1
2
3
4 """Class representing an X.509 certificate chain."""
5
6 from .utils import cryptomath
7 from .utils.tackwrapper import *
8
10 """This class represents a chain of X.509 certificates.
11
12 @type x509List: list
13 @ivar x509List: A list of L{tlslite.x509.X509} instances,
14 starting with the end-entity certificate and with every
15 subsequent certificate certifying the previous.
16 """
17
19 """Create a new X509CertChain.
20
21 @type x509List: list
22 @param x509List: A list of L{tlslite.x509.X509} instances,
23 starting with the end-entity certificate and with every
24 subsequent certificate certifying the previous.
25 """
26 if x509List:
27 self.x509List = x509List
28 else:
29 self.x509List = []
30
32 """Get the number of certificates in this chain.
33
34 @rtype: int
35 """
36 return len(self.x509List)
37
39 """Get the public key from the end-entity certificate.
40
41 @rtype: L{tlslite.utils.rsakey.RSAKey}
42 """
43 if self.getNumCerts() == 0:
44 raise AssertionError()
45 return self.x509List[0].publicKey
46
48 """Get the hex-encoded fingerprint of the end-entity certificate.
49
50 @rtype: str
51 @return: A hex-encoded fingerprint.
52 """
53 if self.getNumCerts() == 0:
54 raise AssertionError()
55 return self.x509List[0].getFingerprint()
56
58 for x509 in self.x509List:
59 ssl = TACKpy.SSL_Cert()
60 ssl.parse(x509.bytes)
61 if ssl.matches(tack):
62 return True
63 return False
64
66 """Get the TACK and/or Break Sigs from a TACK Cert in the chain."""
67 tackExt = None
68
69 for x509 in self.x509List[::-1]:
70 ssl = TACKpy.SSL_Cert()
71 ssl.parse(x509.bytes)
72 if ssl.tackExt:
73 if tackExt:
74 raise SyntaxError("Multiple TACK Extensions")
75 else:
76 tackExt = ssl.tackExt
77 return tackExt
78