[Commits] (heikki) Work in progress to make it possible to create X509 certificates with Python.

commits at osafoundation.org commits at osafoundation.org
Fri Mar 5 15:02:44 PST 2004


Commit by: heikki
Modified files:
osaf/chandler/m2crypto/M2Crypto/X509.py 1.1.1.1 1.2
osaf/chandler/m2crypto/SWIG/_x509.i 1.1.1.1 1.2
osaf/chandler/m2crypto/demo/x509/ca.py None 1.1

Log message:
Work in progress to make it possible to create X509 certificates with Python.


ViewCVS links:
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/M2Crypto/X509.py.diff?r1=text&tr1=1.1.1.1&r2=text&tr2=1.2
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_x509.i.diff?r1=text&tr1=1.1.1.1&r2=text&tr2=1.2
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/ca.py?rev=1.1&content-type=text/vnd.viewcvs-markup

Index: osaf/chandler/m2crypto/M2Crypto/X509.py
diff -u osaf/chandler/m2crypto/M2Crypto/X509.py:1.1.1.1 osaf/chandler/m2crypto/M2Crypto/X509.py:1.2
--- osaf/chandler/m2crypto/M2Crypto/X509.py:1.1.1.1	Mon Mar  1 11:43:40 2004
+++ osaf/chandler/m2crypto/M2Crypto/X509.py	Fri Mar  5 15:02:11 2004
@@ -4,15 +4,18 @@
 certificate operations (mainly attribute getters for 
 authentication purposes) from within an SSL connection.
 
-This module is emphatically not sufficient to implement CA-like
-functionality in Python. Given the availability of open source CA 
-tools such as OpenSSL's CA.[sh|pl], Oscar, IBM's XXX, it is 
-unlikely that this module will ever evolve to the aforementioned
-sufficiency.
+Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved.
 
-Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved."""
+Open Source Applications Foundation (OSAF) has extended the functionality
+to make it possible to create and verify certificates programmatically.
 
-RCS_id='$Id: X509.py,v 1.1.1.1 2004/03/01 19:43:40 heikki Exp $'
+Epydoc comments also by OSAF.
+
+OSAF Changes copyright (c) 2004 Open Source Applications Foundation.
+Author: Heikki Toivonen
+"""
+
+RCS_id='$Id: X509.py,v 1.2 2004/03/05 23:02:11 heikki Exp $'
 
 # M2Crypto
 import ASN1, BIO, Err
@@ -82,9 +85,12 @@
     Object interface to an X.509 digital certificate.
     """
 
-    def __init__(self, x509, _pyfree=0):
-        assert m2.x509_type_check(x509), "'x509' type error"
-        self.x509 = x509
+    def __init__(self, x509=None, _pyfree=0):
+        if x509 is not None:
+            assert m2.x509_type_check(x509), "'x509' type error"
+            self.x509 = x509
+        else:
+            self.x509 = m2.x509_new()
         self._pyfree = _pyfree
 
     def __del__(self):
@@ -114,6 +120,18 @@
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return m2.x509_get_version(self.x509)
 
+    def set_version(self, version):
+        """
+        Set version.
+
+        @type version:  an integer
+        @param version: Version number.
+        @rtype:         an integer
+        @return:        Returns 0 on failure.
+        """
+        assert m2.x509_type_check(self.x509), "'x509' type error"    
+        return m2.x509_set_version(self.x509, version)
+
     def get_serial_number(self):
         assert m2.x509_type_check(self.x509), "'x509' type error"
         asn1_integer = m2.x509_get_serial_number(self.x509)
@@ -131,6 +149,18 @@
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return m2.x509_get_pubkey(self.x509)
 
+    def set_pubkey(self, pkey):
+        """
+        Set the public key for the certificate
+
+        @type pkey:  EVP_PKEY
+        @param pkey: Public key
+        @rtype:      XXX
+        @return:     XXX
+        """
+        assert m2.x509_type_check(self.x509), "'x509' type error"
+        return m2.x509_set_pubkey(self.x509, pkey.pkey)
+
     def get_issuer(self):
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return X509_Name(m2.x509_get_issuer_name(self.x509))
@@ -139,6 +169,23 @@
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return X509_Name(m2.x509_get_subject_name(self.x509))
 
+    def sign(self, pkey, md):
+        """
+        Sign the certificate.
+
+        @type pkey:  EVP_PKEY
+        @param pkey: Public key
+        @type md:    string
+        @param md:   Message digest algorithm to use for signing, for example
+                     'sha1'.
+        @rtype:      XXX
+        @return:     XXX
+        """
+        assert m2.x509_type_check(self.x509), "'x509' type error"        
+        mda = getattr(m2, md)
+        if not mda:
+            raise ValueError, ('unknown message digest', md)
+        return m2.x509_sign(self.x509, pkey.pkey, mda())
 
 def load_cert(file):
     bio = BIO.openfile(file)
@@ -212,6 +259,9 @@
 
 
 class Request:
+    """
+    An X509 certificate request. A request is required to make a certificate.
+    """
     def __init__(self, req=None, _pyfree=0):
         if req is not None:
             self.req = req
@@ -239,10 +289,32 @@
         return m2.x509_req_write_pem(bio.bio_ptr(), self.req)
 
     def set_pubkey(self, pkey):
+        """
+        Set the public key for the request.
+
+        @type pkey:  EVP_PKEY
+        @param pkey: Public key
+        @rtype:      XXX
+        @return:     XXX
+        """
         return m2.x509_req_set_pubkey(self.req, pkey.pkey)
 
     def get_subject(self):
         return X509_Name(m2.x509_req_get_subject_name(self.req))
+
+    def set_version(self, version):
+        """
+        Set version.
+
+        @type version:  an integer
+        @param version: Version number.
+        @rtype:         an integer
+        @return:        Returns 0 on failure.
+        """
+        return m2.x509_req_set_version(self.req, version)
+
+    def verify(self, pkey):
+        return m2.x509_req_verify(self.req, pkey)
 
     def sign(self, pkey, md):
         mda = getattr(m2, md)

Index: osaf/chandler/m2crypto/SWIG/_x509.i
diff -u osaf/chandler/m2crypto/SWIG/_x509.i:1.1.1.1 osaf/chandler/m2crypto/SWIG/_x509.i:1.2
--- osaf/chandler/m2crypto/SWIG/_x509.i:1.1.1.1	Mon Mar  1 11:43:41 2004
+++ osaf/chandler/m2crypto/SWIG/_x509.i	Fri Mar  5 15:02:12 2004
@@ -1,5 +1,13 @@
 /* Copyright (c) 1999 Ng Pheng Siong. All rights reserved.  */
-/* $Id: _x509.i,v 1.1.1.1 2004/03/01 19:43:41 heikki Exp $   */
+/* 
+** Open Source Applications Foundation (OSAF) has extended the functionality
+** to make it possible to create and verify certificates programmatically.
+**
+** OSAF Changes copyright (c) 2004 Open Source Applications Foundation.
+** Author: Heikki Toivonen
+*/
+
+/* $Id: _x509.i,v 1.2 2004/03/05 23:02:12 heikki Exp $   */
 
 %{
 #include <openssl/x509.h>
@@ -23,6 +31,7 @@
 
 %name(x509_get_serial_number) extern ASN1_INTEGER *X509_get_serialNumber(X509 *);
 %name(x509_get_pubkey) extern EVP_PKEY *X509_get_pubkey(X509 *);
+%name(x509_set_pubkey) extern int X509_set_pubkey(X509 *, EVP_PKEY *);
 %name(x509_get_issuer_name) extern X509_NAME *X509_get_issuer_name(X509 *);
 %name(x509_get_subject_name) extern X509_NAME *X509_get_subject_name(X509 *);
 
@@ -44,6 +53,10 @@
 %constant int NID_organizationalUnitName      = 18;
 %constant int NID_pkcs9_emailAddress          = 48;
 
+/* Cribbed from rsa.h. */
+%constant int RSA_3                           = 0x3L;
+%constant int RSA_F4                          = 0x10001L;
+
 /* Cribbed from x509_vfy.h. */
 %constant int		X509_V_OK					= 0;
 %constant int		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		= 2;
@@ -114,6 +127,10 @@
     return X509_get_notAfter(x);
 }
 
+ASN1_TIME *x509_gmtime_adj(ASN1_TIME *s, long adj) {
+    return X509_gmtime_adj(s, adj);
+}
+
 /*
 Blob *x509_name_by_nid(X509_NAME *name, int nid) {
     Blob *blob;
@@ -189,8 +206,28 @@
     return 1;
 }
 
+int x509_set_version(X509 *x, long version) {
+    return X509_set_version(x, version);
+}
+
+X509 *x509_new() {
+    return X509_new();
+}
+
+int x509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md) {
+    return X509_sign(x, pkey, md);
+}
+
 X509_NAME *x509_req_get_subject_name(X509_REQ *x) {
     return X509_REQ_get_subject_name(x);
+}
+
+int x509_req_set_subject_name(X509_REQ *x, X509_NAME *name) {
+    return X509_REQ_set_subject_name(x, name);
+}
+
+int x509_req_set_version(X509_REQ *x, long version) {
+    return X509_REQ_set_version(x, version);
 }
 
 int x509_req_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md) {



More information about the Commits mailing list