diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/__about__.py | 2 | ||||
-rw-r--r-- | src/cryptography/hazmat/bindings/openssl/asn1.py | 1 | ||||
-rw-r--r-- | src/cryptography/hazmat/bindings/openssl/x509.py | 19 | ||||
-rw-r--r-- | src/cryptography/hazmat/bindings/openssl/x509name.py | 2 | ||||
-rw-r--r-- | src/cryptography/x509.py | 140 |
5 files changed, 160 insertions, 4 deletions
diff --git a/src/cryptography/__about__.py b/src/cryptography/__about__.py index 359cd819..9c28be2e 100644 --- a/src/cryptography/__about__.py +++ b/src/cryptography/__about__.py @@ -14,7 +14,7 @@ __summary__ = ("cryptography is a package which provides cryptographic recipes" " and primitives to Python developers.") __uri__ = "https://github.com/pyca/cryptography" -__version__ = "0.10.dev1" +__version__ = "1.0.dev1" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" diff --git a/src/cryptography/hazmat/bindings/openssl/asn1.py b/src/cryptography/hazmat/bindings/openssl/asn1.py index 711c30b2..c18708c5 100644 --- a/src/cryptography/hazmat/bindings/openssl/asn1.py +++ b/src/cryptography/hazmat/bindings/openssl/asn1.py @@ -114,6 +114,7 @@ void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *); ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); void ASN1_ENUMERATED_free(ASN1_ENUMERATED *); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *, long); +long ASN1_ENUMERATED_get(ASN1_ENUMERATED *); ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **, const unsigned char **, long, const ASN1_ITEM *); diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py index caa33969..534f5b08 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509.py +++ b/src/cryptography/hazmat/bindings/openssl/x509.py @@ -194,6 +194,7 @@ int X509_CRL_verify(X509_CRL *, EVP_PKEY *); int X509_CRL_get_ext_count(X509_CRL *); X509_EXTENSION *X509_CRL_get_ext(X509_CRL *, int); int X509_CRL_add_ext(X509_CRL *, X509_EXTENSION *, int); +int X509_CRL_cmp(const X509_CRL *, const X509_CRL *); int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *, EVP_PKEY *); int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *, EVP_PKEY *, const EVP_MD *); @@ -298,8 +299,8 @@ Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *); /* These aren't macros these arguments are all const X on openssl > 1.0.x */ int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *); int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *); -int X509_set_notBefore(X509 *, ASN1_UTCTIME *); -int X509_set_notAfter(X509 *, ASN1_UTCTIME *); +int X509_set_notBefore(X509 *, ASN1_TIME *); +int X509_set_notAfter(X509 *, ASN1_TIME *); /* These use STACK_OF(X509_EXTENSION) in 0.9.8e. Once we drop support for RHEL/CentOS 5 we should move these back to FUNCTIONS. */ @@ -310,9 +311,14 @@ int i2d_EC_PUBKEY(EC_KEY *, unsigned char **); EC_KEY *d2i_EC_PUBKEY(EC_KEY **, const unsigned char **, long); EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **); int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *); +EC_KEY *d2i_ECPrivateKey(EC_KEY **, const unsigned char **, long); EC_KEY *d2i_ECPrivateKey_bio(BIO *, EC_KEY **); +int i2d_ECPrivateKey(EC_KEY *, unsigned char **); int i2d_ECPrivateKey_bio(BIO *, EC_KEY *); +EC_KEY *o2i_ECPublicKey(EC_KEY **, const unsigned char **, long); +int i2o_ECPublicKey(EC_KEY *, unsigned char **); + // declared in safestack int sk_ASN1_OBJECT_num(Cryptography_STACK_OF_ASN1_OBJECT *); ASN1_OBJECT *sk_ASN1_OBJECT_value(Cryptography_STACK_OF_ASN1_OBJECT *, int); @@ -329,8 +335,13 @@ int (*i2d_EC_PUBKEY)(EC_KEY *, unsigned char **) = NULL; EC_KEY *(*d2i_EC_PUBKEY)(EC_KEY **, const unsigned char **, long) = NULL; EC_KEY *(*d2i_EC_PUBKEY_bio)(BIO *, EC_KEY **) = NULL; int (*i2d_EC_PUBKEY_bio)(BIO *, EC_KEY *) = NULL; +EC_KEY *(*d2i_ECPrivateKey)(EC_KEY **, const unsigned char **, long) = NULL; EC_KEY *(*d2i_ECPrivateKey_bio)(BIO *, EC_KEY **) = NULL; +int (*i2d_ECPrivateKey)(EC_KEY *, unsigned char **) = NULL; int (*i2d_ECPrivateKey_bio)(BIO *, EC_KEY *) = NULL; + +EC_KEY *(*o2i_ECPublicKey)(EC_KEY **, const unsigned char **, long) = NULL; +int (*i2o_ECPublicKey)(EC_KEY *, unsigned char **) = NULL; #endif """ @@ -340,7 +351,11 @@ CONDITIONAL_NAMES = { "d2i_EC_PUBKEY", "d2i_EC_PUBKEY_bio", "i2d_EC_PUBKEY_bio", + "d2i_ECPrivateKey", "d2i_ECPrivateKey_bio", + "i2d_ECPrivateKey", "i2d_ECPrivateKey_bio", + "i2o_ECPublicKey", + "o2i_ECPublicKey", ] } diff --git a/src/cryptography/hazmat/bindings/openssl/x509name.py b/src/cryptography/hazmat/bindings/openssl/x509name.py index a7dde87c..be5b3a75 100644 --- a/src/cryptography/hazmat/bindings/openssl/x509name.py +++ b/src/cryptography/hazmat/bindings/openssl/x509name.py @@ -34,6 +34,8 @@ unsigned long X509_NAME_hash(X509_NAME *); int i2d_X509_NAME(X509_NAME *, unsigned char **); int X509_NAME_add_entry_by_txt(X509_NAME *, const char *, int, const unsigned char *, int, int, int); +int X509_NAME_add_entry_by_OBJ(X509_NAME *, ASN1_OBJECT *, int, + unsigned char *, int, int, int); int X509_NAME_add_entry_by_NID(X509_NAME *, int, int, unsigned char *, int, int, int); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *, int); diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index e6d19ae7..6592684b 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -55,6 +55,9 @@ _OID_NAMES = { "2.5.29.17": "subjectAltName", "2.5.29.18": "issuerAltName", "2.5.29.19": "basicConstraints", + "2.5.29.21": "cRLReason", + "2.5.29.24": "invalidityDate", + "2.5.29.29": "certificateIssuer", "2.5.29.30": "nameConstraints", "2.5.29.31": "cRLDistributionPoints", "2.5.29.32": "certificatePolicies", @@ -224,6 +227,9 @@ OID_KEY_USAGE = ObjectIdentifier("2.5.29.15") OID_SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17") OID_ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18") OID_BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19") +OID_CRL_REASON = ObjectIdentifier("2.5.29.21") +OID_INVALIDITY_DATE = ObjectIdentifier("2.5.29.24") +OID_CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29") OID_NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30") OID_CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31") OID_CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32") @@ -785,6 +791,31 @@ class ReasonFlags(Enum): remove_from_crl = "removeFromCRL" +class InhibitAnyPolicy(object): + def __init__(self, skip_certs): + if not isinstance(skip_certs, six.integer_types): + raise TypeError("skip_certs must be an integer") + + if skip_certs < 0: + raise ValueError("skip_certs must be a non-negative integer") + + self._skip_certs = skip_certs + + def __repr__(self): + return "<InhibitAnyPolicy(skip_certs={0.skip_certs})>".format(self) + + def __eq__(self, other): + if not isinstance(other, InhibitAnyPolicy): + return NotImplemented + + return self.skip_certs == other.skip_certs + + def __ne__(self, other): + return not self == other + + skip_certs = utils.read_only_property("_skip_certs") + + @six.add_metaclass(abc.ABCMeta) class GeneralName(object): @abc.abstractproperty @@ -944,7 +975,7 @@ class IPAddress(object): return not self == other -class SubjectAlternativeName(object): +class GeneralNames(object): def __init__(self, general_names): if not all(isinstance(x, GeneralName) for x in general_names): raise TypeError( @@ -964,6 +995,32 @@ class SubjectAlternativeName(object): return [i.value for i in self if isinstance(i, type)] def __repr__(self): + return "<GeneralNames({0})>".format(self._general_names) + + def __eq__(self, other): + if not isinstance(other, GeneralNames): + return NotImplemented + + return self._general_names == other._general_names + + def __ne__(self, other): + return not self == other + + +class SubjectAlternativeName(object): + def __init__(self, general_names): + self._general_names = GeneralNames(general_names) + + def __iter__(self): + return iter(self._general_names) + + def __len__(self): + return len(self._general_names) + + def get_values_for_type(self, type): + return self._general_names.get_values_for_type(type) + + def __repr__(self): return "<SubjectAlternativeName({0})>".format(self._general_names) def __eq__(self, other): @@ -1090,6 +1147,7 @@ OID_OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1") OID_CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1") OID_CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2") +OID_ANY_POLICY = ObjectIdentifier("2.5.29.32.0") @six.add_metaclass(abc.ABCMeta) @@ -1175,6 +1233,65 @@ class Certificate(object): @six.add_metaclass(abc.ABCMeta) +class CertificateRevocationList(object): + + @abc.abstractmethod + def fingerprint(self, algorithm): + """ + Returns bytes using digest passed. + """ + + @abc.abstractproperty + def signature_hash_algorithm(self): + """ + Returns a HashAlgorithm corresponding to the type of the digest signed + in the certificate. + """ + + @abc.abstractproperty + def issuer(self): + """ + Returns the X509Name with the issuer of this CRL. + """ + + @abc.abstractproperty + def next_update(self): + """ + Returns the date of next update for this CRL. + """ + + @abc.abstractproperty + def last_update(self): + """ + Returns the date of last update for this CRL. + """ + + @abc.abstractproperty + def revoked_certificates(self): + """ + Returns a list of RevokedCertificate objects for this CRL. + """ + + @abc.abstractproperty + def extensions(self): + """ + Returns an Extensions object containing a list of CRL extensions. + """ + + @abc.abstractmethod + def __eq__(self, other): + """ + Checks equality. + """ + + @abc.abstractmethod + def __ne__(self, other): + """ + Checks not equal. + """ + + +@six.add_metaclass(abc.ABCMeta) class CertificateSigningRequest(object): @abc.abstractmethod def public_key(self): @@ -1206,3 +1323,24 @@ class CertificateSigningRequest(object): """ Encodes the request to PEM or DER format. """ + + +@six.add_metaclass(abc.ABCMeta) +class RevokedCertificate(object): + @abc.abstractproperty + def serial_number(self): + """ + Returns the serial number of the revoked certificate. + """ + + @abc.abstractproperty + def revocation_date(self): + """ + Returns the date of when this certificate was revoked. + """ + + @abc.abstractproperty + def extensions(self): + """ + Returns an Extensions object containing a list of Revoked extensions. + """ |