From d91e7c1d3fa1bece0e77262b46d9992271fd24b0 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 1 Oct 2015 16:50:42 -0500 Subject: add support for Certificate signature and tbs_certificate --- src/_cffi_src/openssl/asn1.py | 2 +- src/_cffi_src/openssl/x509.py | 2 ++ src/cryptography/hazmat/backends/openssl/x509.py | 14 ++++++++++++++ src/cryptography/x509/base.py | 12 ++++++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py index 259adf19..ddf4b9c5 100644 --- a/src/_cffi_src/openssl/asn1.py +++ b/src/_cffi_src/openssl/asn1.py @@ -23,7 +23,7 @@ struct asn1_string_st { typedef struct asn1_string_st ASN1_OCTET_STRING; typedef struct asn1_string_st ASN1_IA5STRING; -typedef ... ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_BIT_STRING; typedef ... ASN1_OBJECT; typedef struct asn1_string_st ASN1_STRING; typedef struct asn1_string_st ASN1_UTF8STRING; diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py index 468d74ea..2024101b 100644 --- a/src/_cffi_src/openssl/x509.py +++ b/src/_cffi_src/openssl/x509.py @@ -71,6 +71,7 @@ typedef struct { typedef struct { X509_ALGOR *sig_alg; X509_CINF *cert_info; + ASN1_BIT_STRING *signature; ...; } X509; @@ -257,6 +258,7 @@ void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *); """ MACROS = """ +int i2d_X509_CINF(X509_CINF *, unsigned char **); long X509_get_version(X509 *); ASN1_TIME *X509_get_notBefore(X509 *); diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 1ba59b68..0e5ab914 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -322,6 +322,20 @@ class _Certificate(object): def extensions(self): return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509) + @property + def signature(self): + return self._backend._asn1_string_to_bytes(self._x509.signature) + + @property + def tbs_certificate(self): + pp = self._backend._ffi.new("unsigned char **") + res = self._backend._lib.i2d_X509_CINF(self._x509.cert_info, pp) + self._backend.openssl_assert(res > 0) + pp = self._backend._ffi.gc( + pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0]) + ) + return self._backend._ffi.buffer(pp[0], res)[:] + def public_bytes(self, encoding): bio = self._backend._create_mem_bio() if encoding is serialization.Encoding.PEM: diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 01eadfcb..53893a1f 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -117,6 +117,18 @@ class Certificate(object): Returns an Extensions object. """ + @abc.abstractproperty + def signature(self): + """ + Returns the signature bytes. + """ + + @abc.abstractproperty + def tbs_certificate(self): + """ + Returns the tbsCertificate payload bytes as defined in RFC 5280. + """ + @abc.abstractmethod def __eq__(self, other): """ -- cgit v1.2.3 From d2898052ade019788ca146cfcced44c5a6b0e54b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 3 Nov 2015 22:00:41 +0900 Subject: rename tbs_certificate to tbs_certificate_bytes, add a comment --- src/cryptography/hazmat/backends/openssl/x509.py | 3 ++- src/cryptography/x509/base.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 0e5ab914..3afbc40f 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -327,8 +327,9 @@ class _Certificate(object): return self._backend._asn1_string_to_bytes(self._x509.signature) @property - def tbs_certificate(self): + def tbs_certificate_bytes(self): pp = self._backend._ffi.new("unsigned char **") + # the X509_CINF struct holds the tbsCertificate data res = self._backend._lib.i2d_X509_CINF(self._x509.cert_info, pp) self._backend.openssl_assert(res > 0) pp = self._backend._ffi.gc( diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 53893a1f..ad561b94 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -124,7 +124,7 @@ class Certificate(object): """ @abc.abstractproperty - def tbs_certificate(self): + def tbs_certificate_bytes(self): """ Returns the tbsCertificate payload bytes as defined in RFC 5280. """ -- cgit v1.2.3