Chromium Code Reviews Chromium Code Reviews
Issue 9515015:
Support reading PEM files in TLSLite (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 """Class representing an X.509 certificate chain.""" | 1 """Class representing an X.509 certificate chain.""" |
| 2 | 2 |
| 3 from utils import cryptomath | 3 from utils import cryptomath |
| 4 from X509 import X509 | |
| 4 | 5 |
| 5 class X509CertChain: | 6 class X509CertChain: |
| 6 """This class represents a chain of X.509 certificates. | 7 """This class represents a chain of X.509 certificates. |
| 7 | 8 |
| 8 @type x509List: list | 9 @type x509List: list |
| 9 @ivar x509List: A list of L{tlslite.X509.X509} instances, | 10 @ivar x509List: A list of L{tlslite.X509.X509} instances, |
| 10 starting with the end-entity certificate and with every | 11 starting with the end-entity certificate and with every |
| 11 subsequent certificate certifying the previous. | 12 subsequent certificate certifying the previous. |
| 12 """ | 13 """ |
| 13 | 14 |
| 14 def __init__(self, x509List=None): | 15 def __init__(self, x509List=None): |
| 15 """Create a new X509CertChain. | 16 """Create a new X509CertChain. |
| 16 | 17 |
| 17 @type x509List: list | 18 @type x509List: list |
| 18 @param x509List: A list of L{tlslite.X509.X509} instances, | 19 @param x509List: A list of L{tlslite.X509.X509} instances, |
| 19 starting with the end-entity certificate and with every | 20 starting with the end-entity certificate and with every |
| 20 subsequent certificate certifying the previous. | 21 subsequent certificate certifying the previous. |
| 21 """ | 22 """ |
| 22 if x509List: | 23 if x509List: |
| 23 self.x509List = x509List | 24 self.x509List = x509List |
| 24 else: | 25 else: |
| 25 self.x509List = [] | 26 self.x509List = [] |
| 26 | 27 |
| 28 def parseChain(self, s): | |
| 29 """Parse a PEM-encoded X.509 certificate file chain file. | |
|
wtc
2012/03/02 23:32:18
Typo: certificate file chain file => certificate c
| |
| 30 | |
| 31 @type s: str | |
| 32 @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every | |
|
wtc
2012/03/02 23:32:18
Should we say "certificate chain file" instead?
| |
| 33 certificate wrapped within "-----BEGIN CERTIFICATE-----" and | |
| 34 "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, | |
|
wtc
2012/03/02 23:32:18
Remove the closing ')' after "tags". Make the sam
| |
| 35 such as human readable representations, will be ignored. | |
| 36 """ | |
| 37 | |
| 38 class PEMIterator(object): | |
| 39 """Simple iterator over PEM-encoded certificates within a string. | |
| 40 | |
| 41 @type data: string | |
| 42 @ivar data: A string containing PEM-encoded (Base64) certificates, | |
| 43 with every certificate wrapped within "-----BEGIN CERTIFICATE-----" | |
| 44 and "-----END CERTIFICATE-----" tags). Extraneous data outside such | |
| 45 tags, such as human readable representations, will be ignored. | |
| 46 | |
| 47 @type index: integer | |
| 48 @ivar index: The current offset within data to begin iterating from. | |
| 49 """ | |
| 50 | |
| 51 _CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----" | |
| 52 """The PEM encoding block header for X.509 certificates.""" | |
| 53 | |
| 54 _CERTIFICATE_FOOTER = "-----END CERTIFICATE-----" | |
| 55 """The PEM encoding block footer for X.509 certificates.""" | |
| 56 | |
| 57 def __init__(self, s): | |
| 58 self.data = s | |
| 59 self.index = 0 | |
| 60 | |
| 61 def __iter__(self): | |
| 62 return self | |
| 63 | |
| 64 def next(self): | |
| 65 """Iterates and returns the next L{tlslite.X509.X509} | |
| 66 certificate in data. | |
| 67 | |
| 68 @rtype tlslite.X509.X509 | |
| 69 """ | |
| 70 | |
| 71 self.index = self.data.find(self._CERTIFICATE_HEADER, | |
| 72 self.index) | |
| 73 if self.index == -1: | |
| 74 raise StopIteration | |
| 75 end = self.data.find(self._CERTIFICATE_FOOTER, self.index) | |
| 76 if end == -1: | |
| 77 raise StopIteration | |
| 78 | |
| 79 certStr = self.data[self.index+len(self._CERTIFICATE_HEADER) : | |
|
wtc
2012/03/02 23:32:18
Nit: add spaces around the '+'? Or are you trying
| |
| 80 end] | |
| 81 self.index = end + len(self._CERTIFICATE_FOOTER) | |
| 82 bytes = cryptomath.base64ToBytes(certStr) | |
| 83 return X509().parseBinary(bytes) | |
| 84 | |
| 85 self.x509List = list(PEMIterator(s)) | |
| 86 return self | |
| 87 | |
| 27 def getNumCerts(self): | 88 def getNumCerts(self): |
| 28 """Get the number of certificates in this chain. | 89 """Get the number of certificates in this chain. |
| 29 | 90 |
| 30 @rtype: int | 91 @rtype: int |
| 31 """ | 92 """ |
| 32 return len(self.x509List) | 93 return len(self.x509List) |
| 33 | 94 |
| 34 def getEndEntityPublicKey(self): | 95 def getEndEntityPublicKey(self): |
| 35 """Get the public key from the end-entity certificate. | 96 """Get the public key from the end-entity certificate. |
| 36 | 97 |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 172 return False | 233 return False |
| 173 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): | 234 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): |
| 174 return False | 235 return False |
| 175 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): | 236 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): |
| 176 return False | 237 return False |
| 177 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): | 238 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): |
| 178 return False | 239 return False |
| 179 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): | 240 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): |
| 180 return False | 241 return False |
| 181 return True | 242 return True |
| OLD | NEW |
