home *** CD-ROM | disk | FTP | other *** search
/ Mac Easy 2010 May / Mac Life Ubuntu.iso / casper / filesystem.squashfs / var / lib / python-support / python2.6 / gdata / tlslite / X509CertChain.pyc (.txt) < prev   
Encoding:
Python Compiled Bytecode  |  2009-04-20  |  5.7 KB  |  204 lines
  1. # Source Generated with Decompyle++
  2. # File: in.pyc (Python 2.6)
  3.  
  4. '''Class representing an X.509 certificate chain.'''
  5. from utils import cryptomath
  6.  
  7. class X509CertChain:
  8.     '''This class represents a chain of X.509 certificates.
  9.  
  10.     @type x509List: list
  11.     @ivar x509List: A list of L{tlslite.X509.X509} instances,
  12.     starting with the end-entity certificate and with every
  13.     subsequent certificate certifying the previous.
  14.     '''
  15.     
  16.     def __init__(self, x509List = None):
  17.         '''Create a new X509CertChain.
  18.  
  19.         @type x509List: list
  20.         @param x509List: A list of L{tlslite.X509.X509} instances,
  21.         starting with the end-entity certificate and with every
  22.         subsequent certificate certifying the previous.
  23.         '''
  24.         if x509List:
  25.             self.x509List = x509List
  26.         else:
  27.             self.x509List = []
  28.  
  29.     
  30.     def getNumCerts(self):
  31.         '''Get the number of certificates in this chain.
  32.  
  33.         @rtype: int
  34.         '''
  35.         return len(self.x509List)
  36.  
  37.     
  38.     def getEndEntityPublicKey(self):
  39.         '''Get the public key from the end-entity certificate.
  40.  
  41.         @rtype: L{tlslite.utils.RSAKey.RSAKey}
  42.         '''
  43.         if self.getNumCerts() == 0:
  44.             raise AssertionError()
  45.         self.getNumCerts() == 0
  46.         return self.x509List[0].publicKey
  47.  
  48.     
  49.     def getFingerprint(self):
  50.         '''Get the hex-encoded fingerprint of the end-entity certificate.
  51.  
  52.         @rtype: str
  53.         @return: A hex-encoded fingerprint.
  54.         '''
  55.         if self.getNumCerts() == 0:
  56.             raise AssertionError()
  57.         self.getNumCerts() == 0
  58.         return self.x509List[0].getFingerprint()
  59.  
  60.     
  61.     def getCommonName(self):
  62.         """Get the Subject's Common Name from the end-entity certificate.
  63.  
  64.         The cryptlib_py module must be installed in order to use this
  65.         function.
  66.  
  67.         @rtype: str or None
  68.         @return: The CN component of the certificate's subject DN, if
  69.         present.
  70.         """
  71.         if self.getNumCerts() == 0:
  72.             raise AssertionError()
  73.         self.getNumCerts() == 0
  74.         return self.x509List[0].getCommonName()
  75.  
  76.     
  77.     def validate(self, x509TrustList):
  78.         '''Check the validity of the certificate chain.
  79.  
  80.         This checks that every certificate in the chain validates with
  81.         the subsequent one, until some certificate validates with (or
  82.         is identical to) one of the passed-in root certificates.
  83.  
  84.         The cryptlib_py module must be installed in order to use this
  85.         function.
  86.  
  87.         @type x509TrustList: list of L{tlslite.X509.X509}
  88.         @param x509TrustList: A list of trusted root certificates.  The
  89.         certificate chain must extend to one of these certificates to
  90.         be considered valid.
  91.         '''
  92.         import cryptlib_py
  93.         c1 = None
  94.         c2 = None
  95.         lastC = None
  96.         rootC = None
  97.         
  98.         try:
  99.             rootFingerprints = [ c.getFingerprint() for c in x509TrustList ]
  100.             for cert1, cert2 in zip(self.x509List, self.x509List[1:]):
  101.                 if cert1.getFingerprint() in rootFingerprints:
  102.                     return True
  103.                 c1 = cryptlib_py.cryptImportCert(cert1.writeBytes(), cryptlib_py.CRYPT_UNUSED)
  104.                 c2 = cryptlib_py.cryptImportCert(cert2.writeBytes(), cryptlib_py.CRYPT_UNUSED)
  105.                 
  106.                 try:
  107.                     cryptlib_py.cryptCheckCert(c1, c2)
  108.                 except:
  109.                     cert1.getFingerprint() in rootFingerprints
  110.                     []
  111.                     []
  112.                     return False
  113.  
  114.                 cryptlib_py.cryptDestroyCert(c1)
  115.                 c1 = None
  116.                 cryptlib_py.cryptDestroyCert(c2)
  117.                 c2 = None
  118.             
  119.             if self.x509List[-1].getFingerprint() in rootFingerprints:
  120.                 return True
  121.             lastC = cryptlib_py.cryptImportCert(self.x509List[-1].writeBytes(), cryptlib_py.CRYPT_UNUSED)
  122.             for rootCert in x509TrustList:
  123.                 rootC = cryptlib_py.cryptImportCert(rootCert.writeBytes(), cryptlib_py.CRYPT_UNUSED)
  124.                 if self._checkChaining(lastC, rootC):
  125.                     
  126.                     try:
  127.                         cryptlib_py.cryptCheckCert(lastC, rootC)
  128.                         return True
  129.                     cert1.getFingerprint() in rootFingerprints
  130.                     []
  131.                     return False
  132.  
  133.                     continue
  134.                 []
  135.             
  136.             return False
  137.         finally:
  138.             if c1 is not None:
  139.                 cryptlib_py.cryptDestroyCert(c1)
  140.             
  141.             if c2 is not None:
  142.                 cryptlib_py.cryptDestroyCert(c2)
  143.             
  144.             if lastC is not None:
  145.                 cryptlib_py.cryptDestroyCert(lastC)
  146.             
  147.             if rootC is not None:
  148.                 cryptlib_py.cryptDestroyCert(rootC)
  149.             
  150.  
  151.  
  152.     
  153.     def _checkChaining(self, lastC, rootC):
  154.         import cryptlib_py
  155.         import array
  156.         
  157.         def compareNames(name):
  158.             
  159.             try:
  160.                 length = cryptlib_py.cryptGetAttributeString(lastC, name, None)
  161.                 lastName = array.array('B', [
  162.                     0] * length)
  163.                 cryptlib_py.cryptGetAttributeString(lastC, name, lastName)
  164.                 lastName = lastName.tostring()
  165.             except cryptlib_py.CryptException:
  166.                 e = None
  167.                 if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND:
  168.                     lastName = None
  169.                 
  170.             except:
  171.                 e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND
  172.  
  173.             
  174.             try:
  175.                 length = cryptlib_py.cryptGetAttributeString(rootC, name, None)
  176.                 rootName = array.array('B', [
  177.                     0] * length)
  178.                 cryptlib_py.cryptGetAttributeString(rootC, name, rootName)
  179.                 rootName = rootName.tostring()
  180.             except cryptlib_py.CryptException:
  181.                 e = None
  182.                 if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND:
  183.                     rootName = None
  184.                 
  185.             except:
  186.                 e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND
  187.  
  188.             return lastName == rootName
  189.  
  190.         cryptlib_py.cryptSetAttribute(lastC, cryptlib_py.CRYPT_CERTINFO_ISSUERNAME, cryptlib_py.CRYPT_UNUSED)
  191.         if not compareNames(cryptlib_py.CRYPT_CERTINFO_COUNTRYNAME):
  192.             return False
  193.         if not compareNames(cryptlib_py.CRYPT_CERTINFO_LOCALITYNAME):
  194.             return False
  195.         if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONNAME):
  196.             return False
  197.         if not compareNames(cryptlib_py.CRYPT_CERTINFO_ORGANIZATIONALUNITNAME):
  198.             return False
  199.         if not compareNames(cryptlib_py.CRYPT_CERTINFO_COMMONNAME):
  200.             return False
  201.         return True
  202.  
  203.  
  204.