9196 pkg(5) should have support for cryptographic manifest signatures
11611 pkg5 should provide for hash validation on manifests
16654 Expose ability to upload by file path
diff -r 49981e7aa9ca M2Crypto-0.20.2/M2Crypto/X509.py
--- M2Crypto/X509.py Mon Jun 14 13:46:27 2010 -0700
+++ M2Crypto/X509.py Thu Jul 08 17:48:27 2010 -0700
@@ -446,9 +446,9 @@
assert m2.x509_type_check(self.x509), "'x509' type error"
return ASN1.ASN1_UTCTIME(m2.x509_get_not_after(self.x509))
- def get_pubkey(self):
+ def get_pubkey(self, md="sha1"):
assert m2.x509_type_check(self.x509), "'x509' type error"
- return EVP.PKey(m2.x509_get_pubkey(self.x509), _pyfree=1)
+ return EVP.PKey(m2.x509_get_pubkey(self.x509), _pyfree=1, md=md)
def set_pubkey(self, pkey):
"""
@@ -1067,6 +1067,7 @@
else:
self.crl = m2.x509_crl_new()
self._pyfree = 1
+ self.revocations = None
def __del__(self):
if getattr(self, '_pyfree', 0):
@@ -1083,22 +1084,67 @@
m2.x509_crl_print(buf.bio_ptr(), self.crl)
return buf.read_all()
+ def get_last_update(self):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+ return ASN1.ASN1_UTCTIME(m2.x509_CRL_get_last_update(self.crl))
-def load_crl(file):
+ def get_next_update(self):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+ return ASN1.ASN1_UTCTIME(m2.x509_CRL_get_next_update(self.crl))
+
+ def verify(self, pkey):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+ return m2.x509_CRL_verify(self.crl, pkey.pkey)
+
+ def get_issuer(self):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+ return X509_Name(m2.x509_CRL_get_issuer(self.crl))
+
+ def is_revoked(self, cert):
+ if self.revocations is None:
+ self.revocations = {}
+ revo_stk_ptr = m2.x509_CRL_get_revoked(self.crl)
+ for i in range(m2.sk_x509_REVOKED_num(revo_stk_ptr)):
+ revo_ptr = m2.sk_x509_REVOKED_get(revo_stk_ptr, i)
+ revo_sn = m2.asn1_integer_get(
+ m2.x509_REVOKED_get_serial_number(revo_ptr))
+ cnt = m2.x509_REVOKED_get_ext_count(revo_ptr)
+ reason = None
+ for i in range(m2.x509_REVOKED_get_ext_count(revo_ptr)):
+ ext_ptr = m2.x509_REVOKED_get_ext(revo_ptr, i)
+ name = m2.x509_extension_get_name(ext_ptr)
+ if name == "CRLReason":
+ ext = X509_Extension(ext_ptr, _pyfree=0)
+ reason = ext.get_value()
+ self.revocations[revo_sn] = (True, reason)
+ return self.revocations.get(cert.get_serial_number(), None)
+
+
+def load_crl(file, format=FORMAT_PEM):
"""
Load CRL from file.
@type file: string
@param file: Name of file containing CRL in PEM format.
+ @type format: int, either FORMAT_PEM or FORMAT_DER
+ @param format: Describes the format of the file to be loaded, either PEM or DER.
+
@rtype: M2Crypto.X509.CRL
@return: M2Crypto.X509.CRL object.
"""
f=BIO.openfile(file)
- cptr=m2.x509_crl_read_pem(f.bio_ptr())
- f.close()
- if cptr is None:
- raise X509Error(Err.get_error())
- return CRL(cptr, 1)
-
-
+ if format == FORMAT_PEM:
+ cptr=m2.x509_crl_read_pem(f.bio_ptr())
+ f.close()
+ if cptr is None:
+ raise X509Error(Err.get_error())
+ return CRL(cptr, 1)
+ elif format == FORMAT_DER:
+ cptr=m2.d2i_x509_crl(f._ptr())
+ f.close()
+ if cptr is None:
+ raise X509Error(Err.get_error())
+ return CRL(cptr, 1)
+ else:
+ raise ValueError("Unknown format. Must be either FORMAT_DER or FORMAT_PEM")
diff -r 49981e7aa9ca M2Crypto-0.20.2/SWIG/_x509.i
--- SWIG/_x509.i Mon Jun 14 13:46:27 2010 -0700
+++ SWIG/_x509.i Thu Jul 08 17:48:27 2010 -0700
@@ -61,6 +61,9 @@
%rename(x509_cmp_current_time) X509_cmp_current_time;
extern int X509_cmp_current_time(ASN1_UTCTIME *);
+%rename(x509_CRL_get_issuer) X509_CRL_get_issuer;
+extern X509_NAME *X509_CRL_get_issuer(X509_CRL *);
+
/* From x509.h */
/* standard trust ids */
@@ -108,6 +111,9 @@
%rename(x509_get_verify_error) X509_verify_cert_error_string;
extern const char *X509_verify_cert_error_string(long);
+%rename(x509_CRL_verify) X509_CRL_verify;
+extern int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+
%constant long X509V3_EXT_UNKNOWN_MASK = (0xfL << 16);
%constant long X509V3_EXT_DEFAULT = 0;
%constant long X509V3_EXT_ERROR_UNKNOWN = (1L << 16);
@@ -124,6 +130,13 @@
%threadallow X509V3_EXT_print;
extern int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
+%rename(x509_REVOKED_get_ext_count) X509_REVOKED_get_ext_count;
+extern int X509_REVOKED_get_ext_count(X509_REVOKED *);
+%rename(x509_REVOKED_get_ext) X509_REVOKED_get_ext;
+extern X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int);
+%rename(x509_REVOKED_get_ext_by_NID) X509_REVOKED_get_ext_by_NID;
+extern X509_EXTENSION *X509_REVOKED_get_ext_by_NID(X509_REVOKED *, int, int);
+
%rename(x509_name_new) X509_NAME_new;
extern X509_NAME *X509_NAME_new( void );
%rename(x509_name_free) X509_NAME_free;
@@ -332,6 +345,13 @@
}
%}
+%threadallow d2i_x509_crl;
+%inline %{
+X509_CRL *d2i_x509_crl(BIO *bio) {
+ return d2i_X509_CRL_bio(bio, NULL);
+}
+%}
+
%threadallow d2i_x509_req;
%inline %{
X509_REQ *d2i_x509_req(BIO *bio) {
@@ -405,6 +425,33 @@
return X509_get_notAfter(x);
}
+/* X509_CRL_get_lastUpdate() is a macro. */
+ASN1_UTCTIME *x509_CRL_get_last_update(X509_CRL *x) {
+ return X509_CRL_get_lastUpdate(x);
+}
+
+/* X509_CRL_get_nextUpdate() is a macro. */
+ASN1_UTCTIME *x509_CRL_get_next_update(X509_CRL *x) {
+ return X509_CRL_get_nextUpdate(x);
+}
+
+/* X509_CRL_get_REVOKED() is a macro. */
+STACK *x509_CRL_get_revoked(X509_CRL *x) {
+ return X509_CRL_get_REVOKED(x);
+}
+
+int sk_x509_REVOKED_num(STACK *stack) {
+ return sk_X509_REVOKED_num((STACK_OF(X509_REVOKED) *)stack);
+}
+
+X509_REVOKED *sk_x509_REVOKED_get(STACK *stack, int x) {
+ return sk_X509_REVOKED_value((STACK_OF(X509_REVOKED) *)stack, x);
+}
+
+ASN1_INTEGER *x509_REVOKED_get_serial_number(X509_REVOKED *x) {
+ return x->serialNumber;
+}
+
int x509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md) {
return X509_sign(x, pkey, md);
}
@@ -477,6 +524,11 @@
return 1;
}
+
+int x509_CRL_type_check(X509_CRL *x509_CRL) {
+ return 1;
+}
+
int x509_name_type_check(X509_NAME *name) {
return 1;
}