OLD | NEW |
---|---|
1 """Class representing an X.509 certificate chain.""" | 1 """Class representing an X.509 certificate chain.""" |
2 | 2 |
3 from utils import cryptomath | 3 from utils import cryptomath |
4 from X509 import X509 | |
4 | 5 |
5 class X509CertChain: | 6 class X509CertChain: |
6 """This class represents a chain of X.509 certificates. | 7 """This class represents a chain of X.509 certificates. |
7 | 8 |
8 @type x509List: list | 9 @type x509List: list |
9 @ivar x509List: A list of L{tlslite.X509.X509} instances, | 10 @ivar x509List: A list of L{tlslite.X509.X509} instances, |
10 starting with the end-entity certificate and with every | 11 starting with the end-entity certificate and with every |
11 subsequent certificate certifying the previous. | 12 subsequent certificate certifying the previous. |
12 """ | 13 """ |
13 | 14 |
14 def __init__(self, x509List=None): | 15 def __init__(self, x509List=None): |
15 """Create a new X509CertChain. | 16 """Create a new X509CertChain. |
16 | 17 |
17 @type x509List: list | 18 @type x509List: list |
18 @param x509List: A list of L{tlslite.X509.X509} instances, | 19 @param x509List: A list of L{tlslite.X509.X509} instances, |
19 starting with the end-entity certificate and with every | 20 starting with the end-entity certificate and with every |
20 subsequent certificate certifying the previous. | 21 subsequent certificate certifying the previous. |
21 """ | 22 """ |
22 if x509List: | 23 if x509List: |
23 self.x509List = x509List | 24 self.x509List = x509List |
24 else: | 25 else: |
25 self.x509List = [] | 26 self.x509List = [] |
26 | 27 |
28 def parseChain(self, s): | |
Nico
2012/02/29 00:33:34
Could use a basic unit test
| |
29 """Parse a PEM-encoded X.509 certificate file chain file. | |
30 | |
31 @type s: str | |
Nico
2012/02/29 00:33:34
s isn't a great parameter name. parameters are par
| |
32 @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every | |
33 certificate wrapped within "-----BEGIN CERTIFICATE-----" and | |
34 "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, | |
35 such as human readable representations, will be ignored. | |
36 """ | |
37 | |
38 class PEMIterator(object): | |
39 """Simple iterator over PEM-encoded certificates within a string. | |
40 | |
41 @type s: string | |
42 @ivar s: A string containing PEM-encoded (Base64) certificates, with | |
43 every certificate wrapped within "-----BEGIN CERTIFICATE-----" and | |
44 "-----END CERTIFICATE-----" tags). Extraneous data outside such | |
45 tags, such as human readable representations, will be ignored. | |
46 | |
47 @type index: integer | |
48 @param index: The current offset within s to begin iterating from | |
Nico
2012/02/29 00:33:34
@ivar index?
| |
49 """ | |
50 | |
51 def __init__(self, s): | |
52 self.s = s | |
53 self.index = 0 | |
54 | |
55 def __iter__(self): | |
56 return self | |
57 | |
58 def next(self): | |
59 """Iterates and returns the next L{tlslite.X509.X509} | |
60 certificate in s | |
61 | |
62 @rtype tlslite.X509.X509 | |
63 """ | |
64 | |
65 self.index = self.s.find("-----BEGIN CERTIFICATE-----", | |
Nico
2012/02/29 00:33:34
Make these strings "constants"?
| |
66 self.index) | |
67 if (self.index == -1): | |
Nico
2012/02/29 00:33:34
no parens
| |
68 raise StopIteration | |
69 end = self.s.find("-----END CERTIFICATE-----", self.index) | |
70 if (end == -1): | |
Nico
2012/02/29 00:33:34
no parens
| |
71 raise StopIteration | |
72 | |
73 certStr = self.s[self.index+len("-----BEGIN CERTIFICATE-----") : | |
74 end] | |
75 self.index = end + len("-----END CERTIFICATE-----") | |
76 bytes = cryptomath.base64ToBytes(certStr) | |
77 cert = X509() | |
78 cert.parseBinary(bytes) | |
79 return cert | |
80 | |
81 certs = [] | |
82 for cert in PEMIterator(s): | |
83 certs.append(cert) | |
84 self.x509List = certs | |
Nico
2012/02/29 00:33:34
Does `self.x509List = list(PEMIerator(s))` work as
| |
85 return self | |
86 | |
27 def getNumCerts(self): | 87 def getNumCerts(self): |
28 """Get the number of certificates in this chain. | 88 """Get the number of certificates in this chain. |
29 | 89 |
30 @rtype: int | 90 @rtype: int |
31 """ | 91 """ |
32 return len(self.x509List) | 92 return len(self.x509List) |
33 | 93 |
34 def getEndEntityPublicKey(self): | 94 def getEndEntityPublicKey(self): |
35 """Get the public key from the end-entity certificate. | 95 """Get the public key from the end-entity certificate. |
36 | 96 |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
172 return False | 232 return False |
173 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): | 233 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): |
174 return False | 234 return False |
175 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): | 235 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): |
176 return False | 236 return False |
177 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): | 237 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): |
178 return False | 238 return False |
179 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): | 239 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): |
180 return False | 240 return False |
181 return True | 241 return True |
OLD | NEW |