From 26cea2b5ab48f099b08a1cde56cf1bec0062a584 Mon Sep 17 00:00:00 2001 From: Victor Wagner Date: Sat, 20 Dec 2014 15:14:10 +0300 Subject: [PATCH] Update README. Inherit everything from __builtin__.object --- README.md | 34 +++++++++++++++++++++++++--------- ctypescrypto/bio.py | 2 +- ctypescrypto/cms.py | 2 +- ctypescrypto/digest.py | 4 ++-- ctypescrypto/pkey.py | 2 +- ctypescrypto/x509.py | 6 +++--- 6 files changed, 33 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index a250102..cd91063 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,21 @@ most recent version can be checked out from https://github.com/vbwagner/ctypescrypto.git -It is aimed to provide Python interface to OpenSSL libcrypto functions. -All the objects in this library are just wrappers around some OpenSSL -data structures and groups of functions. +Rationale +--------- + +Why have yet another crypto extension for Python? There is pyopenssl, +m2crypto, hashlib in the standard library and many more. + +But most of these extension implement interfaces to particular set of +cryptoalgorthms. This extension takes an another approach — it uses +algorithm-agnostic EVP layer whenever possible, and so support any +algorithms which are supported by underlying library, even this +algorithms are implemented in the loadable modules (engines). Algorithms +which you've just added to library, should be supported too. + +Also, this extension takes some care of correctly converting textual +information from ASN.1 structures into unicode. @@ -56,6 +68,9 @@ sign data, derive shared key and verify signatures. This is quite low-level object, which can be used to implement some non-standard protocols and operations. +It is possible to extract public key from the certificate as PKey +object (see below). + Additional module **ctypescrypto.ec** allows to create **PKey** objects with elliptic curve keys from just raw secret key as byte buffer or python big integer. @@ -78,7 +93,9 @@ names, public key (of course it is PKey object described above) and serial number. Subject and issuer names can be indexed by OIDs or by position of field. Unicode in the names is supported. -Support for visualising certificate extensions is missing for now. +Support for visualising certificate extensions is minimal for now. +Extension object can be converted into string, extension Oid can be +retrieved and critical flag is checked. **StackOfX509** implements collection of certificates, necessary for some operations with CMS and certificate verification. @@ -152,11 +169,10 @@ Test suite is fairly incomplete. Contributions are welcome. Possible future enhancements ---------------------------- -1. Certificate extension support -2. Create and signing of the certificate requests (PKCS#10) -3. Parsing and analyzing CRLs -4. OCSP request creation and response parsing -5. Timestamping ([RFC 3161](http://www.ietf.org/rfc/rfc3161.txt)) +1. Create and signing of the certificate requests (PKCS#10) +2. Parsing and analyzing CRLs +3. OCSP request creation and response parsing +4. Timestamping ([RFC 3161](http://www.ietf.org/rfc/rfc3161.txt)) support. 6. MAC support. Few people know that there is more MACs than just HMAC, and even fewer, that OpenSSL supports them. diff --git a/ctypescrypto/bio.py b/ctypescrypto/bio.py index ae89aa3..2743f70 100644 --- a/ctypescrypto/bio.py +++ b/ctypescrypto/bio.py @@ -3,7 +3,7 @@ Interface to OpenSSL BIO library """ from ctypescrypto import libcrypto from ctypes import c_char_p, c_void_p, c_int, string_at, c_long,POINTER,byref, create_string_buffer -class Membio: +class Membio(object): """ Provides interface to OpenSSL memory bios use str() or unicode() to get contents of writable bio diff --git a/ctypescrypto/cms.py b/ctypescrypto/cms.py index 9213d27..3158b62 100644 --- a/ctypescrypto/cms.py +++ b/ctypescrypto/cms.py @@ -68,7 +68,7 @@ def CMS(data,format="PEM"): else: raise NotImplementedError("cannot handle "+typeoid.shortname()) -class CMSBase: +class CMSBase(object): """ Common ancessor for all CMS types. Implements serializatio/deserialization diff --git a/ctypescrypto/digest.py b/ctypescrypto/digest.py index 26b46bd..2963e70 100644 --- a/ctypescrypto/digest.py +++ b/ctypescrypto/digest.py @@ -32,7 +32,7 @@ def new(algname): md=DigestType(algname) return Digest(md) -class DigestType: +class DigestType(object): """ Represents EVP_MD object - constant structure which describes @@ -57,7 +57,7 @@ class DigestType: def oid(self): return Oid(libcrypto.EVP_MD_type(self.digest)) -class Digest: +class Digest(object): """ Represents EVP_MD_CTX object which actually used to calculate digests. diff --git a/ctypescrypto/pkey.py b/ctypescrypto/pkey.py index 59a5348..85b831d 100644 --- a/ctypescrypto/pkey.py +++ b/ctypescrypto/pkey.py @@ -30,7 +30,7 @@ def password_callback(buf,length,rwflag,u): _cb=CALLBACK_FUNC(password_callback) -class PKey: +class PKey(object): def __init__(self,ptr=None,privkey=None,pubkey=None,format="PEM",cansign=False,password=None): if not ptr is None: self.key=ptr diff --git a/ctypescrypto/x509.py b/ctypescrypto/x509.py index 358ce7d..af61942 100644 --- a/ctypescrypto/x509.py +++ b/ctypescrypto/x509.py @@ -83,7 +83,7 @@ class X509Error(LibCryptoError): pass -class X509Name: +class X509Name(object): """ Class which represents X.509 distinguished name - typically a certificate subject name or an issuer name. @@ -376,7 +376,7 @@ class X509(object): def check_ca(self): """ Returns True if certificate is CA certificate """ return libcrypto.X509_check_ca(self.cert)>0 -class X509Store: +class X509Store(object): """ Represents trusted certificate store. Can be used to lookup CA certificates to verify @@ -467,7 +467,7 @@ class X509Store: else: raise TypeError("datetime.date, datetime.datetime or integer is required as time argument") raise NotImplementedError -class StackOfX509: +class StackOfX509(object): """ Implements OpenSSL STACK_OF(X509) object. It looks much like python container types -- 2.39.5