Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / d369c93be3d185aafd646e2008048c4ae1ff600e / . / src / crypto / x509req.c
blob: 07bd44b68be21f372a490ff5c42e2cfab3490a13 [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * x509req.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]5 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]6 *
7 * X.509 Request handling, mostly thin wrapping.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 */
10#include <Python.h>
11#define crypto_MODULE
12#include "crypto.h"
13
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]14
15static char crypto_X509Req_get_subject_doc[] = "\n\
16Create an X509Name object for the subject of the certificate request\n\
17\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]18@return: An X509Name object\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]19";
20
21static PyObject *
22crypto_X509Req_get_subject(crypto_X509ReqObj *self, PyObject *args)
23{
24 crypto_X509NameObj *crypto_X509Name_New(X509_NAME *, int);
25 X509_NAME *name;
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500[diff] [blame]26 crypto_X509NameObj* pyname;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]27
28 if (!PyArg_ParseTuple(args, ":get_subject"))
29 return NULL;
30
31 if ((name = X509_REQ_get_subject_name(self->x509_req)) == NULL)
32 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]33 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]34 return NULL;
35 }
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500[diff] [blame]36 if ((pyname = crypto_X509Name_New(name, 0)) != NULL) {
37 pyname->parent_cert = (PyObject *)self;
38 Py_INCREF(self);
39 }
40 return (PyObject *)pyname;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]41}
42
43static char crypto_X509Req_get_pubkey_doc[] = "\n\
44Get the public key from the certificate request\n\
45\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]46@return: The public key\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]47";
48
49static PyObject *
50crypto_X509Req_get_pubkey(crypto_X509ReqObj *self, PyObject *args)
51{
52 crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
53 EVP_PKEY *pkey;
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]54 crypto_PKeyObj *py_pkey;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]55
56 if (!PyArg_ParseTuple(args, ":get_pubkey"))
57 return NULL;
58
59 if ((pkey = X509_REQ_get_pubkey(self->x509_req)) == NULL)
60 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]61 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]62 return NULL;
63 }
64
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]65 py_pkey = crypto_PKey_New(pkey, 1);
66 if (py_pkey != NULL) {
67 py_pkey->only_public = 1;
68 }
Jean-Paul Calderonef60beec2008-07-22 21:19:02 -0400[diff] [blame]69 return (PyObject *)py_pkey;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]70}
71
72static char crypto_X509Req_set_pubkey_doc[] = "\n\
73Set the public key of the certificate request\n\
74\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]75@param pkey: The public key to use\n\
76@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]77";
78
79static PyObject *
80crypto_X509Req_set_pubkey(crypto_X509ReqObj *self, PyObject *args)
81{
82 crypto_PKeyObj *pkey;
83
84 if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
85 return NULL;
86
87 if (!X509_REQ_set_pubkey(self->x509_req, pkey->pkey))
88 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]89 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]90 return NULL;
91 }
92
93 Py_INCREF(Py_None);
94 return Py_None;
95}
96
97static char crypto_X509Req_sign_doc[] = "\n\
98Sign the certificate request using the supplied key and digest\n\
99\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]100@param pkey: The key to sign with\n\
101@param digest: The message digest to use\n\
102@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]103";
104
105static PyObject *
106crypto_X509Req_sign(crypto_X509ReqObj *self, PyObject *args)
107{
108 crypto_PKeyObj *pkey;
109 char *digest_name;
110 const EVP_MD *digest;
111
112 if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
113 &digest_name))
114 return NULL;
115
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]116 if (pkey->only_public) {
117 PyErr_SetString(PyExc_ValueError, "Key has only public part");
118 return NULL;
119 }
120
121 if (!pkey->initialized) {
122 PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
123 return NULL;
124 }
125
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]126 if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
127 {
128 PyErr_SetString(PyExc_ValueError, "No such digest method");
129 return NULL;
130 }
131
132 if (!X509_REQ_sign(self->x509_req, pkey->pkey, digest))
133 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]134 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]135 return NULL;
136 }
137
138 Py_INCREF(Py_None);
139 return Py_None;
140}
141
142static char crypto_X509Req_verify_doc[] = "\n\
143Verifies a certificate request using the supplied public key\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]144\n\
145@param key: a public key\n\
146@return: True if the signature is correct, False otherwise.\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]147";
148
149PyObject *
150crypto_X509Req_verify(crypto_X509ReqObj *self, PyObject *args)
151{
152 PyObject *obj;
153 crypto_PKeyObj *key;
154 int answer;
155
156 if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj))
157 return NULL;
158
159 key = (crypto_PKeyObj *)obj;
160
161 if ((answer = X509_REQ_verify(self->x509_req, key->pkey)) < 0)
162 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]163 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]164 return NULL;
165 }
166
167 return PyInt_FromLong(answer);
168}
169
170static char crypto_X509Req_add_extensions_doc[] = "\n\
171Add extensions to the request.\n\
172\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]173@param extensions: a sequence of X509Extension objects\n\
174@return: None\n\
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]175";
176
177static PyObject *
178crypto_X509Req_add_extensions(crypto_X509ReqObj *self, PyObject *args)
179{
180 PyObject *extensions;
181 crypto_X509ExtensionObj *ext;
182 STACK_OF(X509_EXTENSION) *exts;
183 int nr_of_extensions, i;
184
185 if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
186 return NULL;
187
188 if (!PySequence_Check(extensions))
189 {
190 PyErr_SetString(PyExc_TypeError, "Expected a sequence");
191 return NULL;
192 }
193
194 /* Make a STACK_OF(X509_EXTENSION) from sequence */
195 if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
196 {
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]197 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]198 return NULL;
199 }
200
201 /* Put the extensions in a stack */
202 nr_of_extensions = PySequence_Length(extensions);
203
204 for (i = 0; i < nr_of_extensions; i++)
205 {
206 ext = (crypto_X509ExtensionObj *)PySequence_GetItem(extensions, i);
207 if (!(crypto_X509Extension_Check(ext)))
208 {
209 PyErr_SetString(PyExc_ValueError,
210 "One of the elements is not an X509Extension");
211 sk_X509_EXTENSION_free(exts);
212 return NULL;
213 }
214 sk_X509_EXTENSION_push(exts, ext->x509_extension);
215 }
216
217 if (!X509_REQ_add_extensions(self->x509_req, exts))
218 {
219 sk_X509_EXTENSION_free(exts);
Rick Deand369c932009-07-08 11:48:33 -0500[diff] [blame^]220 exception_from_error_queue(crypto_Error);
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]221 return NULL;
222 }
223
224 sk_X509_EXTENSION_free(exts);
225
226 Py_INCREF(Py_None);
227 return Py_None;
228}
229
Jean-Paul Calderone8dd19b82008-12-28 20:41:16 -0500[diff] [blame]230static char crypto_X509Req_set_version_doc[] = "\n\
231Set the version subfield (RFC 2459, section 4.1.2.1) of the certificate\n\
232request.\n\
233\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]234@param version: The version number\n\
235@return: None\n\
Jean-Paul Calderone8dd19b82008-12-28 20:41:16 -0500[diff] [blame]236";
237
238static PyObject *
239crypto_X509Req_set_version(crypto_X509ReqObj *self, PyObject *args)
240{
241 long version;
242
243 if (!PyArg_ParseTuple(args, "l:set_version", &version)) {
244 return NULL;
245 }
246
247 if (!X509_REQ_set_version(self->x509_req, version)) {
248 return NULL;
249 }
250
251 Py_INCREF(Py_None);
252 return Py_None;
253}
254
255static char crypto_X509Req_get_version_doc[] = "\n\
256Get the version subfield (RFC 2459, section 4.1.2.1) of the certificate\n\
257request.\n\
258\n\
Jean-Paul Calderone54bcc832009-05-27 14:06:48 -0400[diff] [blame]259@return: an integer giving the value of the version subfield\n\
Jean-Paul Calderone8dd19b82008-12-28 20:41:16 -0500[diff] [blame]260";
261
262static PyObject *
263crypto_X509Req_get_version(crypto_X509ReqObj *self, PyObject *args)
264{
265 long version;
266
267 if (!PyArg_ParseTuple(args, ":get_version")) {
268 return NULL;
269 }
270
271 version = X509_REQ_get_version(self->x509_req);
272
273 return PyLong_FromLong(version);
274}
275
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]276/*
277 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
278 * { 'name', (PyCFunction)crypto_X509Req_name, METH_VARARGS }
279 * for convenience
280 */
281#define ADD_METHOD(name) \
282 { #name, (PyCFunction)crypto_X509Req_##name, METH_VARARGS, crypto_X509Req_##name##_doc }
283static PyMethodDef crypto_X509Req_methods[] =
284{
285 ADD_METHOD(get_subject),
286 ADD_METHOD(get_pubkey),
287 ADD_METHOD(set_pubkey),
288 ADD_METHOD(sign),
289 ADD_METHOD(verify),
290 ADD_METHOD(add_extensions),
Jean-Paul Calderone8dd19b82008-12-28 20:41:16 -0500[diff] [blame]291 ADD_METHOD(set_version),
292 ADD_METHOD(get_version),
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]293 { NULL, NULL }
294};
295#undef ADD_METHOD
296
297
298/*
299 * Constructor for X509Req, never called by Python code directly
300 *
301 * Arguments: name - A "real" X509_REQ object
302 * dealloc - Boolean value to specify whether the destructor should
303 * free the "real" X509_REQ object
304 * Returns: The newly created X509Req object
305 */
306crypto_X509ReqObj *
307crypto_X509Req_New(X509_REQ *req, int dealloc)
308{
309 crypto_X509ReqObj *self;
310
311 self = PyObject_New(crypto_X509ReqObj, &crypto_X509Req_Type);
312
313 if (self == NULL)
314 return NULL;
315
316 self->x509_req = req;
317 self->dealloc = dealloc;
318
319 return self;
320}
321
Jean-Paul Calderonef1592522009-06-27 11:10:43 -0400[diff] [blame]322
323static char crypto_X509Req_doc[] = "\n\
324X509Req() -> X509Req instance\n\
325\n\
326Create a new X509Req object.\n\
327\n\
328@return: The X509Req object\n\
329";
330
331static PyObject *
332crypto_X509Req_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
333 if (!PyArg_ParseTuple(args, ":X509Req")) {
334 return NULL;
335 }
336
337 return (PyObject *)crypto_X509Req_New(X509_REQ_new(), 1);
338}
339
340
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]341/*
342 * Deallocate the memory used by the X509Req object
343 *
344 * Arguments: self - The X509Req object
345 * Returns: None
346 */
347static void
348crypto_X509Req_dealloc(crypto_X509ReqObj *self)
349{
350 /* Sometimes we don't have to dealloc this */
351 if (self->dealloc)
352 X509_REQ_free(self->x509_req);
353
354 PyObject_Del(self);
355}
356
357
358/*
359 * Find attribute.
360 *
361 * Arguments: self - The X509Req object
362 * name - The attribute name
363 * Returns: A Python object for the attribute, or NULL if something went
364 * wrong
365 */
366static PyObject *
367crypto_X509Req_getattr(crypto_X509ReqObj *self, char *name)
368{
369 return Py_FindMethod(crypto_X509Req_methods, (PyObject *)self, name);
370}
371
372PyTypeObject crypto_X509Req_Type = {
373 PyObject_HEAD_INIT(NULL)
374 0,
375 "X509Req",
376 sizeof(crypto_X509ReqObj),
377 0,
378 (destructor)crypto_X509Req_dealloc,
379 NULL, /* print */
380 (getattrfunc)crypto_X509Req_getattr,
Jean-Paul Calderonef1592522009-06-27 11:10:43 -0400[diff] [blame]381 NULL, /* setattr */
382 NULL, /* compare */
383 NULL, /* repr */
384 NULL, /* as_number */
385 NULL, /* as_sequence */
386 NULL, /* as_mapping */
387 NULL, /* hash */
388 NULL, /* call */
389 NULL, /* str */
390 NULL, /* getattro */
391 NULL, /* setattro */
392 NULL, /* as_buffer */
393 Py_TPFLAGS_DEFAULT,
394 crypto_X509Req_doc, /* doc */
395 NULL, /* traverse */
396 NULL, /* clear */
397 NULL, /* tp_richcompare */
398 0, /* tp_weaklistoffset */
399 NULL, /* tp_iter */
400 NULL, /* tp_iternext */
401 crypto_X509Req_methods, /* tp_methods */
402 NULL, /* tp_members */
403 NULL, /* tp_getset */
404 NULL, /* tp_base */
405 NULL, /* tp_dict */
406 NULL, /* tp_descr_get */
407 NULL, /* tp_descr_set */
408 0, /* tp_dictoffset */
409 NULL, /* tp_init */
410 NULL, /* tp_alloc */
411 crypto_X509Req_new, /* tp_new */
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]412};
413
414
415/*
416 * Initialize the X509Req part of the crypto module
417 *
Jean-Paul Calderonef1592522009-06-27 11:10:43 -0400[diff] [blame]418 * Arguments: module - The crypto module
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]419 * Returns: None
420 */
421int
Jean-Paul Calderonef1592522009-06-27 11:10:43 -0400[diff] [blame]422init_crypto_x509req(PyObject *module)
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]423{
Jean-Paul Calderonef1592522009-06-27 11:10:43 -0400[diff] [blame]424 if (PyType_Ready(&crypto_X509Req_Type) < 0) {
425 return 0;
426 }
427
428 if (PyModule_AddObject(module, "X509Req", (PyObject *)&crypto_X509Req_Type) != 0) {
429 return 0;
430 }
431
432 if (PyModule_AddObject(module, "X509ReqType", (PyObject *)&crypto_X509Req_Type) != 0) {
433 return 0;
434 }
435
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]436 return 1;
437}