1 from ctypes import c_void_p,create_string_buffer,c_long,c_int
2 from ctypescrypto.bio import Membio
3 from ctypescrypto.pkey import PKey
4 from ctypescrypto.oid import Oid
5 from ctypescrypto.exception import LibCryptoError
6 from ctypescrypto import libcrypto
8 class X509Error(LibCryptoError):
10 Exception, generated when some openssl function fail
18 Class which represents X.509 distinguished name - typically
19 a certificate subject name or an issuer name.
21 # XN_FLAG_SEP_COMMA_PLUS & ASN1_STRFLG_UTF8_CONVERT
24 def __init__(self,ptr=None,copy=False):
26 Creates a X509Name object
27 @param ptr - pointer to X509_NAME C structure (as returned by some OpenSSL functions
28 @param copy - indicates that this structure have to be freed upon object destruction
35 self.ptr=libcrypto.X509_NAME_new()
43 libcrypto.X509_NAME_free(self.ptr)
46 Produces an ascii representation of the name, escaping all symbols > 0x80
47 Probably it is not what you want, unless your native language is English
50 libcrypto.X509_NAME_print_ex(b.bio,self.ptr,0,self.PRINT_FLAG | self.ESC_MSB)
52 def __unicode__(self):
54 Produces unicode representation of the name.
57 libcrypto.X509_NAME_print_ex(b.bio,self.ptr,0,self.PRINT_FLAG)
61 return number of components in the name
63 return libcrypto.X509_NAME_entry_count(self.ptr)
64 def __cmp__(self,other):
68 return libcrypto.X509_NAME_cmp(self.ptr,other.ptr)
69 def __eq__(self,other):
70 return libcrypto.X509_NAME_cmp(self.ptr,other.ptr)==0
72 def __getitem__(self,key):
73 if isinstance(key,Oid):
74 # Return first matching field
75 idx=libcrypto.X509_NAME_get_index_by_NID(self.ptr,key.nid,-1)
77 raise KeyError("Key not found "+repr(Oid))
78 entry=libcrypto.X509_NAME_get_entry(self.ptr,idx)
79 s=libcrypto.X509_NAME_ENTRY_get_data(entry)
81 libcrypto.ASN1_STRING_print_ex(b.bio,s,self.PRINT_FLAG)
83 elif isinstance(key,int):
84 # Return OID, string tuple
85 entry=libcrypto.X509_NAME_get_entry(self.ptr,key)
87 raise IndexError("name entry index out of range")
88 obj=libcrypto.X509_NAME_ENTRY_get_object(entry)
89 nid=libcrypto.OBJ_obj2nid(obj)
91 buf=create_string_buffer(80)
92 len=libcrypto.OBJ_obj2txt(buf,80,obj,1)
96 s=libcrypto.X509_NAME_ENTRY_get_data(entry)
98 libcrypto.ASN1_STRING_print_ex(b.bio,s,self.PRINT_FLAG)
99 return (oid,unicode(b))
101 def __setitem__(self,key,val):
102 if not self.writable:
103 raise ValueError("Attempt to modify constant X509 object")
105 def __init__(self,ptr):
108 libcrypto.X509_NAME_free(self.ptr)
110 raise NotImplementedError
112 return libcrypto.X509_NAME_entry_count(self.ptr)
114 def __getattr__(self,key):
115 raise NotImplementedError
116 def __setattr__(self,key,val):
117 raise NotImplementedError
124 Represents X.509 certificate.
126 def __init__(self,data=None,ptr=None,format="PEM"):
128 Initializes certificate
129 @param data - serialized certificate in PEM or DER format.
130 @param ptr - pointer to X509, returned by some openssl function.
131 mutually exclusive with data
132 @param format - specifies data format. "PEM" or "DER", default PEM
136 raise TypeError("Cannot use data and ptr simultaneously")
139 raise TypeError("data argument is required")
143 self.cert=libcrypto.PEM_read_bio_X509(b.bio,None,None,None)
145 self.cert=libcrypto.d2i_X509_bio(b.bio,None)
146 if self.cert is None:
147 raise X509Error("error reading certificate")
150 Frees certificate object
152 libcrypto.X509_free(self.cert)
154 """ Returns der string of the certificate """
156 if libcrypto.i2d_X509_bio(b.bio,self.cert)==0:
157 raise X509Error("error serializing certificate")
160 """ Returns valid call to the constructor """
161 return "X509(data="+repr(str(self))+",format='DER')"
164 """EVP PKEy object of certificate public key"""
165 return PKey(ptr=libcrypto.X509_get_pubkey(self.cert,False))
166 def verify(self,store=None,key=None):
168 Verify self. Supports verification on both X509 store object
169 or just public issuer key
170 @param store X509Store object.
171 @param key - PKey object
172 parameters are mutually exclusive. If neither is specified, attempts to verify
173 itself as self-signed certificate
175 if store is not None and key is not None:
176 raise X509Error("key and store cannot be specified simultaneously")
177 if store is not None:
178 ctx=libcrypto.X509_STORE_CTX_new()
180 raise X509Error("Error allocating X509_STORE_CTX")
181 if libcrypto.X509_STORE_CTX_init(ctx,store.ptr,self.cert,None) < 0:
182 raise X509Error("Error allocating X509_STORE_CTX")
183 res= libcrypto.X509_verify_cert(ctx)
184 libcrypto.X509_STORE_CTX_free(ctx)
188 if self.issuer != self.subject:
189 # Not a self-signed certificate
192 res = libcrypto.X509_verify(self.cert,key.key)
194 raise X509Error("X509_verify failed")
199 """ X509Name for certificate subject name """
200 return X509Name(libcrypto.X509_get_subject_name(self.cert))
203 """ X509Name for certificate issuer name """
204 return X509Name(libcrypto.X509_get_issuer_name(self.cert))
207 """ Serial number of certificate as integer """
208 asnint=libcrypto.X509_get_serialNumber(self.cert)
210 libcrypto.i2a_ASN1_INTEGER(b.bio,asnint)
211 return int(str(b),16)
214 """ Certificate validity period start date """
215 # Need deep poke into certificate structure (x)->cert_info->validity->notBefore
216 raise NotImplementedError
219 """ Certificate validity period end date """
220 # Need deep poke into certificate structure (x)->cert_info->validity->notAfter
221 raise NotImplementedError
222 def extensions(self):
223 """ Returns list of extensions """
224 raise NotImplementedError
226 """ Returns True if certificate is CA certificate """
227 return libcrypto.X509_check_ca(self.cert)>0
230 Represents trusted certificate store. Can be used to lookup CA certificates to verify
232 @param file - file with several certificates and crls to load into store
233 @param dir - hashed directory with certificates and crls
234 @param default - if true, default verify location (directory) is installed
237 def __init__(self,file=None,dir=None,default=False):
239 Creates X509 store and installs lookup method. Optionally initializes
240 by certificates from given file or directory.
243 # Todo - set verification flags
245 self.store=libcrypto.X509_STORE_new()
246 lookup=libcrypto.X509_STORE_add_lookup(self.store,libcrypto.X509_LOOKUP_file())
248 raise X509Error("error installing file lookup method")
249 if (file is not None):
250 if not libcrypto.X509_LOOKUP_loadfile(lookup,file,1):
251 raise X509Error("error loading trusted certs from file "+file)
253 lookup=libcrypto.X509_STORE_add_lookup(self.store,libcrypto.X509_LOOKUP_hash_dir())
255 raise X509Error("error installing hashed lookup method")
257 if not libcrypto.X509_LOOKUP_add_dir(lookup,dir,1):
258 raise X509Error("error adding hashed trusted certs dir "+dir)
260 if not libcrypto.X509_LOOKUP.add_dir(lookup,None,3):
261 raise X509Error("error adding default trusted certs dir ")
262 def add_cert(self,cert):
264 Explicitely adds certificate to set of trusted in the store
265 @param cert - X509 object to add
267 if not isinstance(cert,X509):
268 raise TypeError("cert should be X509")
269 libcrypto.X509_STORE_add_cert(self.store,cert.cert)
270 def add_callback(self,callback):
272 Installs callbac function, which would receive detailed information
273 about verified ceritificates
275 raise NotImplementedError
276 def setflags(self,flags):
278 Set certificate verification flags.
279 @param flags - integer bit mask. See OpenSSL X509_V_FLAG_* constants
281 libcrypto.X509_STORE_set_flags(self.store,flags)
282 def setpurpose(self,purpose):
284 Sets certificate purpose which verified certificate should match
285 @param purpose - number from 1 to 9 or standard strind defined in Openssl
286 possible strings - sslcient,sslserver, nssslserver, smimesign,smimeencrypt, crlsign, any,ocsphelper
288 if isinstance(purpose,str):
289 purp_no=X509_PURPOSE_get_by_sname(purpose)
291 raise X509Error("Invalid certificate purpose '"+purpose+"'")
292 elif isinstance(purpose,int):
294 if libcrypto.X509_STORE_set_purpose(self.store,purp_no)<=0:
295 raise X509Error("cannot set purpose")
296 libcrypto.i2a_ASN1_INTEGER.argtypes=(c_void_p,c_void_p)
297 libcrypto.ASN1_STRING_print_ex.argtypes=(c_void_p,c_void_p,c_long)
298 libcrypto.X509_get_serialNumber.argtypes=(c_void_p,)
299 libcrypto.X509_get_serialNumber.restype=c_void_p
300 libcrypto.X509_NAME_ENTRY_get_object.restype=c_void_p
301 libcrypto.X509_NAME_ENTRY_get_object.argtypes=(c_void_p,)
302 libcrypto.OBJ_obj2nid.argtypes=(c_void_p,)
303 libcrypto.X509_NAME_get_entry.restype=c_void_p
304 libcrypto.X509_NAME_get_entry.argtypes=(c_void_p,c_int)