Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 1 | #include <Python.h> |
| 2 | #define crypto_MODULE |
| 3 | #include "crypto.h" |
| 4 | |
| 5 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 6 | static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 7 | X509_REVOKED *dupe = NULL; |
| 8 | |
| 9 | dupe = X509_REVOKED_new(); |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 10 | if (dupe == NULL) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 11 | return NULL; |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 12 | } |
| 13 | if (orig->serialNumber) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 14 | dupe->serialNumber = M_ASN1_INTEGER_dup(orig->serialNumber); |
| 15 | } |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 16 | if (orig->revocationDate) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 17 | dupe->revocationDate = M_ASN1_INTEGER_dup(orig->revocationDate); |
| 18 | } |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 19 | if (orig->extensions) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 20 | STACK_OF(X509_EXTENSION) *sk = NULL; |
| 21 | X509_EXTENSION * ext; |
| 22 | int j; |
| 23 | |
| 24 | sk = sk_X509_EXTENSION_new_null(); |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 25 | for (j = 0; j < sk_X509_EXTENSION_num(orig->extensions); j++) { |
| 26 | ext = sk_X509_EXTENSION_value(orig->extensions, j); |
| 27 | ext = X509_EXTENSION_dup(ext); |
| 28 | sk_X509_EXTENSION_push(sk, ext); |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 29 | } |
| 30 | dupe->extensions = sk; |
| 31 | } |
| 32 | dupe->sequence = orig->sequence; |
| 33 | return dupe; |
| 34 | } |
| 35 | |
| 36 | static char crypto_CRL_get_revoked_doc[] = "\n\ |
| 37 | Return revoked portion of the CRL structure (by value\n\ |
| 38 | not reference).\n\ |
| 39 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 40 | :return: A tuple of Revoked objects.\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 41 | "; |
| 42 | static PyObject * |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 43 | crypto_CRL_get_revoked(crypto_CRLObj *self, PyObject *args) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 44 | int j, num_rev; |
| 45 | X509_REVOKED *r = NULL; |
| 46 | PyObject *obj = NULL, *rev_obj; |
| 47 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 48 | if (!PyArg_ParseTuple(args, ":get_revoked")) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 49 | return NULL; |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 50 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 51 | |
| 52 | num_rev = sk_X509_REVOKED_num(self->crl->crl->revoked); |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 53 | if (num_rev < 0) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 54 | Py_INCREF(Py_None); |
| 55 | return Py_None; |
| 56 | } |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 57 | if ((obj = PyTuple_New(num_rev)) == NULL) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 58 | return NULL; |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 59 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 60 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 61 | for (j = 0; j < num_rev; j++) { |
| 62 | r = sk_X509_REVOKED_value(self->crl->crl->revoked, j); |
| 63 | r = X509_REVOKED_dup(r); |
| 64 | if (r == NULL ) { |
| 65 | goto error; |
| 66 | } |
| 67 | rev_obj = (PyObject *) crypto_Revoked_New(r); |
| 68 | if (rev_obj == NULL) { |
| 69 | goto error; |
| 70 | } |
| 71 | r = NULL; /* it's now owned by rev_obj */ |
| 72 | PyTuple_SET_ITEM(obj, j, rev_obj); |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 73 | } |
| 74 | return obj; |
| 75 | |
| 76 | error: |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 77 | if (r) { |
| 78 | X509_REVOKED_free(r); |
| 79 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 80 | Py_XDECREF(obj); |
| 81 | return NULL; |
| 82 | } |
| 83 | |
| 84 | static char crypto_CRL_add_revoked_doc[] = "\n\ |
| 85 | Add a revoked (by value not reference) to the CRL structure\n\ |
| 86 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 87 | :param cert: The new revoked.\n\ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 88 | :type cert: :class:`X509`\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 89 | :return: None\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 90 | "; |
| 91 | static PyObject * |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 92 | crypto_CRL_add_revoked(crypto_CRLObj *self, PyObject *args, PyObject *keywds) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 93 | crypto_RevokedObj * rev_obj = NULL; |
| 94 | static char *kwlist[] = {"revoked", NULL}; |
| 95 | X509_REVOKED * dup; |
| 96 | |
| 97 | if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!:add_revoked", |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 98 | kwlist, &crypto_Revoked_Type, &rev_obj)) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 99 | return NULL; |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 100 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 101 | |
| 102 | dup = X509_REVOKED_dup( rev_obj->revoked ); |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 103 | if (dup == NULL) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 104 | return NULL; |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 105 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 106 | X509_CRL_add0_revoked(self->crl, dup); |
| 107 | |
| 108 | Py_INCREF(Py_None); |
| 109 | return Py_None; |
| 110 | } |
| 111 | |
| 112 | static char crypto_CRL_export_doc[] = "\n\ |
Jean-Paul Calderone | 5888747 | 2010-01-30 13:12:35 -0500 | [diff] [blame] | 113 | export(cert, key[, type[, days]]) -> export a CRL as a string\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 114 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 115 | :param cert: Used to sign CRL.\n\ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 116 | :type cert: :class:`X509`\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 117 | :param key: Used to sign CRL.\n\ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 118 | :type key: :class:`PKey`\n\ |
| 119 | :param type: The export format, either :py:data:`FILETYPE_PEM`, :py:data:`FILETYPE_ASN1`, or :py:data:`FILETYPE_TEXT`.\n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 120 | :param days: The number of days until the next update of this CRL.\n\ |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 121 | :type days: :py:data:`int`\n\ |
| 122 | :return: :py:data:`str`\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 123 | "; |
| 124 | static PyObject * |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 125 | crypto_CRL_export(crypto_CRLObj *self, PyObject *args, PyObject *keywds) { |
| 126 | int ret, buf_len, type = X509_FILETYPE_PEM, days = 100; |
| 127 | char *temp; |
| 128 | BIO *bio; |
| 129 | PyObject *buffer; |
| 130 | crypto_PKeyObj *key; |
| 131 | ASN1_TIME *tmptm; |
| 132 | crypto_X509Obj *x509; |
| 133 | static char *kwlist[] = {"cert", "key", "type", "days", NULL}; |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame^] | 134 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 135 | if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist, |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame^] | 136 | &crypto_X509_Type, &x509, |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 137 | &crypto_PKey_Type, &key, &type, &days)) { |
| 138 | return NULL; |
| 139 | } |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame^] | 140 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 141 | bio = BIO_new(BIO_s_mem()); |
| 142 | tmptm = ASN1_TIME_new(); |
| 143 | if (!tmptm) { |
| 144 | return 0; |
| 145 | } |
| 146 | X509_gmtime_adj(tmptm,0); |
| 147 | X509_CRL_set_lastUpdate(self->crl, tmptm); |
| 148 | X509_gmtime_adj(tmptm,days*24*60*60); |
| 149 | X509_CRL_set_nextUpdate(self->crl, tmptm); |
| 150 | ASN1_TIME_free(tmptm); |
| 151 | X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509)); |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame^] | 152 | |
| 153 | if (!X509_CRL_sign(self->crl, key->pkey, EVP_md5())) { |
| 154 | exception_from_error_queue(crypto_Error); |
| 155 | BIO_free(bio); |
| 156 | return NULL; |
| 157 | } |
| 158 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 159 | switch (type) { |
| 160 | case X509_FILETYPE_PEM: |
| 161 | ret = PEM_write_bio_X509_CRL(bio, self->crl); |
| 162 | break; |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 163 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 164 | case X509_FILETYPE_ASN1: |
| 165 | ret = (int) i2d_X509_CRL_bio(bio, self->crl); |
| 166 | break; |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 167 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 168 | case X509_FILETYPE_TEXT: |
| 169 | ret = X509_CRL_print(bio, self->crl); |
| 170 | break; |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 171 | |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 172 | default: |
| 173 | PyErr_SetString( |
| 174 | PyExc_ValueError, |
| 175 | "type argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT"); |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 176 | return NULL; |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 177 | } |
| 178 | if (!ret) { |
| 179 | exception_from_error_queue(crypto_Error); |
| 180 | BIO_free(bio); |
| 181 | return NULL; |
| 182 | } |
| 183 | buf_len = BIO_get_mem_data(bio, &temp); |
Jean-Paul Calderone | 2f6c66f | 2010-08-11 19:53:43 -0400 | [diff] [blame] | 184 | buffer = PyBytes_FromStringAndSize(temp, buf_len); |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 185 | BIO_free(bio); |
| 186 | return buffer; |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 187 | } |
| 188 | |
| 189 | crypto_CRLObj * |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 190 | crypto_CRL_New(X509_CRL *crl) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 191 | crypto_CRLObj *self; |
| 192 | |
| 193 | self = PyObject_New(crypto_CRLObj, &crypto_CRL_Type); |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 194 | if (self == NULL) { |
| 195 | return NULL; |
| 196 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 197 | self->crl = crl; |
| 198 | return self; |
| 199 | } |
| 200 | |
| 201 | /* |
| 202 | * ADD_METHOD(name) expands to a correct PyMethodDef declaration |
| 203 | * { 'name', (PyCFunction)crypto_CRL_name, METH_VARARGS, crypto_CRL_name_doc } |
| 204 | * for convenience |
| 205 | */ |
| 206 | #define ADD_METHOD(name) \ |
| 207 | { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS, crypto_CRL_##name##_doc } |
| 208 | #define ADD_KW_METHOD(name) \ |
| 209 | { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS | METH_KEYWORDS, crypto_CRL_##name##_doc } |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 210 | static PyMethodDef crypto_CRL_methods[] = { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 211 | ADD_KW_METHOD(add_revoked), |
| 212 | ADD_METHOD(get_revoked), |
| 213 | ADD_KW_METHOD(export), |
| 214 | { NULL, NULL } |
| 215 | }; |
| 216 | #undef ADD_METHOD |
| 217 | |
| 218 | |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 219 | static void |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 220 | crypto_CRL_dealloc(crypto_CRLObj *self) { |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 221 | X509_CRL_free(self->crl); |
| 222 | self->crl = NULL; |
| 223 | |
| 224 | PyObject_Del(self); |
| 225 | } |
| 226 | |
| 227 | static char crypto_CRL_doc[] = "\n\ |
| 228 | CRL() -> CRL instance\n\ |
| 229 | \n\ |
| 230 | Create a new empty CRL object.\n\ |
| 231 | \n\ |
Jonathan Ballet | 78b92a2 | 2011-07-16 08:07:26 +0900 | [diff] [blame] | 232 | :returns: The CRL object\n\ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 233 | "; |
| 234 | |
| 235 | static PyObject* crypto_CRL_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) { |
Jean-Paul Calderone | c5c2160 | 2010-05-24 17:52:20 -0400 | [diff] [blame] | 236 | if (!PyArg_ParseTuple(args, ":CRL")) { |
| 237 | return NULL; |
| 238 | } |
| 239 | |
| 240 | return (PyObject *)crypto_CRL_New(X509_CRL_new()); |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 241 | } |
| 242 | |
| 243 | PyTypeObject crypto_CRL_Type = { |
Jean-Paul Calderone | 3fe7f67 | 2010-08-11 23:55:10 -0400 | [diff] [blame] | 244 | PyOpenSSL_HEAD_INIT(&PyType_Type, 0) |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 245 | "CRL", |
| 246 | sizeof(crypto_CRLObj), |
| 247 | 0, |
| 248 | (destructor)crypto_CRL_dealloc, |
| 249 | NULL, /* print */ |
Jean-Paul Calderone | 2f6c66f | 2010-08-11 19:53:43 -0400 | [diff] [blame] | 250 | NULL, /* getattr */ |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 251 | NULL, /* setattr */ |
| 252 | NULL, /* compare */ |
| 253 | NULL, /* repr */ |
| 254 | NULL, /* as_number */ |
| 255 | NULL, /* as_sequence */ |
| 256 | NULL, /* as_mapping */ |
| 257 | NULL, /* hash */ |
| 258 | NULL, /* call */ |
| 259 | NULL, /* str */ |
| 260 | NULL, /* getattro */ |
| 261 | NULL, /* setattro */ |
| 262 | NULL, /* as_buffer */ |
| 263 | Py_TPFLAGS_DEFAULT, |
| 264 | crypto_CRL_doc, /* doc */ |
| 265 | NULL, /* traverse */ |
| 266 | NULL, /* clear */ |
| 267 | NULL, /* tp_richcompare */ |
| 268 | 0, /* tp_weaklistoffset */ |
| 269 | NULL, /* tp_iter */ |
| 270 | NULL, /* tp_iternext */ |
| 271 | crypto_CRL_methods, /* tp_methods */ |
| 272 | NULL, /* tp_members */ |
| 273 | NULL, /* tp_getset */ |
| 274 | NULL, /* tp_base */ |
| 275 | NULL, /* tp_dict */ |
| 276 | NULL, /* tp_descr_get */ |
| 277 | NULL, /* tp_descr_set */ |
| 278 | 0, /* tp_dictoffset */ |
| 279 | NULL, /* tp_init */ |
| 280 | NULL, /* tp_alloc */ |
| 281 | crypto_CRL_new, /* tp_new */ |
| 282 | }; |
| 283 | |
| 284 | int init_crypto_crl(PyObject *module) { |
Jean-Paul Calderone | aed2358 | 2011-03-12 22:45:02 -0500 | [diff] [blame] | 285 | if (PyType_Ready(&crypto_CRL_Type) < 0) { |
| 286 | return 0; |
| 287 | } |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 288 | |
Jean-Paul Calderone | aed2358 | 2011-03-12 22:45:02 -0500 | [diff] [blame] | 289 | /* PyModule_AddObject steals a reference. |
| 290 | */ |
| 291 | Py_INCREF((PyObject *)&crypto_CRL_Type); |
| 292 | if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) { |
| 293 | return 0; |
| 294 | } |
| 295 | return 1; |
Rick Dean | 536ba02 | 2009-07-24 23:57:27 -0500 | [diff] [blame] | 296 | } |