[Commits] (heikki) More setters and getters, we can now set serial number for example.

commits at osafoundation.org commits at osafoundation.org
Mon Mar 8 20:24:13 PST 2004


Commit by: heikki
Modified files:
osaf/chandler/m2crypto/M2Crypto/X509.py 1.3 1.4
osaf/chandler/m2crypto/SWIG/_asn1.i 1.1.1.1 1.2
osaf/chandler/m2crypto/SWIG/_x509.i 1.4 1.5
osaf/chandler/m2crypto/demo/x509/ca.py 1.4 1.5
osaf/chandler/m2crypto/demo/x509/other.py 1.1 1.2

Log message:
More setters and getters, we can now set serial number for example.


ViewCVS links:
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/M2Crypto/X509.py.diff?r1=text&tr1=1.3&r2=text&tr2=1.4
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_asn1.i.diff?r1=text&tr1=1.1.1.1&r2=text&tr2=1.2
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_x509.i.diff?r1=text&tr1=1.4&r2=text&tr2=1.5
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/ca.py.diff?r1=text&tr1=1.4&r2=text&tr2=1.5
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/other.py.diff?r1=text&tr1=1.1&r2=text&tr2=1.2

Index: osaf/chandler/m2crypto/demo/x509/ca.py
diff -u osaf/chandler/m2crypto/demo/x509/ca.py:1.4 osaf/chandler/m2crypto/demo/x509/ca.py:1.5
--- osaf/chandler/m2crypto/demo/x509/ca.py:1.4	Fri Mar  5 20:40:01 2004
+++ osaf/chandler/m2crypto/demo/x509/ca.py	Mon Mar  8 20:23:42 2004
@@ -14,7 +14,6 @@
 
 # XXX Do I actually need more keys?
 # XXX Check return values from functions
-# XXX Serial number
 
 def generateRSAKey():
     return RSA.gen_key(2048, m2.RSA_F4)
@@ -26,7 +25,8 @@
     
 def makeRequest(pkey):
     req = X509.Request()
-    req.set_version(0)# Seems to default to 0, but we can now set it as well
+    # Seems to default to 0, but we can now set it as well, so just API test
+    req.set_version(req.get_version())
     req.set_pubkey(pkey)
     req.set_pubkey(EVP.PKey(req.get_pubkey()))# Just a test of the API
     name = X509.X509_Name()
@@ -49,6 +49,9 @@
     # if you were sure. Now we just create the certificate blindly based
     # on the request.
     cert = X509.X509()
+    # We know we are making CA cert now...
+    # Serial defaults to 0.
+    cert.set_serial_number(1)
     cert.set_version(2)
     cert.set_subject(sub)
     issuer = X509.X509_Name()
@@ -67,12 +70,10 @@
     return cert
 
 def ca():
-    Rand.load_file('../randpool.dat', -1)
     key = generateRSAKey()
     pkey = makePKey(key)
     req = makeRequest(pkey)
     cert = makeCert(req, pkey)
-    Rand.save_file('../randpool.dat')
     return (cert, pkey)
 
 if __name__ == '__main__':

Index: osaf/chandler/m2crypto/SWIG/_x509.i
diff -u osaf/chandler/m2crypto/SWIG/_x509.i:1.4 osaf/chandler/m2crypto/SWIG/_x509.i:1.5
--- osaf/chandler/m2crypto/SWIG/_x509.i:1.4	Fri Mar  5 18:40:05 2004
+++ osaf/chandler/m2crypto/SWIG/_x509.i	Mon Mar  8 20:23:40 2004
@@ -7,7 +7,7 @@
 ** Author: Heikki Toivonen
 */
 
-/* $Id: _x509.i,v 1.4 2004/03/06 02:40:05 heikki Exp $   */
+/* $Id: _x509.i,v 1.5 2004/03/09 04:23:40 heikki Exp $   */
 
 %{
 #include <openssl/x509.h>
@@ -30,6 +30,7 @@
 %name(x509_crl_print) extern int X509_CRL_print(BIO *, X509_CRL *);
 
 %name(x509_get_serial_number) extern ASN1_INTEGER *X509_get_serialNumber(X509 *);
+%name(x509_set_serial_number) extern int X509_set_serialNumber(X509 *, ASN1_INTEGER *);
 %name(x509_get_pubkey) extern EVP_PKEY *X509_get_pubkey(X509 *);
 %name(x509_set_pubkey) extern int X509_set_pubkey(X509 *, EVP_PKEY *);
 %name(x509_get_issuer_name) extern X509_NAME *X509_get_issuer_name(X509 *);
@@ -233,6 +234,10 @@
 
 int x509_req_set_subject_name(X509_REQ *x, X509_NAME *name) {
     return X509_REQ_set_subject_name(x, name);
+}
+
+long x509_req_get_version(X509_REQ *x) {
+    return X509_REQ_get_version(x);
 }
 
 int x509_req_set_version(X509_REQ *x, long version) {

Index: osaf/chandler/m2crypto/SWIG/_asn1.i
diff -u osaf/chandler/m2crypto/SWIG/_asn1.i:1.1.1.1 osaf/chandler/m2crypto/SWIG/_asn1.i:1.2
--- osaf/chandler/m2crypto/SWIG/_asn1.i:1.1.1.1	Mon Mar  1 11:43:40 2004
+++ osaf/chandler/m2crypto/SWIG/_asn1.i	Mon Mar  8 20:23:40 2004
@@ -1,5 +1,12 @@
 /* Copyright (c) 2000 Ng Pheng Siong. All rights reserved.  */
-/* $Id: _asn1.i,v 1.1.1.1 2004/03/01 19:43:40 heikki Exp $ */
+/* 
+** Open Source Applications Foundation (OSAF) has extended the functionality
+** to make it possible to create and verify certificates programmatically.
+**
+** OSAF Changes copyright (c) 2004 Open Source Applications Foundation.
+** Author: Heikki Toivonen
+*/
+/* $Id: _asn1.i,v 1.2 2004/03/09 04:23:40 heikki Exp $ */
 
 %{
 #include <openssl/asn1.h>
@@ -10,6 +17,7 @@
 %apply Pointer NONNULL { BIO * };
 
 %name(asn1_integer_get) extern long ASN1_INTEGER_get(ASN1_INTEGER *);
+%name(asn1_integer_set) extern int ASN1_INTEGER_set(ASN1_INTEGER *, long);
 %name(asn1_utctime_print) extern int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *);
 
 %inline %{

Index: osaf/chandler/m2crypto/M2Crypto/X509.py
diff -u osaf/chandler/m2crypto/M2Crypto/X509.py:1.3 osaf/chandler/m2crypto/M2Crypto/X509.py:1.4
--- osaf/chandler/m2crypto/M2Crypto/X509.py:1.3	Fri Mar  5 18:40:04 2004
+++ osaf/chandler/m2crypto/M2Crypto/X509.py	Mon Mar  8 20:23:37 2004
@@ -15,7 +15,7 @@
 Author: Heikki Toivonen
 """
 
-RCS_id='$Id: X509.py,v 1.3 2004/03/06 02:40:04 heikki Exp $'
+RCS_id='$Id: X509.py,v 1.4 2004/03/09 04:23:37 heikki Exp $'
 
 # M2Crypto
 import ASN1, BIO, Err
@@ -127,9 +127,9 @@
         """
         Set version.
 
-        @type version:  an integer
+        @type version:  integer
         @param version: Version number.
-        @rtype:         an integer
+        @rtype:         integer
         @return:        Returns 0 on failure.
         """
         assert m2.x509_type_check(self.x509), "'x509' type error"    
@@ -140,6 +140,27 @@
         asn1_integer = m2.x509_get_serial_number(self.x509)
         return m2.asn1_integer_get(asn1_integer)
 
+    def set_serial_number(self, serial):
+        """
+        Set serial number. Every certificate must have a serial number.
+        A CA must issue unique serial numbers for all the certificates that
+        it issues.
+
+        @type serial:   integer
+        @param serial:  Serial number.
+        @rtype:         XXX
+        @return:        XXX
+        """
+        assert m2.x509_type_check(self.x509), "'x509' type error"
+        # This "magically" changes serial since asn1_integer is C pointer
+        # to x509's internal serial number.
+        asn1_integer = m2.x509_get_serial_number(self.x509)
+        return m2.asn1_integer_set(asn1_integer, serial)
+        # XXX Or should I do this?
+        #asn1_integer = m2.asn1_integer_new()
+        #m2.asn1_integer_set(asn1_integer, serial)
+        #return m2.x509_set_serial_number(self.x509, asn1_integer)
+
     def get_not_before(self):
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return ASN1.ASN1_UTCTIME(m2.x509_get_not_before(self.x509))
@@ -148,6 +169,8 @@
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return ASN1.ASN1_UTCTIME(m2.x509_get_not_after(self.x509))
 
+    # XXX We should have method(s) here to set and adjust notBefore/After.
+
     def get_pubkey(self):
         assert m2.x509_type_check(self.x509), "'x509' type error"
         return m2.x509_get_pubkey(self.x509)
@@ -348,6 +371,15 @@
         @return:        XXX
         """
         return m2.x509_req_set_subject_name(self.req, name.x509_name)
+
+    def get_version(self):
+        """
+        Get version.
+
+        @rtype:         integer
+        @return:        Returns version.
+        """
+        return m2.x509_req_get_version(self.req)
 
     def set_version(self, version):
         """

Index: osaf/chandler/m2crypto/demo/x509/other.py
diff -u osaf/chandler/m2crypto/demo/x509/other.py:1.1 osaf/chandler/m2crypto/demo/x509/other.py:1.2
--- osaf/chandler/m2crypto/demo/x509/other.py:1.1	Fri Mar  5 20:40:01 2004
+++ osaf/chandler/m2crypto/demo/x509/other.py	Mon Mar  8 20:23:42 2004
@@ -49,6 +49,8 @@
     # on the request.
     cert = X509.X509()
     cert.set_version(2)
+    cert.set_serial_number(caCert.get_serial_number()+1)
+    print '***Serial: ', cert.get_serial_number()
     cert.set_subject(sub)
     issuer = caCert.get_subject()
     cert.set_issuer(issuer)
@@ -63,12 +65,12 @@
     return cert
 
 if __name__ == '__main__':
-    (caCert, caPKey) = ca.ca()
     Rand.load_file('../randpool.dat', -1)
     key = generateRSAKey()
     pkey = makePKey(key)
     req = makeRequest(pkey)
     print req.as_text()
+    (caCert, caPKey) = ca.ca()
     cert = makeCert(req, caCert, caPKey)
     print cert.as_text()
     Rand.save_file('../randpool.dat')



More information about the Commits mailing list