OLD | NEW |
---|---|
1 """Class representing an X.509 certificate chain.""" | 1 """Class representing an X.509 certificate chain.""" |
2 | 2 |
3 from utils import cryptomath | 3 from utils import cryptomath |
4 from X509 import X509 | |
4 | 5 |
5 class X509CertChain: | 6 class X509CertChain: |
6 """This class represents a chain of X.509 certificates. | 7 """This class represents a chain of X.509 certificates. |
7 | 8 |
8 @type x509List: list | 9 @type x509List: list |
9 @ivar x509List: A list of L{tlslite.X509.X509} instances, | 10 @ivar x509List: A list of L{tlslite.X509.X509} instances, |
10 starting with the end-entity certificate and with every | 11 starting with the end-entity certificate and with every |
11 subsequent certificate certifying the previous. | 12 subsequent certificate certifying the previous. |
12 """ | 13 """ |
13 | 14 |
14 def __init__(self, x509List=None): | 15 def __init__(self, x509List=None): |
15 """Create a new X509CertChain. | 16 """Create a new X509CertChain. |
16 | 17 |
17 @type x509List: list | 18 @type x509List: list |
18 @param x509List: A list of L{tlslite.X509.X509} instances, | 19 @param x509List: A list of L{tlslite.X509.X509} instances, |
19 starting with the end-entity certificate and with every | 20 starting with the end-entity certificate and with every |
20 subsequent certificate certifying the previous. | 21 subsequent certificate certifying the previous. |
21 """ | 22 """ |
22 if x509List: | 23 if x509List: |
23 self.x509List = x509List | 24 self.x509List = x509List |
24 else: | 25 else: |
25 self.x509List = [] | 26 self.x509List = [] |
26 | 27 |
28 def parseChain(self, s): | |
29 """Parse a PEM-encoded X.509 certificate file chain file. | |
30 | |
31 @type s: str | |
32 @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every | |
33 certificate wrapped within "-----BEGIN CERTIFICATE-----" and | |
34 "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, | |
35 such as human readable representations, will be ignored. | |
36 """ | |
37 | |
38 class PEMIterator(object): | |
39 """Simple iterator over PEM-encoded certificates within a string. | |
40 | |
41 @type data: string | |
42 @ivar data: A string containing PEM-encoded (Base64) certificates, | |
43 with every certificate wrapped within "-----BEGIN CERTIFICATE-----" | |
44 and "-----END CERTIFICATE-----" tags). Extraneous data outside such | |
45 tags, such as human readable representations, will be ignored. | |
46 | |
47 @type index: integer | |
48 @ivar index: The current offset within data to begin iterating from. | |
49 """ | |
50 | |
51 _CERTIFICATE_HEADER = "----BEGIN CERTIFICATE-----" | |
agl
2012/03/02 01:24:51
There's only four '-' at the beginning. Also, you
| |
52 """The PEM encoding block header for X.509 certificates.""" | |
53 | |
54 _CERTIFICATE_FOOTER = "----END CERTIFICATE-----" | |
55 """The PEM encoding block footer for X.509 certificates.""" | |
56 | |
57 def __init__(self, s): | |
58 self.data = s | |
59 self.index = 0 | |
60 | |
61 def __iter__(self): | |
62 return self | |
63 | |
64 def next(self): | |
65 """Iterates and returns the next L{tlslite.X509.X509} | |
66 certificate in data. | |
67 | |
68 @rtype tlslite.X509.X509 | |
69 """ | |
70 | |
71 self.index = self.data.find(self._CERTIFICATE_HEADER, | |
72 self.index) | |
73 if self.index == -1: | |
74 raise StopIteration | |
75 end = self.data.find(self._CERTIFICATE_FOOTER, self.index) | |
76 if end == -1: | |
77 raise StopIteration | |
78 | |
79 certStr = self.data[self.index+len(self._CERTIFICATE_HEADER) : | |
80 end] | |
81 self.index = end + len(self._CERTIFICATE_FOOTER) | |
82 bytes = cryptomath.base64ToBytes(certStr) | |
83 return X509().parseBinary(bytes) | |
84 | |
85 self.x509List = list(PEMIterator(s)) | |
86 return self | |
87 | |
27 def getNumCerts(self): | 88 def getNumCerts(self): |
28 """Get the number of certificates in this chain. | 89 """Get the number of certificates in this chain. |
29 | 90 |
30 @rtype: int | 91 @rtype: int |
31 """ | 92 """ |
32 return len(self.x509List) | 93 return len(self.x509List) |
33 | 94 |
34 def getEndEntityPublicKey(self): | 95 def getEndEntityPublicKey(self): |
35 """Get the public key from the end-entity certificate. | 96 """Get the public key from the end-entity certificate. |
36 | 97 |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
172 return False | 233 return False |
173 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): | 234 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): |
174 return False | 235 return False |
175 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): | 236 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): |
176 return False | 237 return False |
177 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): | 238 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): |
178 return False | 239 return False |
179 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): | 240 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): |
180 return False | 241 return False |
181 return True | 242 return True |
OLD | NEW |