Package tlslite :: Module x509
[hide private]
[frames] | no frames]

Source Code for Module tlslite.x509

  1  # Authors:  
  2  #   Trevor Perrin 
  3  #   Google - parsing subject field 
  4  # 
  5  # See the LICENSE file for legal information regarding use of this file. 
  6   
  7  """Class representing an X.509 certificate.""" 
  8   
  9  from .utils.asn1parser import ASN1Parser 
 10  from .utils.cryptomath import * 
 11  from .utils.keyfactory import _createPublicRSAKey 
 12  from .utils.pem import * 
 13   
 14   
15 -class X509:
16 """This class represents an X.509 certificate. 17 18 @type bytes: L{bytearray} of unsigned bytes 19 @ivar bytes: The DER-encoded ASN.1 certificate 20 21 @type publicKey: L{tlslite.utils.rsakey.RSAKey} 22 @ivar publicKey: The subject public key from the certificate. 23 24 @type subject: L{bytearray} of unsigned bytes 25 @ivar subject: The DER-encoded ASN.1 subject distinguished name. 26 """ 27
28 - def __init__(self):
29 self.bytes = createByteArraySequence([]) 30 self.publicKey = None 31 self.subject = None
32
33 - def parse(self, s):
34 """Parse a PEM-encoded X.509 certificate. 35 36 @type s: str 37 @param s: A PEM-encoded X.509 certificate (i.e. a base64-encoded 38 certificate wrapped with "-----BEGIN CERTIFICATE-----" and 39 "-----END CERTIFICATE-----" tags). 40 """ 41 42 bytes = dePem(s, "CERTIFICATE") 43 self.parseBinary(bytes) 44 return self
45
46 - def parseBinary(self, bytes):
47 """Parse a DER-encoded X.509 certificate. 48 49 @type bytes: str or L{bytearray} of unsigned bytes 50 @param bytes: A DER-encoded X.509 certificate. 51 """ 52 53 if isinstance(bytes, type("")): 54 bytes = stringToBytes(bytes) 55 56 self.bytes = bytes 57 p = ASN1Parser(bytes) 58 59 #Get the tbsCertificate 60 tbsCertificateP = p.getChild(0) 61 62 #Is the optional version field present? 63 #This determines which index the key is at. 64 if tbsCertificateP.value[0]==0xA0: 65 subjectPublicKeyInfoIndex = 6 66 else: 67 subjectPublicKeyInfoIndex = 5 68 69 #Get the subject 70 self.subject = tbsCertificateP.getChildBytes(\ 71 subjectPublicKeyInfoIndex - 1) 72 73 #Get the subjectPublicKeyInfo 74 subjectPublicKeyInfoP = tbsCertificateP.getChild(\ 75 subjectPublicKeyInfoIndex) 76 77 #Get the algorithm 78 algorithmP = subjectPublicKeyInfoP.getChild(0) 79 rsaOID = algorithmP.value 80 if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]: 81 raise SyntaxError("Unrecognized AlgorithmIdentifier") 82 83 #Get the subjectPublicKey 84 subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1) 85 86 #Adjust for BIT STRING encapsulation 87 if (subjectPublicKeyP.value[0] !=0): 88 raise SyntaxError() 89 subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:]) 90 91 #Get the modulus and exponent 92 modulusP = subjectPublicKeyP.getChild(0) 93 publicExponentP = subjectPublicKeyP.getChild(1) 94 95 #Decode them into numbers 96 n = bytesToNumber(modulusP.value) 97 e = bytesToNumber(publicExponentP.value) 98 99 #Create a public key instance 100 self.publicKey = _createPublicRSAKey(n, e)
101
102 - def getFingerprint(self):
103 """Get the hex-encoded fingerprint of this certificate. 104 105 @rtype: str 106 @return: A hex-encoded fingerprint. 107 """ 108 return sha1(bytesToString(self.bytes)).hexdigest()
109
110 - def writeBytes(self):
111 return self.bytes
112