[Commits] (heikki) We can now create a certificate (without extensions, though).

commits at osafoundation.org commits at osafoundation.org
Fri Mar 5 18:40:37 PST 2004 

Commit by: heikki
Modified files:
osaf/chandler/m2crypto/M2Crypto/X509.py 1.2 1.3
osaf/chandler/m2crypto/SWIG/_x509.i 1.3 1.4
osaf/chandler/m2crypto/demo/x509/ca.py 1.2 1.3

Log message:
We can now create a certificate (without extensions, though).


ViewCVS links:
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/M2Crypto/X509.py.diff?r1=text&tr1=1.2&r2=text&tr2=1.3
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_x509.i.diff?r1=text&tr1=1.3&r2=text&tr2=1.4
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/ca.py.diff?r1=text&tr1=1.2&r2=text&tr2=1.3

Index: osaf/chandler/m2crypto/demo/x509/ca.py
diff -u osaf/chandler/m2crypto/demo/x509/ca.py:1.2 osaf/chandler/m2crypto/demo/x509/ca.py:1.3
--- osaf/chandler/m2crypto/demo/x509/ca.py:1.2	Fri Mar  5 16:16:39 2004
+++ osaf/chandler/m2crypto/demo/x509/ca.py	Fri Mar  5 18:40:06 2004
@@ -10,39 +10,67 @@
 Author: Heikki Toivonen
 """
 
-from M2Crypto import RSA, X509, EVP, m2
+from M2Crypto import RSA, X509, EVP, m2, Rand, Err
 
-### key
-# XXX Need to initialize rand
 # XXX Do I actually need more keys?
-key = RSA.gen_key(2048, m2.RSA_F4)
+# XXX Check return values from functions
 
-### request
-req = X509.Request()
-pkey = EVP.PKey()
-pkey.assign_rsa(key)
-req.set_version(0)# Seems to default to 0, but we can now set it as well
-req.set_pubkey(pkey)
-# XXX Need to set subjectName
-req.sign(pkey, 'sha1')
+def generateRSAKey():
+    return RSA.gen_key(2048, m2.RSA_F4)
 
-print req.as_text()
-
-### Certificate
-#req.verify(pkey)
-cert = X509.X509()
-cert.set_version(2)
-# XXX Set subjectName
-# XXX Set issuerName
-cert.set_pubkey(pkey)
-notBefore = m2.x509_get_not_before(cert.x509)
-notAfter  = m2.x509_get_not_after(cert.x509)
-m2.x509_gmtime_adj(notBefore, 0)
-days = 30
-m2.x509_gmtime_adj(notAfter, 60*60*24*days)
-
-# XXX extensions
-
-cert.sign(pkey, 'sha1')
-
-print cert.as_text()
+def makePKey(key):
+    pkey = EVP.PKey()
+    pkey.assign_rsa(key)
+    return pkey
+    
+def makeRequest(pkey):
+    req = X509.Request()
+    req.set_version(0)# Seems to default to 0, but we can now set it as well
+    req.set_pubkey(pkey)
+    req.set_pubkey(EVP.PKey(req.get_pubkey()))# Just a test of the API
+    name = X509.X509_Name()
+    name.CN = 'My CA, Inc.'
+    req.set_subject(name)
+    # XXX Extensions
+    req.sign(pkey, 'sha1')
+    return req
+
+def makeCert(req, caPkey):
+    pkey = req.get_pubkey()
+    #woop = makePKey(generateRSAKey())
+    #if not req.verify(woop.pkey):
+    if not req.verify(pkey):
+        # XXX What error object should I use?
+        raise ValueError, 'Error verifying request'
+    sub = req.get_subject()
+    # If this were a real certificate request, you would display
+    # all the relevant data from the request and ask a human operator
+    # if you were sure. Now we just create the certificate blindly based
+    # on the request.
+    cert = X509.X509()
+    cert.set_version(2)
+    cert.set_subject(sub)
+    issuer = X509.X509_Name()
+    issuer.CN = 'The Issuer Monkey'
+    issuer.O = 'The Organization Otherwise Known as My CA, Inc.'
+    cert.set_issuer(issuer)
+    cert.set_pubkey(EVP.PKey(pkey))
+    cert.set_pubkey(EVP.PKey(cert.get_pubkey()))# Just a test of the API
+    notBefore = m2.x509_get_not_before(cert.x509)
+    notAfter  = m2.x509_get_not_after(cert.x509)
+    m2.x509_gmtime_adj(notBefore, 0)
+    days = 30
+    m2.x509_gmtime_adj(notAfter, 60*60*24*days)
+    # XXX extensions
+    cert.sign(caPkey, 'sha1')
+    return cert
+
+if __name__ == '__main__':
+    Rand.load_file('../randpool.dat', -1)
+    key = generateRSAKey()
+    pkey = makePKey(key)
+    req = makeRequest(pkey)
+    print req.as_text()
+    cert = makeCert(req, pkey)
+    print cert.as_text()
+    Rand.save_file('../randpool.dat')

Index: osaf/chandler/m2crypto/SWIG/_x509.i
diff -u osaf/chandler/m2crypto/SWIG/_x509.i:1.3 osaf/chandler/m2crypto/SWIG/_x509.i:1.4
--- osaf/chandler/m2crypto/SWIG/_x509.i:1.3	Fri Mar  5 16:16:39 2004
+++ osaf/chandler/m2crypto/SWIG/_x509.i	Fri Mar  5 18:40:05 2004
@@ -7,7 +7,7 @@
 ** Author: Heikki Toivonen
 */
 
-/* $Id: _x509.i,v 1.3 2004/03/06 00:16:39 heikki Exp $   */
+/* $Id: _x509.i,v 1.4 2004/03/06 02:40:05 heikki Exp $   */
 
 %{
 #include <openssl/x509.h>
@@ -33,10 +33,13 @@
 %name(x509_get_pubkey) extern EVP_PKEY *X509_get_pubkey(X509 *);
 %name(x509_set_pubkey) extern int X509_set_pubkey(X509 *, EVP_PKEY *);
 %name(x509_get_issuer_name) extern X509_NAME *X509_get_issuer_name(X509 *);
+%name(x509_set_issuer_name) extern int X509_set_issuer_name(X509 *, X509_NAME *);
 %name(x509_get_subject_name) extern X509_NAME *X509_get_subject_name(X509 *);
+%name(x509_set_subject_name) extern int X509_set_subject_name(X509 *, X509_NAME *);
 
 %name(x509_get_verify_error) extern const char *X509_verify_cert_error_string(long);
 
+%name(x509_req_get_pubkey) extern EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *);
 %name(x509_req_set_pubkey) extern int X509_REQ_set_pubkey(X509_REQ *, EVP_PKEY *);
 
 %name(i2d_x509) extern int i2d_X509_bio(BIO *, X509 *);
@@ -175,6 +178,11 @@
     return X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, PyString_AsString(obj), -1, -1, 0);
 }
 
+/* XXX I could not find the declaration of X509_NAME_new so just guessing */
+X509_NAME *x509_name_new() {
+    return X509_NAME_new();
+}
+
 /* sk_X509_new_null() is a macro returning "STACK_OF(X509) *". */
 STACK *sk_x509_new_null(void) {
     return (STACK *)sk_X509_new_null();
@@ -233,6 +241,11 @@
 
 int x509_req_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md) {
     return X509_REQ_sign(x, pkey, md);
+}
+
+/* X509_REQ_verify could be a define */
+int x509_req_verify(X509_REQ *x, EVP_PKEY *pkey) {
+    return X509_REQ_verify(x, pkey);
 }
 %}
 

Index: osaf/chandler/m2crypto/M2Crypto/X509.py
diff -u osaf/chandler/m2crypto/M2Crypto/X509.py:1.2 osaf/chandler/m2crypto/M2Crypto/X509.py:1.3
--- osaf/chandler/m2crypto/M2Crypto/X509.py:1.2	Fri Mar  5 15:02:11 2004
+++ osaf/chandler/m2crypto/M2Crypto/X509.py	Fri Mar  5 18:40:04 2004
@@ -15,7 +15,7 @@
 Author: Heikki Toivonen
 """
 
-RCS_id='$Id: X509.py,v 1.2 2004/03/05 23:02:11 heikki Exp $'
+RCS_id='$Id: X509.py,v 1.3 2004/03/06 02:40:04 heikki Exp $'
 
 # M2Crypto
 import ASN1, BIO, Err
@@ -48,9 +48,12 @@
            'Email' : m2.NID_pkcs9_emailAddress,
            'emailAddress': m2.NID_pkcs9_emailAddress}
 
-    def __init__(self, x509_name, _pyfree=0):
-        assert m2.x509_name_type_check(x509_name), "'x509_name' type error" 
-        self.x509_name = x509_name
+    def __init__(self, x509_name=None, _pyfree=0):
+        if x509_name is not None:
+            assert m2.x509_name_type_check(x509_name), "'x509_name' type error"
+            self.x509_name = x509_name
+        else:
+            self.x509_name = m2.x509_name_new()
         self._pyfree = _pyfree
 
     def __del__(self):
@@ -165,10 +168,34 @@
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return X509_Name(m2.x509_get_issuer_name(self.x509))
 
+    def set_issuer(self, name):
+        """
+        Set issuer name.
+
+        @type name:     X509_Name
+        @param name:    subjectName field.
+        @rtype:         XXX
+        @return:        XXX
+        """
+        assert m2.x509_type_check(self.x509), "'x509' type error"
+        return m2.x509_set_issuer_name(self.x509, name.x509_name)
+
     def get_subject(self):
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return X509_Name(m2.x509_get_subject_name(self.x509))
 
+    def set_subject(self, name):
+        """
+        Set subject name.
+
+        @type name:     X509_Name
+        @param name:    subjectName field.
+        @rtype:         XXX
+        @return:        XXX
+        """
+        assert m2.x509_type_check(self.x509), "'x509' type error"
+        return m2.x509_set_subject_name(self.x509, name.x509_name)
+
     def sign(self, pkey, md):
         """
         Sign the certificate.
@@ -288,6 +315,15 @@
         bio=BIO.openfile(filename, 'wb')
         return m2.x509_req_write_pem(bio.bio_ptr(), self.req)
 
+    def get_pubkey(self):
+        """
+        Get the public key for the request.
+
+        @rtype:      EVP_PKEY
+        @return:     Public key from the request.
+        """
+        return m2.x509_req_get_pubkey(self.req)
+
     def set_pubkey(self, pkey):
         """
         Set the public key for the request.
@@ -302,13 +338,24 @@
     def get_subject(self):
         return X509_Name(m2.x509_req_get_subject_name(self.req))
 
+    def set_subject(self, name):
+        """
+        Set subject name.
+
+        @type name:     X509_Name
+        @param name:    subjectName field.
+        @rtype:         XXX
+        @return:        XXX
+        """
+        return m2.x509_req_set_subject_name(self.req, name.x509_name)
+
     def set_version(self, version):
         """
         Set version.
 
-        @type version:  an integer
+        @type version:  integer
         @param version: Version number.
-        @rtype:         an integer
+        @rtype:         integer
         @return:        Returns 0 on failure.
         """
         return m2.x509_req_set_version(self.req, version)

More information about the Commits mailing list