Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / cf20dd6b2003b73aae77c3ea9bed3f4392408d29 / . / src / crypto / x509req.c
blob: 4c6acd25135e28c31c462971af9e672d0f7ed4ce [file] [log] [blame]
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]1/*
2 * x509req.c
3 *
4 * Copyright (C) AB Strakt 2001, All rights reserved
Jean-Paul Calderone8b63d452008-03-21 18:31:12 -0400[diff] [blame]5 * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]6 *
7 * X.509 Request handling, mostly thin wrapping.
8 * See the file RATIONALE for a short explanation of why this module was written.
9 */
10#include <Python.h>
11#define crypto_MODULE
12#include "crypto.h"
13
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]14
15static char crypto_X509Req_get_subject_doc[] = "\n\
16Create an X509Name object for the subject of the certificate request\n\
17\n\
18Arguments: self - The X509Req object\n\
19 args - The Python argument tuple, should be empty\n\
20Returns: An X509Name object\n\
21";
22
23static PyObject *
24crypto_X509Req_get_subject(crypto_X509ReqObj *self, PyObject *args)
25{
26 crypto_X509NameObj *crypto_X509Name_New(X509_NAME *, int);
27 X509_NAME *name;
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500[diff] [blame]28 crypto_X509NameObj* pyname;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]29
30 if (!PyArg_ParseTuple(args, ":get_subject"))
31 return NULL;
32
33 if ((name = X509_REQ_get_subject_name(self->x509_req)) == NULL)
34 {
35 exception_from_error_queue();
36 return NULL;
37 }
Jean-Paul Calderone2aa2b332008-03-06 21:43:14 -0500[diff] [blame]38 if ((pyname = crypto_X509Name_New(name, 0)) != NULL) {
39 pyname->parent_cert = (PyObject *)self;
40 Py_INCREF(self);
41 }
42 return (PyObject *)pyname;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]43}
44
45static char crypto_X509Req_get_pubkey_doc[] = "\n\
46Get the public key from the certificate request\n\
47\n\
48Arguments: self - The X509Req object\n\
49 args - The Python argument tuple, should be empty\n\
50Returns: The public key\n\
51";
52
53static PyObject *
54crypto_X509Req_get_pubkey(crypto_X509ReqObj *self, PyObject *args)
55{
56 crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
57 EVP_PKEY *pkey;
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]58 crypto_PKeyObj *py_pkey;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]59
60 if (!PyArg_ParseTuple(args, ":get_pubkey"))
61 return NULL;
62
63 if ((pkey = X509_REQ_get_pubkey(self->x509_req)) == NULL)
64 {
65 exception_from_error_queue();
66 return NULL;
67 }
68
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]69 py_pkey = crypto_PKey_New(pkey, 1);
70 if (py_pkey != NULL) {
71 py_pkey->only_public = 1;
72 }
73 return py_pkey;
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]74}
75
76static char crypto_X509Req_set_pubkey_doc[] = "\n\
77Set the public key of the certificate request\n\
78\n\
79Arguments: self - The X509Req object\n\
80 args - The Python argument tuple, should be:\n\
81 pkey - The public key to use\n\
82Returns: None\n\
83";
84
85static PyObject *
86crypto_X509Req_set_pubkey(crypto_X509ReqObj *self, PyObject *args)
87{
88 crypto_PKeyObj *pkey;
89
90 if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
91 return NULL;
92
93 if (!X509_REQ_set_pubkey(self->x509_req, pkey->pkey))
94 {
95 exception_from_error_queue();
96 return NULL;
97 }
98
99 Py_INCREF(Py_None);
100 return Py_None;
101}
102
103static char crypto_X509Req_sign_doc[] = "\n\
104Sign the certificate request using the supplied key and digest\n\
105\n\
106Arguments: self - The X509Req object\n\
107 args - The Python argument tuple, should be:\n\
108 pkey - The key to sign with\n\
109 digest - The message digest to use\n\
110Returns: None\n\
111";
112
113static PyObject *
114crypto_X509Req_sign(crypto_X509ReqObj *self, PyObject *args)
115{
116 crypto_PKeyObj *pkey;
117 char *digest_name;
118 const EVP_MD *digest;
119
120 if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
121 &digest_name))
122 return NULL;
123
Jean-Paul Calderoneac0d95f2008-03-10 00:00:42 -0400[diff] [blame]124 if (pkey->only_public) {
125 PyErr_SetString(PyExc_ValueError, "Key has only public part");
126 return NULL;
127 }
128
129 if (!pkey->initialized) {
130 PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
131 return NULL;
132 }
133
Jean-Paul Calderone897bc252008-02-18 20:50:23 -0500[diff] [blame]134 if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
135 {
136 PyErr_SetString(PyExc_ValueError, "No such digest method");
137 return NULL;
138 }
139
140 if (!X509_REQ_sign(self->x509_req, pkey->pkey, digest))
141 {
142 exception_from_error_queue();
143 return NULL;
144 }
145
146 Py_INCREF(Py_None);
147 return Py_None;
148}
149
150static char crypto_X509Req_verify_doc[] = "\n\
151Verifies a certificate request using the supplied public key\n\
152 \n\
153Arguments: self - X509Req object\n\
154 args - The Python argument tuple, should be:\n\
155 key - a public key\n\
156Returns: True, if the signature is correct, 0 otherwise.\n\
157";
158
159PyObject *
160crypto_X509Req_verify(crypto_X509ReqObj *self, PyObject *args)
161{
162 PyObject *obj;
163 crypto_PKeyObj *key;
164 int answer;
165
166 if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj))
167 return NULL;
168
169 key = (crypto_PKeyObj *)obj;
170
171 if ((answer = X509_REQ_verify(self->x509_req, key->pkey)) < 0)
172 {
173 exception_from_error_queue();
174 return NULL;
175 }
176
177 return PyInt_FromLong(answer);
178}
179
180static char crypto_X509Req_add_extensions_doc[] = "\n\
181Add extensions to the request.\n\
182\n\
183Arguments: self - X509Req object\n\
184 args - The Python argument tuple, should be:\n\
185 extensions - a sequence of X509Extension objects\n\
186Returns: None\n\
187";
188
189static PyObject *
190crypto_X509Req_add_extensions(crypto_X509ReqObj *self, PyObject *args)
191{
192 PyObject *extensions;
193 crypto_X509ExtensionObj *ext;
194 STACK_OF(X509_EXTENSION) *exts;
195 int nr_of_extensions, i;
196
197 if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
198 return NULL;
199
200 if (!PySequence_Check(extensions))
201 {
202 PyErr_SetString(PyExc_TypeError, "Expected a sequence");
203 return NULL;
204 }
205
206 /* Make a STACK_OF(X509_EXTENSION) from sequence */
207 if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
208 {
209 exception_from_error_queue();
210 return NULL;
211 }
212
213 /* Put the extensions in a stack */
214 nr_of_extensions = PySequence_Length(extensions);
215
216 for (i = 0; i < nr_of_extensions; i++)
217 {
218 ext = (crypto_X509ExtensionObj *)PySequence_GetItem(extensions, i);
219 if (!(crypto_X509Extension_Check(ext)))
220 {
221 PyErr_SetString(PyExc_ValueError,
222 "One of the elements is not an X509Extension");
223 sk_X509_EXTENSION_free(exts);
224 return NULL;
225 }
226 sk_X509_EXTENSION_push(exts, ext->x509_extension);
227 }
228
229 if (!X509_REQ_add_extensions(self->x509_req, exts))
230 {
231 sk_X509_EXTENSION_free(exts);
232 exception_from_error_queue();
233 return NULL;
234 }
235
236 sk_X509_EXTENSION_free(exts);
237
238 Py_INCREF(Py_None);
239 return Py_None;
240}
241
242/*
243 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
244 * { 'name', (PyCFunction)crypto_X509Req_name, METH_VARARGS }
245 * for convenience
246 */
247#define ADD_METHOD(name) \
248 { #name, (PyCFunction)crypto_X509Req_##name, METH_VARARGS, crypto_X509Req_##name##_doc }
249static PyMethodDef crypto_X509Req_methods[] =
250{
251 ADD_METHOD(get_subject),
252 ADD_METHOD(get_pubkey),
253 ADD_METHOD(set_pubkey),
254 ADD_METHOD(sign),
255 ADD_METHOD(verify),
256 ADD_METHOD(add_extensions),
257 { NULL, NULL }
258};
259#undef ADD_METHOD
260
261
262/*
263 * Constructor for X509Req, never called by Python code directly
264 *
265 * Arguments: name - A "real" X509_REQ object
266 * dealloc - Boolean value to specify whether the destructor should
267 * free the "real" X509_REQ object
268 * Returns: The newly created X509Req object
269 */
270crypto_X509ReqObj *
271crypto_X509Req_New(X509_REQ *req, int dealloc)
272{
273 crypto_X509ReqObj *self;
274
275 self = PyObject_New(crypto_X509ReqObj, &crypto_X509Req_Type);
276
277 if (self == NULL)
278 return NULL;
279
280 self->x509_req = req;
281 self->dealloc = dealloc;
282
283 return self;
284}
285
286/*
287 * Deallocate the memory used by the X509Req object
288 *
289 * Arguments: self - The X509Req object
290 * Returns: None
291 */
292static void
293crypto_X509Req_dealloc(crypto_X509ReqObj *self)
294{
295 /* Sometimes we don't have to dealloc this */
296 if (self->dealloc)
297 X509_REQ_free(self->x509_req);
298
299 PyObject_Del(self);
300}
301
302
303/*
304 * Find attribute.
305 *
306 * Arguments: self - The X509Req object
307 * name - The attribute name
308 * Returns: A Python object for the attribute, or NULL if something went
309 * wrong
310 */
311static PyObject *
312crypto_X509Req_getattr(crypto_X509ReqObj *self, char *name)
313{
314 return Py_FindMethod(crypto_X509Req_methods, (PyObject *)self, name);
315}
316
317PyTypeObject crypto_X509Req_Type = {
318 PyObject_HEAD_INIT(NULL)
319 0,
320 "X509Req",
321 sizeof(crypto_X509ReqObj),
322 0,
323 (destructor)crypto_X509Req_dealloc,
324 NULL, /* print */
325 (getattrfunc)crypto_X509Req_getattr,
326};
327
328
329/*
330 * Initialize the X509Req part of the crypto module
331 *
332 * Arguments: dict - The crypto module dictionary
333 * Returns: None
334 */
335int
336init_crypto_x509req(PyObject *dict)
337{
338 crypto_X509Req_Type.ob_type = &PyType_Type;
339 Py_INCREF(&crypto_X509Req_Type);
340 PyDict_SetItemString(dict, "X509ReqType", (PyObject *)&crypto_X509Req_Type);
341 return 1;
342}