[Commits] (heikki) More setters and getters,
we can now set serial number for example.
commits at osafoundation.org
commits at osafoundation.org
Mon Mar 8 20:24:13 PST 2004
Commit by: heikki
Modified files:
osaf/chandler/m2crypto/M2Crypto/X509.py 1.3 1.4
osaf/chandler/m2crypto/SWIG/_asn1.i 1.1.1.1 1.2
osaf/chandler/m2crypto/SWIG/_x509.i 1.4 1.5
osaf/chandler/m2crypto/demo/x509/ca.py 1.4 1.5
osaf/chandler/m2crypto/demo/x509/other.py 1.1 1.2
Log message:
More setters and getters, we can now set serial number for example.
ViewCVS links:
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/M2Crypto/X509.py.diff?r1=text&tr1=1.3&r2=text&tr2=1.4
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_asn1.i.diff?r1=text&tr1=1.1.1.1&r2=text&tr2=1.2
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/SWIG/_x509.i.diff?r1=text&tr1=1.4&r2=text&tr2=1.5
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/ca.py.diff?r1=text&tr1=1.4&r2=text&tr2=1.5
http://cvs.osafoundation.org/index.cgi/osaf/chandler/m2crypto/demo/x509/other.py.diff?r1=text&tr1=1.1&r2=text&tr2=1.2
Index: osaf/chandler/m2crypto/demo/x509/ca.py
diff -u osaf/chandler/m2crypto/demo/x509/ca.py:1.4 osaf/chandler/m2crypto/demo/x509/ca.py:1.5
--- osaf/chandler/m2crypto/demo/x509/ca.py:1.4 Fri Mar 5 20:40:01 2004
+++ osaf/chandler/m2crypto/demo/x509/ca.py Mon Mar 8 20:23:42 2004
@@ -14,7 +14,6 @@
# XXX Do I actually need more keys?
# XXX Check return values from functions
-# XXX Serial number
def generateRSAKey():
return RSA.gen_key(2048, m2.RSA_F4)
@@ -26,7 +25,8 @@
def makeRequest(pkey):
req = X509.Request()
- req.set_version(0)# Seems to default to 0, but we can now set it as well
+ # Seems to default to 0, but we can now set it as well, so just API test
+ req.set_version(req.get_version())
req.set_pubkey(pkey)
req.set_pubkey(EVP.PKey(req.get_pubkey()))# Just a test of the API
name = X509.X509_Name()
@@ -49,6 +49,9 @@
# if you were sure. Now we just create the certificate blindly based
# on the request.
cert = X509.X509()
+ # We know we are making CA cert now...
+ # Serial defaults to 0.
+ cert.set_serial_number(1)
cert.set_version(2)
cert.set_subject(sub)
issuer = X509.X509_Name()
@@ -67,12 +70,10 @@
return cert
def ca():
- Rand.load_file('../randpool.dat', -1)
key = generateRSAKey()
pkey = makePKey(key)
req = makeRequest(pkey)
cert = makeCert(req, pkey)
- Rand.save_file('../randpool.dat')
return (cert, pkey)
if __name__ == '__main__':
Index: osaf/chandler/m2crypto/SWIG/_x509.i
diff -u osaf/chandler/m2crypto/SWIG/_x509.i:1.4 osaf/chandler/m2crypto/SWIG/_x509.i:1.5
--- osaf/chandler/m2crypto/SWIG/_x509.i:1.4 Fri Mar 5 18:40:05 2004
+++ osaf/chandler/m2crypto/SWIG/_x509.i Mon Mar 8 20:23:40 2004
@@ -7,7 +7,7 @@
** Author: Heikki Toivonen
*/
-/* $Id: _x509.i,v 1.4 2004/03/06 02:40:05 heikki Exp $ */
+/* $Id: _x509.i,v 1.5 2004/03/09 04:23:40 heikki Exp $ */
%{
#include <openssl/x509.h>
@@ -30,6 +30,7 @@
%name(x509_crl_print) extern int X509_CRL_print(BIO *, X509_CRL *);
%name(x509_get_serial_number) extern ASN1_INTEGER *X509_get_serialNumber(X509 *);
+%name(x509_set_serial_number) extern int X509_set_serialNumber(X509 *, ASN1_INTEGER *);
%name(x509_get_pubkey) extern EVP_PKEY *X509_get_pubkey(X509 *);
%name(x509_set_pubkey) extern int X509_set_pubkey(X509 *, EVP_PKEY *);
%name(x509_get_issuer_name) extern X509_NAME *X509_get_issuer_name(X509 *);
@@ -233,6 +234,10 @@
int x509_req_set_subject_name(X509_REQ *x, X509_NAME *name) {
return X509_REQ_set_subject_name(x, name);
+}
+
+long x509_req_get_version(X509_REQ *x) {
+ return X509_REQ_get_version(x);
}
int x509_req_set_version(X509_REQ *x, long version) {
Index: osaf/chandler/m2crypto/SWIG/_asn1.i
diff -u osaf/chandler/m2crypto/SWIG/_asn1.i:1.1.1.1 osaf/chandler/m2crypto/SWIG/_asn1.i:1.2
--- osaf/chandler/m2crypto/SWIG/_asn1.i:1.1.1.1 Mon Mar 1 11:43:40 2004
+++ osaf/chandler/m2crypto/SWIG/_asn1.i Mon Mar 8 20:23:40 2004
@@ -1,5 +1,12 @@
/* Copyright (c) 2000 Ng Pheng Siong. All rights reserved. */
-/* $Id: _asn1.i,v 1.1.1.1 2004/03/01 19:43:40 heikki Exp $ */
+/*
+** Open Source Applications Foundation (OSAF) has extended the functionality
+** to make it possible to create and verify certificates programmatically.
+**
+** OSAF Changes copyright (c) 2004 Open Source Applications Foundation.
+** Author: Heikki Toivonen
+*/
+/* $Id: _asn1.i,v 1.2 2004/03/09 04:23:40 heikki Exp $ */
%{
#include <openssl/asn1.h>
@@ -10,6 +17,7 @@
%apply Pointer NONNULL { BIO * };
%name(asn1_integer_get) extern long ASN1_INTEGER_get(ASN1_INTEGER *);
+%name(asn1_integer_set) extern int ASN1_INTEGER_set(ASN1_INTEGER *, long);
%name(asn1_utctime_print) extern int ASN1_UTCTIME_print(BIO *, ASN1_UTCTIME *);
%inline %{
Index: osaf/chandler/m2crypto/M2Crypto/X509.py
diff -u osaf/chandler/m2crypto/M2Crypto/X509.py:1.3 osaf/chandler/m2crypto/M2Crypto/X509.py:1.4
--- osaf/chandler/m2crypto/M2Crypto/X509.py:1.3 Fri Mar 5 18:40:04 2004
+++ osaf/chandler/m2crypto/M2Crypto/X509.py Mon Mar 8 20:23:37 2004
@@ -15,7 +15,7 @@
Author: Heikki Toivonen
"""
-RCS_id='$Id: X509.py,v 1.3 2004/03/06 02:40:04 heikki Exp $'
+RCS_id='$Id: X509.py,v 1.4 2004/03/09 04:23:37 heikki Exp $'
# M2Crypto
import ASN1, BIO, Err
@@ -127,9 +127,9 @@
"""
Set version.
- @type version: an integer
+ @type version: integer
@param version: Version number.
- @rtype: an integer
+ @rtype: integer
@return: Returns 0 on failure.
"""
assert m2.x509_type_check(self.x509), "'x509' type error"
@@ -140,6 +140,27 @@
asn1_integer = m2.x509_get_serial_number(self.x509)
return m2.asn1_integer_get(asn1_integer)
+ def set_serial_number(self, serial):
+ """
+ Set serial number. Every certificate must have a serial number.
+ A CA must issue unique serial numbers for all the certificates that
+ it issues.
+
+ @type serial: integer
+ @param serial: Serial number.
+ @rtype: XXX
+ @return: XXX
+ """
+ assert m2.x509_type_check(self.x509), "'x509' type error"
+ # This "magically" changes serial since asn1_integer is C pointer
+ # to x509's internal serial number.
+ asn1_integer = m2.x509_get_serial_number(self.x509)
+ return m2.asn1_integer_set(asn1_integer, serial)
+ # XXX Or should I do this?
+ #asn1_integer = m2.asn1_integer_new()
+ #m2.asn1_integer_set(asn1_integer, serial)
+ #return m2.x509_set_serial_number(self.x509, asn1_integer)
+
def get_not_before(self):
assert m2.x509_type_check(self.x509), "'x509' type error"
return ASN1.ASN1_UTCTIME(m2.x509_get_not_before(self.x509))
@@ -148,6 +169,8 @@
assert m2.x509_type_check(self.x509), "'x509' type error"
return ASN1.ASN1_UTCTIME(m2.x509_get_not_after(self.x509))
+ # XXX We should have method(s) here to set and adjust notBefore/After.
+
def get_pubkey(self):
assert m2.x509_type_check(self.x509), "'x509' type error"
return m2.x509_get_pubkey(self.x509)
@@ -348,6 +371,15 @@
@return: XXX
"""
return m2.x509_req_set_subject_name(self.req, name.x509_name)
+
+ def get_version(self):
+ """
+ Get version.
+
+ @rtype: integer
+ @return: Returns version.
+ """
+ return m2.x509_req_get_version(self.req)
def set_version(self, version):
"""
Index: osaf/chandler/m2crypto/demo/x509/other.py
diff -u osaf/chandler/m2crypto/demo/x509/other.py:1.1 osaf/chandler/m2crypto/demo/x509/other.py:1.2
--- osaf/chandler/m2crypto/demo/x509/other.py:1.1 Fri Mar 5 20:40:01 2004
+++ osaf/chandler/m2crypto/demo/x509/other.py Mon Mar 8 20:23:42 2004
@@ -49,6 +49,8 @@
# on the request.
cert = X509.X509()
cert.set_version(2)
+ cert.set_serial_number(caCert.get_serial_number()+1)
+ print '***Serial: ', cert.get_serial_number()
cert.set_subject(sub)
issuer = caCert.get_subject()
cert.set_issuer(issuer)
@@ -63,12 +65,12 @@
return cert
if __name__ == '__main__':
- (caCert, caPKey) = ca.ca()
Rand.load_file('../randpool.dat', -1)
key = generateRSAKey()
pkey = makePKey(key)
req = makeRequest(pkey)
print req.as_text()
+ (caCert, caPKey) = ca.ca()
cert = makeCert(req, caCert, caPKey)
print cert.as_text()
Rand.save_file('../randpool.dat')
More information about the Commits
mailing list