/gdata/tlslite/X509.py
http://radioappz.googlecode.com/ · Python · 133 lines · 77 code · 23 blank · 33 comment · 8 complexity · e3afcac86a9d62c97b65d65bb5bfabed MD5 · raw file
- """Class representing an X.509 certificate."""
- from utils.ASN1Parser import ASN1Parser
- from utils.cryptomath import *
- from utils.keyfactory import _createPublicRSAKey
- class X509:
- """This class represents an X.509 certificate.
- @type bytes: L{array.array} of unsigned bytes
- @ivar bytes: The DER-encoded ASN.1 certificate
- @type publicKey: L{tlslite.utils.RSAKey.RSAKey}
- @ivar publicKey: The subject public key from the certificate.
- """
- def __init__(self):
- self.bytes = createByteArraySequence([])
- self.publicKey = None
- def parse(self, s):
- """Parse a PEM-encoded X.509 certificate.
- @type s: str
- @param s: A PEM-encoded X.509 certificate (i.e. a base64-encoded
- certificate wrapped with "-----BEGIN CERTIFICATE-----" and
- "-----END CERTIFICATE-----" tags).
- """
- start = s.find("-----BEGIN CERTIFICATE-----")
- end = s.find("-----END CERTIFICATE-----")
- if start == -1:
- raise SyntaxError("Missing PEM prefix")
- if end == -1:
- raise SyntaxError("Missing PEM postfix")
- s = s[start+len("-----BEGIN CERTIFICATE-----") : end]
- bytes = base64ToBytes(s)
- self.parseBinary(bytes)
- return self
- def parseBinary(self, bytes):
- """Parse a DER-encoded X.509 certificate.
- @type bytes: str or L{array.array} of unsigned bytes
- @param bytes: A DER-encoded X.509 certificate.
- """
- if isinstance(bytes, type("")):
- bytes = stringToBytes(bytes)
- self.bytes = bytes
- p = ASN1Parser(bytes)
- #Get the tbsCertificate
- tbsCertificateP = p.getChild(0)
- #Is the optional version field present?
- #This determines which index the key is at.
- if tbsCertificateP.value[0]==0xA0:
- subjectPublicKeyInfoIndex = 6
- else:
- subjectPublicKeyInfoIndex = 5
- #Get the subjectPublicKeyInfo
- subjectPublicKeyInfoP = tbsCertificateP.getChild(\
- subjectPublicKeyInfoIndex)
- #Get the algorithm
- algorithmP = subjectPublicKeyInfoP.getChild(0)
- rsaOID = algorithmP.value
- if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]:
- raise SyntaxError("Unrecognized AlgorithmIdentifier")
- #Get the subjectPublicKey
- subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1)
- #Adjust for BIT STRING encapsulation
- if (subjectPublicKeyP.value[0] !=0):
- raise SyntaxError()
- subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:])
- #Get the modulus and exponent
- modulusP = subjectPublicKeyP.getChild(0)
- publicExponentP = subjectPublicKeyP.getChild(1)
- #Decode them into numbers
- n = bytesToNumber(modulusP.value)
- e = bytesToNumber(publicExponentP.value)
- #Create a public key instance
- self.publicKey = _createPublicRSAKey(n, e)
- def getFingerprint(self):
- """Get the hex-encoded fingerprint of this certificate.
- @rtype: str
- @return: A hex-encoded fingerprint.
- """
- return sha.sha(self.bytes).hexdigest()
- def getCommonName(self):
- """Get the Subject's Common Name from the certificate.
- The cryptlib_py module must be installed in order to use this
- function.
- @rtype: str or None
- @return: The CN component of the certificate's subject DN, if
- present.
- """
- import cryptlib_py
- import array
- c = cryptlib_py.cryptImportCert(self.bytes, cryptlib_py.CRYPT_UNUSED)
- name = cryptlib_py.CRYPT_CERTINFO_COMMONNAME
- try:
- try:
- length = cryptlib_py.cryptGetAttributeString(c, name, None)
- returnVal = array.array('B', [0] * length)
- cryptlib_py.cryptGetAttributeString(c, name, returnVal)
- returnVal = returnVal.tostring()
- except cryptlib_py.CryptException, e:
- if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND:
- returnVal = None
- return returnVal
- finally:
- cryptlib_py.cryptDestroyCert(c)
- def writeBytes(self):
- return self.bytes