				429	}
				430
				431	static char crypto_X509_get_notBefore_doc[] = "\n\
				432	Retrieve the time stamp for when the certificate starts being valid\n\
				433	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	434	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	435	\n\
				436	YYYYMMDDhhmmssZ\n\
				437	YYYYMMDDhhmmss+hhmm\n\
				438	YYYYMMDDhhmmss-hhmm\n\
				439	or None if there is no value set.\n\
				440	";
				441
				442	static PyObject*
				443	crypto_X509_get_notBefore(crypto_X509Obj self, PyObject args)
				444	{
				445	/*
				446	* X509_get_notBefore returns a borrowed reference.
				447	*/
				448	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	449	":get_notBefore", X509_get_notBefore(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	450	}
				451
				452
				453	static char crypto_X509_get_notAfter_doc[] = "\n\
				454	Retrieve the time stamp for when the certificate stops being valid\n\
				455	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	456	@return: A string giving the timestamp, in the format:\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	457	\n\
				458	YYYYMMDDhhmmssZ\n\
				459	YYYYMMDDhhmmss+hhmm\n\
				460	YYYYMMDDhhmmss-hhmm\n\
				461	or None if there is no value set.\n\
				462	";
				463
				464	static PyObject*
				465	crypto_X509_get_notAfter(crypto_X509Obj self, PyObject args)
				466	{
				467	/*
				468	* X509_get_notAfter returns a borrowed reference.
				469	*/
				470	return _get_asn1_time(
Rick Dean	536ba02	2009-07-24 23:57:27 -0500	[diff] [blame]	471	":get_notAfter", X509_get_notAfter(self->x509), args);
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	472	}
				473
				474
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	475	static char crypto_X509_gmtime_adj_notBefore_doc[] = "\n\
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	476	Change the timestamp for when the certificate starts being valid to the current\n\
				477	time plus an offset.\n \
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	478	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	479	@param amount: The number of seconds by which to adjust the starting validity\n\
				480	time.\n\
				481	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	482	";
				483
				484	static PyObject *
				485	crypto_X509_gmtime_adj_notBefore(crypto_X509Obj self, PyObject args)
				486	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	487	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	488
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	489	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notBefore", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	490	return NULL;
				491
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	492	X509_gmtime_adj(X509_get_notBefore(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	493
				494	Py_INCREF(Py_None);
				495	return Py_None;
				496	}
				497
				498	static char crypto_X509_gmtime_adj_notAfter_doc[] = "\n\
				499	Adjust the time stamp for when the certificate stops being valid\n\
				500	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	501	@param amount: The number of seconds by which to adjust the ending validity\n\
				502	time.\n\
				503	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	504	";
				505
				506	static PyObject *
				507	crypto_X509_gmtime_adj_notAfter(crypto_X509Obj self, PyObject args)
				508	{
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	509	long amount;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	510
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	511	if (!PyArg_ParseTuple(args, "l:gmtime_adj_notAfter", &amount))
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	512	return NULL;
				513
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	514	X509_gmtime_adj(X509_get_notAfter(self->x509), amount);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	515
				516	Py_INCREF(Py_None);
				517	return Py_None;
				518	}
				519
				520	static char crypto_X509_sign_doc[] = "\n\
				521	Sign the certificate using the supplied key and digest\n\
				522	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	523	@param pkey: The key to sign with\n\
				524	@param digest: The message digest to use\n\
				525	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	526	";
				527
				528	static PyObject *
				529	crypto_X509_sign(crypto_X509Obj self, PyObject args)
				530	{
				531	crypto_PKeyObj *pkey;
				532	char *digest_name;
				533	const EVP_MD *digest;
				534
				535	if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
				536	&digest_name))
				537	return NULL;
				538
Jean-Paul Calderone	ac0d95f	2008-03-10 00:00:42 -0400	[diff] [blame]	539	if (pkey->only_public) {
				540	PyErr_SetString(PyExc_ValueError, "Key has only public part");
				541	return NULL;
				542	}
				543
				544	if (!pkey->initialized) {
				545	PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
				546	return NULL;
				547	}
				548
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	549	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				550	{
				551	PyErr_SetString(PyExc_ValueError, "No such digest method");
				552	return NULL;
				553	}
				554
				555	if (!X509_sign(self->x509, pkey->pkey, digest))
				556	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	557	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	558	return NULL;
				559	}
				560
				561	Py_INCREF(Py_None);
				562	return Py_None;
				563	}
				564
				565	static char crypto_X509_has_expired_doc[] = "\n\
				566	Check whether the certificate has expired.\n\
				567	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	568	@return: True if the certificate has expired, false otherwise\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	569	";
				570
				571	static PyObject *
				572	crypto_X509_has_expired(crypto_X509Obj self, PyObject args)
				573	{
				574	time_t tnow;
				575
				576	if (!PyArg_ParseTuple(args, ":has_expired"))
				577	return NULL;
				578
				579	tnow = time(NULL);
				580	if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(self->x509), tnow) < 0)
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	581	return PyLong_FromLong(1L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	582	else
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	583	return PyLong_FromLong(0L);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	584	}
				585
				586	static char crypto_X509_subject_name_hash_doc[] = "\n\
				587	Return the hash of the X509 subject.\n\
				588	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	589	@return: The hash of the subject\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	590	";
				591
				592	static PyObject *
				593	crypto_X509_subject_name_hash(crypto_X509Obj self, PyObject args)
				594	{
				595	if (!PyArg_ParseTuple(args, ":subject_name_hash"))
				596	return NULL;
				597
Jean-Paul Calderone	37306a6	2010-08-28 15:09:24 -0400	[diff] [blame]	598	return PyLong_FromLongLong(X509_subject_name_hash(self->x509));
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	599	}
				600
				601	static char crypto_X509_digest_doc[] = "\n\
				602	Return the digest of the X509 object.\n\
				603	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	604	@return: The digest of the object\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	605	";
				606
				607	static PyObject *
				608	crypto_X509_digest(crypto_X509Obj self, PyObject args)
				609	{
				610	unsigned char fp[EVP_MAX_MD_SIZE];
				611	char *tmp;
				612	char *digest_name;
Jean-Paul Calderone	28ebb30	2008-12-29 16:25:30 -0500	[diff] [blame]	613	unsigned int len,i;
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	614	PyObject *ret;
				615	const EVP_MD *digest;
				616
				617	if (!PyArg_ParseTuple(args, "s:digest", &digest_name))
				618	return NULL;
				619
				620	if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
				621	{
				622	PyErr_SetString(PyExc_ValueError, "No such digest method");
				623	return NULL;
				624	}
				625
				626	if (!X509_digest(self->x509,digest,fp,&len))
				627	{
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	628	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	629	}
				630	tmp = malloc(3*len+1);
				631	memset(tmp, 0, 3*len+1);
				632	for (i = 0; i < len; i++) {
				633	sprintf(tmp+i*3,"%02X:",fp[i]);
				634	}
				635	tmp[3*len-1] = 0;
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	636	ret = PyBytes_FromStringAndSize(tmp,3*len-1);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	637	free(tmp);
				638	return ret;
				639	}
				640
				641
				642	static char crypto_X509_add_extensions_doc[] = "\n\
				643	Add extensions to the certificate.\n\
				644	\n\
Jean-Paul Calderone	54bcc83	2009-05-27 14:06:48 -0400	[diff] [blame]	645	@param extensions: a sequence of X509Extension objects\n\
				646	@return: None\n\
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	647	";
				648
				649	static PyObject *
				650	crypto_X509_add_extensions(crypto_X509Obj self, PyObject args)
				651	{
				652	PyObject extensions, seq;
				653	crypto_X509ExtensionObj *ext;
				654	int nr_of_extensions, i;
				655
				656	if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
				657	return NULL;
				658
				659	seq = PySequence_Fast(extensions, "Expected a sequence");
				660	if (seq == NULL)
				661	return NULL;
				662
				663	nr_of_extensions = PySequence_Fast_GET_SIZE(seq);
				664
				665	for (i = 0; i < nr_of_extensions; i++)
				666	{
				667	ext = (crypto_X509ExtensionObj *)PySequence_Fast_GET_ITEM(seq, i);
				668	if (!crypto_X509Extension_Check(ext))
				669	{
				670	Py_DECREF(seq);
				671	PyErr_SetString(PyExc_ValueError,
				672	"One of the elements is not an X509Extension");
				673	return NULL;
				674	}
				675	if (!X509_add_ext(self->x509, ext->x509_extension, -1))
				676	{
				677	Py_DECREF(seq);
Rick Dean	d369c93	2009-07-08 11:48:33 -0500	[diff] [blame]	678	exception_from_error_queue(crypto_Error);
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	679	return NULL;
				680	}
				681	}
				682
				683	Py_INCREF(Py_None);
				684	return Py_None;
				685	}
				686
				687	/*
				688	* ADD_METHOD(name) expands to a correct PyMethodDef declaration
				689	* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
				690	* for convenience
				691	*/
				692	#define ADD_METHOD(name) \
				693	{ #name, (PyCFunction)crypto_X509_##name, METH_VARARGS, crypto_X509_##name##_doc }
				694	static PyMethodDef crypto_X509_methods[] =
				695	{
				696	ADD_METHOD(get_version),
				697	ADD_METHOD(set_version),
				698	ADD_METHOD(get_serial_number),
				699	ADD_METHOD(set_serial_number),
				700	ADD_METHOD(get_issuer),
				701	ADD_METHOD(set_issuer),
				702	ADD_METHOD(get_subject),
				703	ADD_METHOD(set_subject),
				704	ADD_METHOD(get_pubkey),
				705	ADD_METHOD(set_pubkey),
Jean-Paul Calderone	525ef80	2008-03-09 20:39:42 -0400	[diff] [blame]	706	ADD_METHOD(get_notBefore),
				707	ADD_METHOD(set_notBefore),
				708	ADD_METHOD(get_notAfter),
				709	ADD_METHOD(set_notAfter),
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	710	ADD_METHOD(gmtime_adj_notBefore),
				711	ADD_METHOD(gmtime_adj_notAfter),
				712	ADD_METHOD(sign),
				713	ADD_METHOD(has_expired),
				714	ADD_METHOD(subject_name_hash),
				715	ADD_METHOD(digest),
				716	ADD_METHOD(add_extensions),
				717	{ NULL, NULL }
				718	};
				719	#undef ADD_METHOD
				720
				721
				722	/*
				723	* Constructor for X509 objects, never called by Python code directly
				724	*
				725	* Arguments: cert - A "real" X509 certificate object
				726	* dealloc - Boolean value to specify whether the destructor should
				727	* free the "real" X509 object
				728	* Returns: The newly created X509 object
				729	*/
				730	crypto_X509Obj *
				731	crypto_X509_New(X509 *cert, int dealloc)
				732	{
				733	crypto_X509Obj *self;
				734
				735	self = PyObject_New(crypto_X509Obj, &crypto_X509_Type);
				736
				737	if (self == NULL)
				738	return NULL;
				739
				740	self->x509 = cert;
				741	self->dealloc = dealloc;
				742
				743	return self;
				744	}
				745
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	746
				747	static char crypto_X509_doc[] = "\n\
				748	X509() -> X509 instance\n\
				749	\n\
				750	Create a new X509 object.\n\
				751	\n\
				752	@returns: The X509 object\n\
				753	";
				754
				755	static PyObject *
				756	crypto_X509_new(PyTypeObject subtype, PyObject args, PyObject *kwargs)
				757	{
				758	if (!PyArg_ParseTuple(args, ":X509")) {
				759	return NULL;
				760	}
				761
				762	return (PyObject *)crypto_X509_New(X509_new(), 1);
				763	}
				764
				765
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	766	/*
				767	* Deallocate the memory used by the X509 object
				768	*
				769	* Arguments: self - The X509 object
				770	* Returns: None
				771	*/
				772	static void
				773	crypto_X509_dealloc(crypto_X509Obj *self)
				774	{
				775	/* Sometimes we don't have to dealloc the "real" X509 pointer ourselves */
				776	if (self->dealloc)
				777	X509_free(self->x509);
				778
				779	PyObject_Del(self);
				780	}
				781
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	782	PyTypeObject crypto_X509_Type = {
Jean-Paul Calderone	3fe7f67	2010-08-11 23:55:10 -0400	[diff] [blame]	783	PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	784	"X509",
				785	sizeof(crypto_X509Obj),
				786	0,
				787	(destructor)crypto_X509_dealloc,
				788	NULL, /* print */
Jean-Paul Calderone	ae479ad	2010-08-10 20:04:28 -0400	[diff] [blame]	789	NULL, /* getattr */
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	790	NULL, /* setattr */
				791	NULL, /* compare */
				792	NULL, /* repr */
				793	NULL, /* as_number */
				794	NULL, /* as_sequence */
				795	NULL, /* as_mapping */
				796	NULL, /* hash */
				797	NULL, /* call */
				798	NULL, /* str */
				799	NULL, /* getattro */
				800	NULL, /* setattro */
				801	NULL, /* as_buffer */
				802	Py_TPFLAGS_DEFAULT,
				803	crypto_X509_doc, /* doc */
				804	NULL, /* traverse */
				805	NULL, /* clear */
				806	NULL, /* tp_richcompare */
				807	0, /* tp_weaklistoffset */
				808	NULL, /* tp_iter */
				809	NULL, /* tp_iternext */
				810	crypto_X509_methods, /* tp_methods */
				811	NULL, /* tp_members */
				812	NULL, /* tp_getset */
				813	NULL, /* tp_base */
				814	NULL, /* tp_dict */
				815	NULL, /* tp_descr_get */
				816	NULL, /* tp_descr_set */
				817	0, /* tp_dictoffset */
				818	NULL, /* tp_init */
				819	NULL, /* tp_alloc */
				820	crypto_X509_new, /* tp_new */
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	821	};
				822
				823	/*
				824	* Initialize the X509 part of the crypto sub module
				825	*
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	826	* Arguments: module - The crypto module
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	827	* Returns: None
				828	*/
				829	int
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	830	init_crypto_x509(PyObject *module)
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	831	{
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	832	if (PyType_Ready(&crypto_X509_Type) < 0) {
				833	return 0;
				834	}
				835
Jean-Paul Calderone	aed2358	2011-03-12 22:45:02 -0500	[diff] [blame^]	836	/* PyModule_AddObject steals a reference.
Jean-Paul Calderone	86ad711	2010-05-11 16:08:45 -0400	[diff] [blame]	837	*/
				838	Py_INCREF((PyObject *)&crypto_X509_Type);
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	839	if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
				840	return 0;
				841	}
				842
Jean-Paul Calderone	d07d57d	2011-03-12 22:35:24 -0500	[diff] [blame]	843	Py_INCREF((PyObject *)&crypto_X509_Type);
Jean-Paul Calderone	a4230d9	2009-06-27 10:54:04 -0400	[diff] [blame]	844	if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
				845	return 0;
				846	}
				847
Jean-Paul Calderone	897bc25	2008-02-18 20:50:23 -0500	[diff] [blame]	848	return 1;
				849	}
				850