1
2
3
4 """Class representing an X.509 certificate chain."""
5
6 from .utils import cryptomath
7 from .utils.tackwrapper import *
8 from .utils.pem import *
9 from .x509 import X509
10
12 """This class represents a chain of X.509 certificates.
13
14 @type x509List: list
15 @ivar x509List: A list of L{tlslite.x509.X509} instances,
16 starting with the end-entity certificate and with every
17 subsequent certificate certifying the previous.
18 """
19
21 """Create a new X509CertChain.
22
23 @type x509List: list
24 @param x509List: A list of L{tlslite.x509.X509} instances,
25 starting with the end-entity certificate and with every
26 subsequent certificate certifying the previous.
27 """
28 if x509List:
29 self.x509List = x509List
30 else:
31 self.x509List = []
32
34 """Parse a string containing a sequence of PEM certs.
35
36 Raise a SyntaxError if input is malformed.
37 """
38 x509List = []
39 bList = dePemList(s, "CERTIFICATE")
40 for b in bList:
41 x509 = X509()
42 x509.parseBinary(b)
43 x509List.append(x509)
44 self.x509List = x509List
45
47 """Get the number of certificates in this chain.
48
49 @rtype: int
50 """
51 return len(self.x509List)
52
54 """Get the public key from the end-entity certificate.
55
56 @rtype: L{tlslite.utils.rsakey.RSAKey}
57 """
58 if self.getNumCerts() == 0:
59 raise AssertionError()
60 return self.x509List[0].publicKey
61
63 """Get the hex-encoded fingerprint of the end-entity certificate.
64
65 @rtype: str
66 @return: A hex-encoded fingerprint.
67 """
68 if self.getNumCerts() == 0:
69 raise AssertionError()
70 return self.x509List[0].getFingerprint()
71
73 if self.x509List:
74 tlsCert = TlsCertificate(self.x509List[0].bytes)
75 if tlsCert.matches(tack):
76 return True
77 return False
78
80 """Get the TACK and/or Break Sigs from a TACK Cert in the chain."""
81 tackExt = None
82
83 for x509 in self.x509List[::-1]:
84 tlsCert = TlsCertificate(x509.bytes)
85 if tlsCert.tackExt:
86 if tackExt:
87 raise SyntaxError("Multiple TACK Extensions")
88 else:
89 tackExt = tlsCert.tackExt
90 return tackExt
91