- """
- Represents X.509 certificate.
- """
- def __init__(self,data=None,ptr=None,format="PEM"):
- """
- Initializes certificate
- @param data - serialized certificate in PEM or DER format.
- @param ptr - pointer to X509, returned by some openssl function.
- mutually exclusive with data
- @param format - specifies data format. "PEM" or "DER", default PEM
- """
- if ptr is not None:
- if data is not None:
- raise TypeError("Cannot use data and ptr simultaneously")
- self.cert = ptr
- elif data is None:
- raise TypeError("data argument is required")
- else:
- b=Membio(data)
- if format == "PEM":
- self.cert=libcrypto.PEM_read_bio_X509(b.bio,None,None,None)
- else:
- self.cert=libcrypto.d2i_X509_bio(b.bio,None)
- if self.cert is None:
- raise X509Error("error reading certificate")
- self.extensions=_X509extlist(self)
- def __del__(self):
- """
- Frees certificate object
- """
- libcrypto.X509_free(self.cert)
- def __str__(self):
- """ Returns der string of the certificate """
- b=Membio()
- if libcrypto.i2d_X509_bio(b.bio,self.cert)==0:
- raise X509Error("error serializing certificate")
- return str(b)
- def __repr__(self):
- """ Returns valid call to the constructor """
- return "X509(data="+repr(str(self))+",format='DER')"
- @property
- def pubkey(self):
- """EVP PKEy object of certificate public key"""
- return PKey(ptr=libcrypto.X509_get_pubkey(self.cert,False))
- def pem(self):
- """ Returns PEM represntation of the certificate """
- b=Membio()
- if libcrypto.PEM_write_bio_X509(b.bio,self.cert)==0:
- raise X509Error("error serializing certificate")
- return str(b)
- def verify(self,store=None,chain=[],key=None):
- """
- Verify self. Supports verification on both X509 store object
- or just public issuer key
- @param store X509Store object.
- @param chain - list of X509 objects to add into verification
- context.These objects are untrusted, but can be used to
- build certificate chain up to trusted object in the store
- @param key - PKey object with open key to validate signature
-
- parameters store and key are mutually exclusive. If neither
- is specified, attempts to verify self as self-signed certificate
- """
- if store is not None and key is not None:
- raise X509Error("key and store cannot be specified simultaneously")
- if store is not None:
- ctx=libcrypto.X509_STORE_CTX_new()
- if ctx is None:
- raise X509Error("Error allocating X509_STORE_CTX")
- if chain is not None and len(chain)>0:
- ch=StackOfX509(chain)
- else:
- ch=None
- if libcrypto.X509_STORE_CTX_init(ctx,store.store,self.cert,ch) < 0:
- raise X509Error("Error allocating X509_STORE_CTX")
- res= libcrypto.X509_verify_cert(ctx)
- libcrypto.X509_STORE_CTX_free(ctx)
- return res>0
- else:
- if key is None:
- if self.issuer != self.subject:
- # Not a self-signed certificate
- return False
- key = self.pubkey
- res = libcrypto.X509_verify(self.cert,key.key)
- if res < 0:
- raise X509Error("X509_verify failed")
- return res>0
-
- @property
- def subject(self):
- """ X509Name for certificate subject name """
- return X509Name(libcrypto.X509_get_subject_name(self.cert))
- @property
- def issuer(self):
- """ X509Name for certificate issuer name """
- return X509Name(libcrypto.X509_get_issuer_name(self.cert))
- @property
- def serial(self):
- """ Serial number of certificate as integer """
- asnint=libcrypto.X509_get_serialNumber(self.cert)
- b=Membio()
- libcrypto.i2a_ASN1_INTEGER(b.bio,asnint)
- return int(str(b),16)
- @property
- def version(self):
- """ certificate version as integer. Really certificate stores 0 for
- version 1 and 2 for version 3, but we return 1 and 3 """
- asn1int=cast(self.cert,_px509)[0].cert_info[0].version
- return libcrypto.ASN1_INTEGER_get(asn1int)+1
- @property
- def startDate(self):
- """ Certificate validity period start date """
- # Need deep poke into certificate structure (x)->cert_info->validity->notBefore
- global utc
- asn1date=cast(self.cert,_px509)[0].cert_info[0].validity[0].notBefore
- b=Membio()
- libcrypto.ASN1_TIME_print(b.bio,asn1date)
- return datetime.strptime(str(b),"%b %d %H:%M:%S %Y %Z").replace(tzinfo=utc)
- @property
- def endDate(self):
- """ Certificate validity period end date """
- # Need deep poke into certificate structure (x)->cert_info->validity->notAfter
- global utc
- asn1date=cast(self.cert,_px509)[0].cert_info[0].validity[0].notAfter
- b=Membio()
- libcrypto.ASN1_TIME_print(b.bio,asn1date)
- return datetime.strptime(str(b),"%b %d %H:%M:%S %Y %Z").replace(tzinfo=utc)
- def check_ca(self):
- """ Returns True if certificate is CA certificate """
- return libcrypto.X509_check_ca(self.cert)>0
+ """
+ Represents X.509 certificate.
+ """
+ def __init__(self,data=None,ptr=None,format="PEM"):
+ """
+ Initializes certificate
+ @param data - serialized certificate in PEM or DER format.
+ @param ptr - pointer to X509, returned by some openssl function.
+ mutually exclusive with data
+ @param format - specifies data format. "PEM" or "DER", default PEM
+ """
+ if ptr is not None:
+ if data is not None:
+ raise TypeError("Cannot use data and ptr simultaneously")
+ self.cert = ptr
+ elif data is None:
+ raise TypeError("data argument is required")
+ else:
+ b=Membio(data)
+ if format == "PEM":
+ self.cert=libcrypto.PEM_read_bio_X509(b.bio,None,None,None)
+ else:
+ self.cert=libcrypto.d2i_X509_bio(b.bio,None)
+ if self.cert is None:
+ raise X509Error("error reading certificate")
+ self.extensions=_X509extlist(self)
+ def __del__(self):
+ """
+ Frees certificate object
+ """
+ libcrypto.X509_free(self.cert)
+ def __str__(self):
+ """ Returns der string of the certificate """
+ b=Membio()
+ if libcrypto.i2d_X509_bio(b.bio,self.cert)==0:
+ raise X509Error("error serializing certificate")
+ return str(b)
+ def __repr__(self):
+ """ Returns valid call to the constructor """
+ return "X509(data="+repr(str(self))+",format='DER')"
+ @property
+ def pubkey(self):
+ """EVP PKEy object of certificate public key"""
+ return PKey(ptr=libcrypto.X509_get_pubkey(self.cert,False))
+ def pem(self):
+ """ Returns PEM represntation of the certificate """
+ b=Membio()
+ if libcrypto.PEM_write_bio_X509(b.bio,self.cert)==0:
+ raise X509Error("error serializing certificate")
+ return str(b)
+ def verify(self,store=None,chain=[],key=None):
+ """
+ Verify self. Supports verification on both X509 store object
+ or just public issuer key
+ @param store X509Store object.
+ @param chain - list of X509 objects to add into verification
+ context.These objects are untrusted, but can be used to
+ build certificate chain up to trusted object in the store
+ @param key - PKey object with open key to validate signature
+
+ parameters store and key are mutually exclusive. If neither
+ is specified, attempts to verify self as self-signed certificate
+ """
+ if store is not None and key is not None:
+ raise X509Error("key and store cannot be specified simultaneously")
+ if store is not None:
+ ctx=libcrypto.X509_STORE_CTX_new()
+ if ctx is None:
+ raise X509Error("Error allocating X509_STORE_CTX")
+ if chain is not None and len(chain)>0:
+ ch=StackOfX509(chain)
+ else:
+ ch=None
+ if libcrypto.X509_STORE_CTX_init(ctx,store.store,self.cert,ch) < 0:
+ raise X509Error("Error allocating X509_STORE_CTX")
+ res= libcrypto.X509_verify_cert(ctx)
+ libcrypto.X509_STORE_CTX_free(ctx)
+ return res>0
+ else:
+ if key is None:
+ if self.issuer != self.subject:
+ # Not a self-signed certificate
+ return False
+ key = self.pubkey
+ res = libcrypto.X509_verify(self.cert,key.key)
+ if res < 0:
+ raise X509Error("X509_verify failed")
+ return res>0
+
+ @property
+ def subject(self):
+ """ X509Name for certificate subject name """
+ return X509Name(libcrypto.X509_get_subject_name(self.cert))
+ @property
+ def issuer(self):
+ """ X509Name for certificate issuer name """
+ return X509Name(libcrypto.X509_get_issuer_name(self.cert))
+ @property
+ def serial(self):
+ """ Serial number of certificate as integer """
+ asnint=libcrypto.X509_get_serialNumber(self.cert)
+ b=Membio()
+ libcrypto.i2a_ASN1_INTEGER(b.bio,asnint)
+ return int(str(b),16)
+ @property
+ def version(self):
+ """ certificate version as integer. Really certificate stores 0 for
+ version 1 and 2 for version 3, but we return 1 and 3 """
+ asn1int=cast(self.cert,_px509)[0].cert_info[0].version
+ return libcrypto.ASN1_INTEGER_get(asn1int)+1
+ @property
+ def startDate(self):
+ """ Certificate validity period start date """
+ # Need deep poke into certificate structure (x)->cert_info->validity->notBefore
+ global utc
+ asn1date=cast(self.cert,_px509)[0].cert_info[0].validity[0].notBefore
+ b=Membio()
+ libcrypto.ASN1_TIME_print(b.bio,asn1date)
+ return datetime.strptime(str(b),"%b %d %H:%M:%S %Y %Z").replace(tzinfo=utc)
+ @property
+ def endDate(self):
+ """ Certificate validity period end date """
+ # Need deep poke into certificate structure (x)->cert_info->validity->notAfter
+ global utc
+ asn1date=cast(self.cert,_px509)[0].cert_info[0].validity[0].notAfter
+ b=Membio()
+ libcrypto.ASN1_TIME_print(b.bio,asn1date)
+ return datetime.strptime(str(b),"%b %d %H:%M:%S %Y %Z").replace(tzinfo=utc)
+ def check_ca(self):
+ """ Returns True if certificate is CA certificate """
+ return libcrypto.X509_check_ca(self.cert)>0