[Commits] (heikki) Work in progress to make it possible to create
X509 certificates with Python.
commits at osafoundation.org
commits at osafoundation.org
Fri Mar 5 15:02:44 PST 2004
Commit by: heikki
Modified files:
osaf/chandler/m2crypto/M2Crypto/X509.py 1.1.1.1 1.2
osaf/chandler/m2crypto/SWIG/_x509.i 1.1.1.1 1.2
osaf/chandler/m2crypto/demo/x509/ca.py None 1.1
Log message:
Work in progress to make it possible to create X509 certificates with Python.
ViewCVS links:
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/M2Crypto/X509.py.diff?r1=text&tr1=1.1.1.1&r2=text&tr2=1.2
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_x509.i.diff?r1=text&tr1=1.1.1.1&r2=text&tr2=1.2
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/ca.py?rev=1.1&content-type=text/vnd.viewcvs-markup
Index: osaf/chandler/m2crypto/M2Crypto/X509.py
diff -u osaf/chandler/m2crypto/M2Crypto/X509.py:1.1.1.1 osaf/chandler/m2crypto/M2Crypto/X509.py:1.2
--- osaf/chandler/m2crypto/M2Crypto/X509.py:1.1.1.1 Mon Mar 1 11:43:40 2004
+++ osaf/chandler/m2crypto/M2Crypto/X509.py Fri Mar 5 15:02:11 2004
@@ -4,15 +4,18 @@
certificate operations (mainly attribute getters for
authentication purposes) from within an SSL connection.
-This module is emphatically not sufficient to implement CA-like
-functionality in Python. Given the availability of open source CA
-tools such as OpenSSL's CA.[sh|pl], Oscar, IBM's XXX, it is
-unlikely that this module will ever evolve to the aforementioned
-sufficiency.
+Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved.
-Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved."""
+Open Source Applications Foundation (OSAF) has extended the functionality
+to make it possible to create and verify certificates programmatically.
-RCS_id='$Id: X509.py,v 1.1.1.1 2004/03/01 19:43:40 heikki Exp $'
+Epydoc comments also by OSAF.
+
+OSAF Changes copyright (c) 2004 Open Source Applications Foundation.
+Author: Heikki Toivonen
+"""
+
+RCS_id='$Id: X509.py,v 1.2 2004/03/05 23:02:11 heikki Exp $'
# M2Crypto
import ASN1, BIO, Err
@@ -82,9 +85,12 @@
Object interface to an X.509 digital certificate.
"""
- def __init__(self, x509, _pyfree=0):
- assert m2.x509_type_check(x509), "'x509' type error"
- self.x509 = x509
+ def __init__(self, x509=None, _pyfree=0):
+ if x509 is not None:
+ assert m2.x509_type_check(x509), "'x509' type error"
+ self.x509 = x509
+ else:
+ self.x509 = m2.x509_new()
self._pyfree = _pyfree
def __del__(self):
@@ -114,6 +120,18 @@
assert m2.x509_type_check(self.x509), "'x509' type error"
return m2.x509_get_version(self.x509)
+ def set_version(self, version):
+ """
+ Set version.
+
+ @type version: an integer
+ @param version: Version number.
+ @rtype: an integer
+ @return: Returns 0 on failure.
+ """
+ assert m2.x509_type_check(self.x509), "'x509' type error"
+ return m2.x509_set_version(self.x509, version)
+
def get_serial_number(self):
assert m2.x509_type_check(self.x509), "'x509' type error"
asn1_integer = m2.x509_get_serial_number(self.x509)
@@ -131,6 +149,18 @@
assert m2.x509_type_check(self.x509), "'x509' type error"
return m2.x509_get_pubkey(self.x509)
+ def set_pubkey(self, pkey):
+ """
+ Set the public key for the certificate
+
+ @type pkey: EVP_PKEY
+ @param pkey: Public key
+ @rtype: XXX
+ @return: XXX
+ """
+ assert m2.x509_type_check(self.x509), "'x509' type error"
+ return m2.x509_set_pubkey(self.x509, pkey.pkey)
+
def get_issuer(self):
assert m2.x509_type_check(self.x509), "'x509' type error"
return X509_Name(m2.x509_get_issuer_name(self.x509))
@@ -139,6 +169,23 @@
assert m2.x509_type_check(self.x509), "'x509' type error"
return X509_Name(m2.x509_get_subject_name(self.x509))
+ def sign(self, pkey, md):
+ """
+ Sign the certificate.
+
+ @type pkey: EVP_PKEY
+ @param pkey: Public key
+ @type md: string
+ @param md: Message digest algorithm to use for signing, for example
+ 'sha1'.
+ @rtype: XXX
+ @return: XXX
+ """
+ assert m2.x509_type_check(self.x509), "'x509' type error"
+ mda = getattr(m2, md)
+ if not mda:
+ raise ValueError, ('unknown message digest', md)
+ return m2.x509_sign(self.x509, pkey.pkey, mda())
def load_cert(file):
bio = BIO.openfile(file)
@@ -212,6 +259,9 @@
class Request:
+ """
+ An X509 certificate request. A request is required to make a certificate.
+ """
def __init__(self, req=None, _pyfree=0):
if req is not None:
self.req = req
@@ -239,10 +289,32 @@
return m2.x509_req_write_pem(bio.bio_ptr(), self.req)
def set_pubkey(self, pkey):
+ """
+ Set the public key for the request.
+
+ @type pkey: EVP_PKEY
+ @param pkey: Public key
+ @rtype: XXX
+ @return: XXX
+ """
return m2.x509_req_set_pubkey(self.req, pkey.pkey)
def get_subject(self):
return X509_Name(m2.x509_req_get_subject_name(self.req))
+
+ def set_version(self, version):
+ """
+ Set version.
+
+ @type version: an integer
+ @param version: Version number.
+ @rtype: an integer
+ @return: Returns 0 on failure.
+ """
+ return m2.x509_req_set_version(self.req, version)
+
+ def verify(self, pkey):
+ return m2.x509_req_verify(self.req, pkey)
def sign(self, pkey, md):
mda = getattr(m2, md)
Index: osaf/chandler/m2crypto/SWIG/_x509.i
diff -u osaf/chandler/m2crypto/SWIG/_x509.i:1.1.1.1 osaf/chandler/m2crypto/SWIG/_x509.i:1.2
--- osaf/chandler/m2crypto/SWIG/_x509.i:1.1.1.1 Mon Mar 1 11:43:41 2004
+++ osaf/chandler/m2crypto/SWIG/_x509.i Fri Mar 5 15:02:12 2004
@@ -1,5 +1,13 @@
/* Copyright (c) 1999 Ng Pheng Siong. All rights reserved. */
-/* $Id: _x509.i,v 1.1.1.1 2004/03/01 19:43:41 heikki Exp $ */
+/*
+** Open Source Applications Foundation (OSAF) has extended the functionality
+** to make it possible to create and verify certificates programmatically.
+**
+** OSAF Changes copyright (c) 2004 Open Source Applications Foundation.
+** Author: Heikki Toivonen
+*/
+
+/* $Id: _x509.i,v 1.2 2004/03/05 23:02:12 heikki Exp $ */
%{
#include <openssl/x509.h>
@@ -23,6 +31,7 @@
%name(x509_get_serial_number) extern ASN1_INTEGER *X509_get_serialNumber(X509 *);
%name(x509_get_pubkey) extern EVP_PKEY *X509_get_pubkey(X509 *);
+%name(x509_set_pubkey) extern int X509_set_pubkey(X509 *, EVP_PKEY *);
%name(x509_get_issuer_name) extern X509_NAME *X509_get_issuer_name(X509 *);
%name(x509_get_subject_name) extern X509_NAME *X509_get_subject_name(X509 *);
@@ -44,6 +53,10 @@
%constant int NID_organizationalUnitName = 18;
%constant int NID_pkcs9_emailAddress = 48;
+/* Cribbed from rsa.h. */
+%constant int RSA_3 = 0x3L;
+%constant int RSA_F4 = 0x10001L;
+
/* Cribbed from x509_vfy.h. */
%constant int X509_V_OK = 0;
%constant int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2;
@@ -114,6 +127,10 @@
return X509_get_notAfter(x);
}
+ASN1_TIME *x509_gmtime_adj(ASN1_TIME *s, long adj) {
+ return X509_gmtime_adj(s, adj);
+}
+
/*
Blob *x509_name_by_nid(X509_NAME *name, int nid) {
Blob *blob;
@@ -189,8 +206,28 @@
return 1;
}
+int x509_set_version(X509 *x, long version) {
+ return X509_set_version(x, version);
+}
+
+X509 *x509_new() {
+ return X509_new();
+}
+
+int x509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md) {
+ return X509_sign(x, pkey, md);
+}
+
X509_NAME *x509_req_get_subject_name(X509_REQ *x) {
return X509_REQ_get_subject_name(x);
+}
+
+int x509_req_set_subject_name(X509_REQ *x, X509_NAME *name) {
+ return X509_REQ_set_subject_name(x, name);
+}
+
+int x509_req_set_version(X509_REQ *x, long version) {
+ return X509_REQ_set_version(x, version);
}
int x509_req_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md) {
More information about the Commits
mailing list