Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / c3a41f7d20af9e2113cf43b88a66da51c6b30262 / . / src / crypto / pkcs12.c
blob: 7bbdb077ab5c436242a0706a8b8199afec31e3aa [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * pkcs12.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
5 *
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]6 * Certificate transport (PKCS12) handling code,
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]7 * mostly thin wrappers around OpenSSL.
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]8 * See the file RATIONALE for a short explanation of why
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]9 * this module was written.
10 *
11 * Reviewed 2001-07-23
12 */
13#include <Python.h>
14#define crypto_MODULE
15#include "crypto.h"
16
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]17/*
18 * PKCS12 is a standard exchange format for digital certificates.
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]19 * See e.g. the OpenSSL homepage http://www.openssl.org/ for more information
20 */
21
22static void crypto_PKCS12_dealloc(crypto_PKCS12Obj *self);
23
24static char crypto_PKCS12_get_certificate_doc[] = "\n\
25Return certificate portion of the PKCS12 structure\n\
26\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]27@return: X509 object containing the certificate\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]28";
29static PyObject *
30crypto_PKCS12_get_certificate(crypto_PKCS12Obj *self, PyObject *args)
31{
32 if (!PyArg_ParseTuple(args, ":get_certificate"))
33 return NULL;
34
35 Py_INCREF(self->cert);
36 return self->cert;
37}
38
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]39static char crypto_PKCS12_set_certificate_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]40Replace the certificate portion of the PKCS12 structure\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]41\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]42@param cert: The new certificate.\n\
Jean-Paul Calderonebade3132009-07-24 21:27:13 -0400[diff] [blame]43@type cert: L{X509} or L{NoneType}\n\
Rick Dean379917c2009-07-21 11:37:41 -0500[diff] [blame]44@return: None\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]45";
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]46static PyObject *
Jean-Paul Calderonebade3132009-07-24 21:27:13 -0400[diff] [blame]47crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]48 PyObject *cert = NULL;
49 static char *kwlist[] = {"cert", NULL};
50
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]51 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_certificate",
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]52 kwlist, &cert))
53 return NULL;
54
Jean-Paul Calderonebade3132009-07-24 21:27:13 -0400[diff] [blame]55 if (cert != Py_None && ! crypto_X509_Check(cert)) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]56 PyErr_SetString(PyExc_TypeError, "cert must be type X509 or None");
57 return NULL;
58 }
59
60 Py_INCREF(cert); /* Make consistent before calling Py_DECREF() */
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]61 Py_DECREF(self->cert);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]62 self->cert = cert;
63
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]64 Py_INCREF(Py_None);
65 return Py_None;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]66}
67
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]68static char crypto_PKCS12_get_privatekey_doc[] = "\n\
69Return private key portion of the PKCS12 structure\n\
70\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]71@returns: PKey object containing the private key\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]72";
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]73static crypto_PKeyObj *
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]74crypto_PKCS12_get_privatekey(crypto_PKCS12Obj *self, PyObject *args)
75{
76 if (!PyArg_ParseTuple(args, ":get_privatekey"))
77 return NULL;
78
79 Py_INCREF(self->key);
Rick Dean864e15e2009-07-17 15:21:23 -0500[diff] [blame]80 return (crypto_PKeyObj *) self->key;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]81}
82
83static char crypto_PKCS12_set_privatekey_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]84Replace or set the certificate portion of the PKCS12 structure\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]85\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]86@param pkey: The new private key.\n\
87@type pkey: L{PKey}\n\
88@return: None\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]89";
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]90static PyObject *
Jean-Paul Calderoned8665432009-07-24 21:28:52 -0400[diff] [blame]91crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]92 PyObject *pkey = NULL;
93 static char *kwlist[] = {"pkey", NULL};
94
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]95 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_privatekey",
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]96 kwlist, &pkey))
97 return NULL;
98
Jean-Paul Calderoned8665432009-07-24 21:28:52 -0400[diff] [blame]99 if (pkey != Py_None && ! crypto_PKey_Check(pkey)) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]100 PyErr_SetString(PyExc_TypeError, "pkey must be type X509 or None");
101 return NULL;
102 }
103
104 Py_INCREF(pkey); /* Make consistent before calling Py_DECREF() */
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]105 Py_DECREF(self->key);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]106 self->key = pkey;
107
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]108 Py_INCREF(Py_None);
109 return Py_None;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]110}
111
112static char crypto_PKCS12_get_ca_certificates_doc[] = "\n\
113Return CA certificates within of the PKCS12 object\n\
114\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]115@return: A newly created tuple containing the CA certificates in the chain,\n\
116 if any are present, or None if no CA certificates are present.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]117";
118static PyObject *
119crypto_PKCS12_get_ca_certificates(crypto_PKCS12Obj *self, PyObject *args)
120{
121 if (!PyArg_ParseTuple(args, ":get_ca_certificates"))
122 return NULL;
123
124 Py_INCREF(self->cacerts);
125 return self->cacerts;
126}
127
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]128static char crypto_PKCS12_set_ca_certificates_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]129Replace or set the CA certificates withing the PKCS12 object.\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]130\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]131@param cacerts: The new CA certificates.\n\
Jean-Paul Calderoned8665432009-07-24 21:28:52 -0400[diff] [blame]132@type cacerts: Iterable of L{X509} or L{NoneType}\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]133@return: None\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]134";
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]135static PyObject *
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]136crypto_PKCS12_set_ca_certificates(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
137{
Jean-Paul Calderone499fa1d2009-07-24 21:15:30 -0400[diff] [blame]138 PyObject *obj;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]139 PyObject *cacerts;
140 static char *kwlist[] = {"cacerts", NULL};
Rick Dean25bcc1f2009-07-20 11:53:13 -0500[diff] [blame]141 int i, len; /* Py_ssize_t for Python 2.5+ */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]142
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]143 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_ca_certificates",
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]144 kwlist, &cacerts))
145 return NULL;
146 if (cacerts == Py_None) {
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]147 Py_INCREF(cacerts);
Jean-Paul Calderone206c2272009-07-24 21:22:38 -0400[diff] [blame]148 } else {
149 /* It's iterable */
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]150 cacerts = PySequence_Tuple(cacerts);
Jean-Paul Calderone206c2272009-07-24 21:22:38 -0400[diff] [blame]151 if (cacerts == NULL) {
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]152 return NULL;
153 }
Jean-Paul Calderone206c2272009-07-24 21:22:38 -0400[diff] [blame]154 len = PyTuple_Size(cacerts);
155
Rick Dean48305252009-07-18 15:28:38 -0500[diff] [blame]156 /* Check is's a simple list filled only with X509 objects. */
Jean-Paul Calderone206c2272009-07-24 21:22:38 -0400[diff] [blame]157 for (i = 0; i < len; i++) {
Jean-Paul Calderone4c6b72e2009-07-24 21:18:51 -0400[diff] [blame]158 obj = PyTuple_GetItem(cacerts, i);
Jean-Paul Calderonefed4d152009-07-24 21:23:57 -0400[diff] [blame]159 if (!crypto_X509_Check(obj)) {
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]160 Py_DECREF(cacerts);
Rick Deane84d1462009-07-24 09:27:01 -0500[diff] [blame]161 PyErr_SetString(PyExc_TypeError, "iterable must only contain X509Type");
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]162 return NULL;
163 }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]164 }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]165 }
166
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]167 Py_DECREF(self->cacerts);
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]168 self->cacerts = cacerts;
169
Rick Dean38a05c82009-07-18 01:41:30 -0500[diff] [blame]170 Py_INCREF(Py_None);
171 return Py_None;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]172}
173
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]174static char crypto_PKCS12_get_friendlyname_doc[] = "\n\
175Return friendly name portion of the PKCS12 structure\n\
176\n\
177@returns: String containing the friendlyname\n\
178";
Rick Dean99251c22009-07-24 09:32:46 -0500[diff] [blame]179static PyObject *
Jean-Paul Calderone4a45cbc2009-07-24 21:41:12 -0400[diff] [blame]180crypto_PKCS12_get_friendlyname(crypto_PKCS12Obj *self, PyObject *args) {
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]181 if (!PyArg_ParseTuple(args, ":get_friendlyname"))
182 return NULL;
183
184 Py_INCREF(self->friendlyname);
Rick Dean99251c22009-07-24 09:32:46 -0500[diff] [blame]185 return (PyObject *) self->friendlyname;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]186}
187
188static char crypto_PKCS12_set_friendlyname_doc[] = "\n\
189Replace or set the certificate portion of the PKCS12 structure\n\
190\n\
191@param name: The new friendly name.\n\
192@type name: L{str}\n\
193@return: None\n\
194";
195static PyObject *
Jean-Paul Calderone4a45cbc2009-07-24 21:41:12 -0400[diff] [blame]196crypto_PKCS12_set_friendlyname(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]197 PyObject *name = NULL;
198 static char *kwlist[] = {"name", NULL};
199
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]200 if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_friendlyname",
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]201 kwlist, &name))
202 return NULL;
203
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]204 if (name != Py_None && ! PyString_CheckExact(name)) {
Rick Dean37273112009-07-24 09:38:17 -0500[diff] [blame]205 PyErr_SetString(PyExc_TypeError, "name must be a str or None");
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]206 return NULL;
207 }
208
209 Py_INCREF(name); /* Make consistent before calling Py_DECREF() */
210 Py_DECREF(self->friendlyname);
211 self->friendlyname = name;
212
213 Py_INCREF(Py_None);
214 return Py_None;
215}
216
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]217static char crypto_PKCS12_export_doc[] = "\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]218export([passphrase=None][, friendly_name=None][, iter=2048][, maciter=1]\n\
219Dump a PKCS12 object as a string. See also \"man PKCS12_create\".\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]220\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]221@param passphrase: used to encrypt the PKCS12\n\
222@type passphrase: L{str}\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]223@param iter: How many times to repeat the encryption\n\
224@type iter: L{int}\n\
225@param maciter: How many times to repeat the MAC\n\
226@type maciter: L{int}\n\
227@return: The string containing the PKCS12\n\
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]228";
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]229static PyObject *
Jean-Paul Calderone4a45cbc2009-07-24 21:41:12 -0400[diff] [blame]230crypto_PKCS12_export(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
231 int i; /* Py_ssize_t for Python 2.5+ */
232 PyObject *obj;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]233 int buf_len;
234 PyObject *buffer;
235 char *temp, *passphrase = NULL, *friendly_name = NULL;
236 BIO *bio;
237 PKCS12 *p12;
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]238 EVP_PKEY *pkey = NULL;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]239 STACK_OF(X509) *cacerts = NULL;
240 X509 *x509 = NULL;
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]241 int iter = 0; /* defaults to PKCS12_DEFAULT_ITER */
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]242 int maciter = 0;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]243 static char *kwlist[] = {"passphrase", "iter", "maciter", NULL};
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]244
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]245 if (!PyArg_ParseTupleAndKeywords(args, keywds, "|zii:export",
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]246 kwlist, &passphrase, &iter, &maciter))
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]247 return NULL;
248
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]249 if (self->key != Py_None) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]250 pkey = ((crypto_PKeyObj*) self->key)->pkey;
251 }
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]252 if (self->cert != Py_None) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]253 x509 = ((crypto_X509Obj*) self->cert)->x509;
254 }
Rick Dean585cd9e2009-07-18 14:58:11 -0500[diff] [blame]255 if (self->cacerts != Py_None) {
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]256 cacerts = sk_X509_new_null();
Jean-Paul Calderone4a45cbc2009-07-24 21:41:12 -0400[diff] [blame]257 for (i = 0; i < PyTuple_Size(self->cacerts); i++) { /* For each CA cert */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]258 obj = PySequence_GetItem(self->cacerts, i);
259 /* assert(PyObject_IsInstance(obj, (PyObject *) &crypto_X509_Type )); */
260 sk_X509_push(cacerts, (( crypto_X509Obj* ) obj)->x509);
261 Py_DECREF(obj);
262 }
263 }
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]264 if (self->friendlyname != Py_None) {
265 friendly_name = PyString_AsString(self->friendlyname);
266 }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]267
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]268 p12 = PKCS12_create(passphrase, friendly_name, pkey, x509, cacerts,
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]269 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
270 NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
271 iter, maciter, 0);
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]272 sk_X509_free(cacerts); /* NULL safe. Free just the container. */
Jean-Paul Calderone4a45cbc2009-07-24 21:41:12 -0400[diff] [blame]273 if (p12 == NULL) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]274 exception_from_error_queue(crypto_Error);
275 return NULL;
276 }
277 bio = BIO_new(BIO_s_mem());
278 i2d_PKCS12_bio(bio, p12);
279 buf_len = BIO_get_mem_data(bio, &temp);
280 buffer = PyString_FromStringAndSize(temp, buf_len);
281 BIO_free(bio);
282 return buffer;
283}
284
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]285/*
286 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
287 * { 'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc }
288 * for convenience
289 */
290#define ADD_METHOD(name) \
291 { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS, crypto_PKCS12_##name##_doc }
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]292#define ADD_KW_METHOD(name) \
293 { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS | METH_KEYWORDS, crypto_PKCS12_##name##_doc }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]294static PyMethodDef crypto_PKCS12_methods[] =
295{
296 ADD_METHOD(get_certificate),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]297 ADD_KW_METHOD(set_certificate),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]298 ADD_METHOD(get_privatekey),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]299 ADD_KW_METHOD(set_privatekey),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]300 ADD_METHOD(get_ca_certificates),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]301 ADD_KW_METHOD(set_ca_certificates),
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]302 ADD_METHOD(get_friendlyname),
303 ADD_KW_METHOD(set_friendlyname),
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]304 ADD_KW_METHOD(export),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]305 { NULL, NULL }
306};
307#undef ADD_METHOD
308
309/*
310 * Constructor for PKCS12 objects, never called by Python code directly.
311 * The strategy for this object is to create all the Python objects
312 * corresponding to the cert/key/CA certs right away
313 *
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]314 * Arguments: p12 - A "real" PKCS12 object or NULL
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]315 * passphrase - Passphrase to use when decrypting the PKCS12 object
316 * Returns: The newly created PKCS12 object
317 */
318crypto_PKCS12Obj *
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]319crypto_PKCS12_New(PKCS12 *p12, char *passphrase) {
Jean-Paul Calderonee58415f2009-07-24 21:12:45 -0400[diff] [blame]320 crypto_PKCS12Obj *self = NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]321 PyObject *cacertobj = NULL;
322
Jean-Paul Calderoneb96d13e2009-07-25 11:33:22 -0400[diff] [blame]323 unsigned char *alias_str;
324 int alias_len;
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]325
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]326 X509 *cert = NULL;
327 EVP_PKEY *pkey = NULL;
328 STACK_OF(X509) *cacerts = NULL;
329
330 int i, cacert_count = 0;
331
332 /* allocate space for the CA cert stack */
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]333 if((cacerts = sk_X509_new_null()) == NULL) {
Rick Deanaace5e92009-07-24 10:44:49 -0500[diff] [blame]334 goto error; /* out of memory? */
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]335 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]336
337 /* parse the PKCS12 lump */
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]338 if (p12 && !PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame]339 exception_from_error_queue(crypto_Error);
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame]340 goto error;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]341 }
342
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]343 if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame]344 goto error;
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]345 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]346
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]347 /* client certificate and friendlyName */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]348 if (cert == NULL) {
349 Py_INCREF(Py_None);
350 self->cert = Py_None;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]351 Py_INCREF(Py_None);
352 self->friendlyname = Py_None;
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]353 } else {
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]354 if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]355 goto error;
Jean-Paul Calderone32eb0312009-07-25 11:15:55 -0400[diff] [blame]356 }
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]357
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]358 /* Now we need to extract the friendlyName of the PKCS12
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]359 * that was stored by PKCS_parse() in the alias of the
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]360 * certificate. */
Jean-Paul Calderoneb96d13e2009-07-25 11:33:22 -0400[diff] [blame]361 alias_str = X509_alias_get0(cert, &alias_len);
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]362 if (alias_str) {
363 if (!(self->friendlyname = Py_BuildValue("s#", alias_str, alias_len))) {
364 /*
365 * XXX Untested
366 */
367 goto error;
368 }
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]369 /* success */
370 } else {
371 Py_INCREF(Py_None);
372 self->friendlyname = Py_None;
373 }
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]374 }
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]375
376 /* private key */
Rick Dean623ee362009-07-17 12:22:16 -0500[diff] [blame]377 if (pkey == NULL) {
378 Py_INCREF(Py_None);
379 self->key = Py_None;
380 } else {
381 if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
382 goto error;
383 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]384
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]385 /* CA certs */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]386 cacert_count = sk_X509_num(cacerts);
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]387 if (cacert_count <= 0) {
Rick Deanaace5e92009-07-24 10:44:49 -0500[diff] [blame]388 Py_INCREF(Py_None);
389 self->cacerts = Py_None;
390 } else {
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]391 if ((self->cacerts = PyTuple_New(cacert_count)) == NULL) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]392 goto error;
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]393 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]394
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]395 for (i = 0; i < cacert_count; i++) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]396 cert = sk_X509_value(cacerts, i);
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]397 if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]398 goto error;
Jean-Paul Calderone304866b2009-07-25 12:03:55 -0400[diff] [blame]399 }
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]400 PyTuple_SET_ITEM(self->cacerts, i, cacertobj);
401 }
402 }
403
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]404 sk_X509_free(cacerts); /* Don't free the certs, just the container. */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]405 PyObject_GC_Track(self);
406
407 return self;
Rick Deanee568302009-07-24 09:56:29 -0500[diff] [blame]408
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]409error:
Rick Dean8fefeb02009-07-24 10:56:29 -0500[diff] [blame]410 sk_X509_free(cacerts); /* NULL safe. Free just the container. */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]411 crypto_PKCS12_dealloc(self);
412 return NULL;
413}
414
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]415static char crypto_PKCS12_doc[] = "\n\
416PKCS12() -> PKCS12 instance\n\
417\n\
Rick Deane182f482009-07-17 14:49:48 -0500[diff] [blame]418Create a new empty PKCS12 object.\n\
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]419\n\
420@returns: The PKCS12 object\n\
421";
422static PyObject *
Jean-Paul Calderoneb1a3af12009-07-25 12:21:18 -0400[diff] [blame]423crypto_PKCS12_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]424 if (!PyArg_ParseTuple(args, ":PKCS12")) {
425 return NULL;
426 }
427
428 return (PyObject *)crypto_PKCS12_New(NULL, NULL);
429}
430
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]431/*
432 * Find attribute
433 *
434 * Arguments: self - The PKCS12 object
435 * name - The attribute name
436 * Returns: A Python object for the attribute, or NULL if something went
437 * wrong
438 */
439static PyObject *
440crypto_PKCS12_getattr(crypto_PKCS12Obj *self, char *name)
441{
442 return Py_FindMethod(crypto_PKCS12_methods, (PyObject *)self, name);
443}
444
445/*
446 * Call the visitproc on all contained objects.
447 *
448 * Arguments: self - The PKCS12 object
449 * visit - Function to call
450 * arg - Extra argument to visit
451 * Returns: 0 if all goes well, otherwise the return code from the first
452 * call that gave non-zero result.
453 */
454static int
455crypto_PKCS12_traverse(crypto_PKCS12Obj *self, visitproc visit, void *arg)
456{
457 int ret = 0;
458
459 if (ret == 0 && self->cert != NULL)
460 ret = visit(self->cert, arg);
461 if (ret == 0 && self->key != NULL)
462 ret = visit(self->key, arg);
463 if (ret == 0 && self->cacerts != NULL)
464 ret = visit(self->cacerts, arg);
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]465 if (ret == 0 && self->friendlyname != NULL)
466 ret = visit(self->friendlyname, arg);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]467 return ret;
468}
469
470/*
471 * Decref all contained objects and zero the pointers.
472 *
473 * Arguments: self - The PKCS12 object
474 * Returns: Always 0.
475 */
476static int
477crypto_PKCS12_clear(crypto_PKCS12Obj *self)
478{
479 Py_XDECREF(self->cert);
480 self->cert = NULL;
481 Py_XDECREF(self->key);
482 self->key = NULL;
483 Py_XDECREF(self->cacerts);
484 self->cacerts = NULL;
Rick Dean42d69e12009-07-20 11:36:08 -0500[diff] [blame]485 Py_XDECREF(self->friendlyname);
486 self->friendlyname = NULL;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]487 return 0;
488}
489
490/*
491 * Deallocate the memory used by the PKCS12 object
492 *
493 * Arguments: self - The PKCS12 object
494 * Returns: None
495 */
496static void
497crypto_PKCS12_dealloc(crypto_PKCS12Obj *self)
498{
499 PyObject_GC_UnTrack(self);
500 crypto_PKCS12_clear(self);
501 PyObject_GC_Del(self);
502}
503
504PyTypeObject crypto_PKCS12_Type = {
505 PyObject_HEAD_INIT(NULL)
506 0,
507 "PKCS12",
508 sizeof(crypto_PKCS12Obj),
509 0,
510 (destructor)crypto_PKCS12_dealloc,
511 NULL, /* print */
512 (getattrfunc)crypto_PKCS12_getattr,
513 NULL, /* setattr */
514 NULL, /* compare */
515 NULL, /* repr */
516 NULL, /* as_number */
517 NULL, /* as_sequence */
518 NULL, /* as_mapping */
519 NULL, /* hash */
520 NULL, /* call */
521 NULL, /* str */
522 NULL, /* getattro */
523 NULL, /* setattro */
524 NULL, /* as_buffer */
525 Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
Jean-Paul Calderonee7901d72009-07-24 18:21:26 -0400[diff] [blame]526 crypto_PKCS12_doc,
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]527 (traverseproc)crypto_PKCS12_traverse,
528 (inquiry)crypto_PKCS12_clear,
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]529 NULL, /* tp_richcompare */
530 0, /* tp_weaklistoffset */
531 NULL, /* tp_iter */
532 NULL, /* tp_iternext */
533 crypto_PKCS12_methods, /* tp_methods */
534 NULL, /* tp_members */
535 NULL, /* tp_getset */
536 NULL, /* tp_base */
537 NULL, /* tp_dict */
538 NULL, /* tp_descr_get */
539 NULL, /* tp_descr_set */
540 0, /* tp_dictoffset */
541 NULL, /* tp_init */
542 NULL, /* tp_alloc */
543 crypto_PKCS12_new, /* tp_new */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]544};
545
546/*
547 * Initialize the PKCS12 part of the crypto sub module
548 *
Jean-Paul Calderonedc138fa2009-06-27 14:32:07 -0400[diff] [blame]549 * Arguments: module - The crypto module
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]550 * Returns: None
551 */
552int
Jean-Paul Calderonedc138fa2009-06-27 14:32:07 -0400[diff] [blame]553init_crypto_pkcs12(PyObject *module) {
554 if (PyType_Ready(&crypto_PKCS12_Type) < 0) {
555 return 0;
556 }
557
Rick Deancbeaca02009-07-17 12:50:12 -0500[diff] [blame]558 if (PyModule_AddObject(module, "PKCS12", (PyObject *)&crypto_PKCS12_Type) != 0) {
559 return 0;
560 }
561
Jean-Paul Calderonedc138fa2009-06-27 14:32:07 -0400[diff] [blame]562 if (PyModule_AddObject(module, "PKCS12Type", (PyObject *)&crypto_PKCS12_Type) != 0) {
563 return 0;
564 }
565
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]566 return 1;
567}