OLD | NEW |
1 """Class representing an X.509 certificate chain.""" | 1 """Class representing an X.509 certificate chain.""" |
2 | 2 |
3 from utils import cryptomath | 3 from utils import cryptomath |
| 4 from X509 import X509 |
4 | 5 |
5 class X509CertChain: | 6 class X509CertChain: |
6 """This class represents a chain of X.509 certificates. | 7 """This class represents a chain of X.509 certificates. |
7 | 8 |
8 @type x509List: list | 9 @type x509List: list |
9 @ivar x509List: A list of L{tlslite.X509.X509} instances, | 10 @ivar x509List: A list of L{tlslite.X509.X509} instances, |
10 starting with the end-entity certificate and with every | 11 starting with the end-entity certificate and with every |
11 subsequent certificate certifying the previous. | 12 subsequent certificate certifying the previous. |
12 """ | 13 """ |
13 | 14 |
14 def __init__(self, x509List=None): | 15 def __init__(self, x509List=None): |
15 """Create a new X509CertChain. | 16 """Create a new X509CertChain. |
16 | 17 |
17 @type x509List: list | 18 @type x509List: list |
18 @param x509List: A list of L{tlslite.X509.X509} instances, | 19 @param x509List: A list of L{tlslite.X509.X509} instances, |
19 starting with the end-entity certificate and with every | 20 starting with the end-entity certificate and with every |
20 subsequent certificate certifying the previous. | 21 subsequent certificate certifying the previous. |
21 """ | 22 """ |
22 if x509List: | 23 if x509List: |
23 self.x509List = x509List | 24 self.x509List = x509List |
24 else: | 25 else: |
25 self.x509List = [] | 26 self.x509List = [] |
26 | 27 |
| 28 def parseChain(self, s): |
| 29 """Parse a PEM-encoded X.509 certificate file chain file. |
| 30 |
| 31 @type s: str |
| 32 @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every |
| 33 certificate wrapped within "-----BEGIN CERTIFICATE-----" and |
| 34 "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, |
| 35 such as human readable representations, will be ignored. |
| 36 """ |
| 37 |
| 38 class PEMIterator(object): |
| 39 """Simple iterator over PEM-encoded certificates within a string. |
| 40 |
| 41 @type data: string |
| 42 @ivar data: A string containing PEM-encoded (Base64) certificates, |
| 43 with every certificate wrapped within "-----BEGIN CERTIFICATE-----" |
| 44 and "-----END CERTIFICATE-----" tags). Extraneous data outside such |
| 45 tags, such as human readable representations, will be ignored. |
| 46 |
| 47 @type index: integer |
| 48 @ivar index: The current offset within data to begin iterating from. |
| 49 """ |
| 50 |
| 51 CERTIFICATE_HEADER = "----BEGIN CERTIFICATE-----" |
| 52 CERTIFICATE_FOOTER = "----END CERTIFICATE-----" |
| 53 |
| 54 def __init__(self, s): |
| 55 self.data = s |
| 56 self.index = 0 |
| 57 |
| 58 def __iter__(self): |
| 59 return self |
| 60 |
| 61 def next(self): |
| 62 """Iterates and returns the next L{tlslite.X509.X509} |
| 63 certificate in data. |
| 64 |
| 65 @rtype tlslite.X509.X509 |
| 66 """ |
| 67 |
| 68 self.index = self.data.find(self.CERTIFICATE_HEADER, self.index) |
| 69 if self.index == -1: |
| 70 raise StopIteration |
| 71 end = self.data.find(self.CERTIFICATE_FOOTER, self.index) |
| 72 if end == -1: |
| 73 raise StopIteration |
| 74 |
| 75 certStr = self.data[self.index+len(self.CERTIFICATE_HEADER) : |
| 76 end] |
| 77 self.index = end + len(self.CERTIFICATE_FOOTER) |
| 78 bytes = cryptomath.base64ToBytes(certStr) |
| 79 return X509().parseBinary(bytes) |
| 80 |
| 81 self.x509List = list(PEMIterator(s)) |
| 82 return self |
| 83 |
27 def getNumCerts(self): | 84 def getNumCerts(self): |
28 """Get the number of certificates in this chain. | 85 """Get the number of certificates in this chain. |
29 | 86 |
30 @rtype: int | 87 @rtype: int |
31 """ | 88 """ |
32 return len(self.x509List) | 89 return len(self.x509List) |
33 | 90 |
34 def getEndEntityPublicKey(self): | 91 def getEndEntityPublicKey(self): |
35 """Get the public key from the end-entity certificate. | 92 """Get the public key from the end-entity certificate. |
36 | 93 |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
172 return False | 229 return False |
173 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): | 230 if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME): |
174 return False | 231 return False |
175 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): | 232 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME): |
176 return False | 233 return False |
177 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): | 234 if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME): |
178 return False | 235 return False |
179 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): | 236 if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME): |
180 return False | 237 return False |
181 return True | 238 return True |
OLD | NEW |