Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/python/m2crypto/patches/crl.patch
changeset 394 dffc35307ef2 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/m2crypto/patches/crl.patch	Wed Jul 13 12:43:29 2011 -0700
@@ -0,0 +1,205 @@
+diff -r 886cd7fb12ed M2Crypto-0.21.1/M2Crypto/X509.py
+--- M2Crypto-0.21.1/M2Crypto/X509.py	Thu Mar 10 14:07:58 2011 -0800
++++ M2Crypto-0.21.1/M2Crypto/X509.py	Fri Mar 11 09:03:37 2011 -0800
+@@ -446,9 +446,9 @@
+         assert m2.x509_type_check(self.x509), "'x509' type error"
+         return ASN1.ASN1_UTCTIME(m2.x509_get_not_after(self.x509))
+ 
+-    def get_pubkey(self):
++    def get_pubkey(self, md="sha1"):
+         assert m2.x509_type_check(self.x509), "'x509' type error"
+-        return EVP.PKey(m2.x509_get_pubkey(self.x509), _pyfree=1)
++        return EVP.PKey(m2.x509_get_pubkey(self.x509), _pyfree=1, md=md)
+ 
+     def set_pubkey(self, pkey):
+         """
+@@ -1067,7 +1067,8 @@
+         else:
+             self.crl = m2.x509_crl_new()
+             self._pyfree = 1
+-            
++        self.revocations = None
++
+     def __del__(self):
+         if getattr(self, '_pyfree', 0):
+             self.m2_x509_crl_free(self.crl)
+@@ -1084,21 +1085,67 @@
+         return buf.read_all()
+ 
+ 
+-def load_crl(file):
++    def get_last_update(self):
++        assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
++        return ASN1.ASN1_UTCTIME(m2.x509_CRL_get_last_update(self.crl))
++
++    def get_next_update(self):
++        assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
++        return ASN1.ASN1_UTCTIME(m2.x509_CRL_get_next_update(self.crl))
++
++    def verify(self, pkey):
++        assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
++        return m2.x509_CRL_verify(self.crl, pkey.pkey)
++
++    def get_issuer(self):
++        assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
++        return X509_Name(m2.x509_CRL_get_issuer(self.crl))
++
++    def is_revoked(self, cert):
++        if self.revocations is None:
++            self.revocations = {}
++            revo_stk_ptr = m2.x509_CRL_get_revoked(self.crl)
++            for i in range(m2.sk_x509_REVOKED_num(revo_stk_ptr)):
++                revo_ptr = m2.sk_x509_REVOKED_get(revo_stk_ptr, i)
++                revo_sn = m2.asn1_integer_get(
++                    m2.x509_REVOKED_get_serial_number(revo_ptr))
++                cnt = m2.x509_REVOKED_get_ext_count(revo_ptr)
++                reason = None
++                for i in range(m2.x509_REVOKED_get_ext_count(revo_ptr)):
++                    ext_ptr = m2.x509_REVOKED_get_ext(revo_ptr, i)
++                    name = m2.x509_extension_get_name(ext_ptr)
++                    if name == "CRLReason":
++                        ext = X509_Extension(ext_ptr, _pyfree=0)
++                        reason = ext.get_value()
++                self.revocations[revo_sn] = (True, reason)
++        return self.revocations.get(cert.get_serial_number(), None)
++
++
++def load_crl(file, format=FORMAT_PEM):
+     """
+     Load CRL from file.
+ 
+     @type file: string
+     @param file: Name of file containing CRL in PEM format.
+ 
++    @type format: int, either FORMAT_PEM or FORMAT_DER
++    @param format: Describes the format of the file to be loaded, either PEM or DER.
++
+     @rtype: M2Crypto.X509.CRL
+     @return: M2Crypto.X509.CRL object.
+     """
+     f=BIO.openfile(file)
+-    cptr=m2.x509_crl_read_pem(f.bio_ptr())
+-    f.close()
+-    if cptr is None:
+-        raise X509Error(Err.get_error())
+-    return CRL(cptr, 1)
+-
+-
++    if format == FORMAT_PEM:
++        cptr=m2.x509_crl_read_pem(f.bio_ptr())
++        f.close()
++        if cptr is None:
++            raise X509Error(Err.get_error())
++        return CRL(cptr, 1)
++    elif format == FORMAT_DER:
++        cptr=m2.d2i_x509_crl(f._ptr())
++        f.close()
++        if cptr is None:
++            raise X509Error(Err.get_error())
++        return CRL(cptr, 1)
++    else:
++        raise ValueError("Unknown format. Must be either FORMAT_DER or FORMAT_PEM")
+diff -r 886cd7fb12ed M2Crypto-0.21.1/SWIG/_x509.i
+--- M2Crypto-0.21.1/SWIG/_x509.i	Thu Mar 10 14:07:58 2011 -0800
++++ M2Crypto-0.21.1/SWIG/_x509.i	Fri Mar 11 09:03:37 2011 -0800
+@@ -64,6 +64,9 @@
+ %rename(x509_cmp_current_time) X509_cmp_current_time;
+ extern int X509_cmp_current_time(ASN1_UTCTIME *);
+ 
++%rename(x509_CRL_get_issuer) X509_CRL_get_issuer;
++extern X509_NAME *X509_CRL_get_issuer(X509_CRL *);
++
+                             
+ /* From x509.h */
+ /* standard trust ids */
+@@ -111,6 +114,9 @@
+ %rename(x509_get_verify_error) X509_verify_cert_error_string;
+ extern const char *X509_verify_cert_error_string(long);
+ 
++%rename(x509_CRL_verify) X509_CRL_verify;
++extern int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
++
+ %constant long X509V3_EXT_UNKNOWN_MASK         = (0xfL << 16);
+ %constant long X509V3_EXT_DEFAULT              = 0;
+ %constant long X509V3_EXT_ERROR_UNKNOWN        = (1L << 16);
+@@ -127,6 +133,13 @@
+ %threadallow X509V3_EXT_print;
+ extern int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
+ 
++%rename(x509_REVOKED_get_ext_count) X509_REVOKED_get_ext_count;
++extern int X509_REVOKED_get_ext_count(X509_REVOKED *);
++%rename(x509_REVOKED_get_ext) X509_REVOKED_get_ext;
++extern X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int);
++%rename(x509_REVOKED_get_ext_by_NID) X509_REVOKED_get_ext_by_NID;
++extern X509_EXTENSION *X509_REVOKED_get_ext_by_NID(X509_REVOKED *, int, int);
++
+ %rename(x509_name_new) X509_NAME_new;
+ extern X509_NAME *X509_NAME_new( void );
+ %rename(x509_name_free) X509_NAME_free;
+@@ -335,6 +348,7 @@
+ }
+ %}
+ 
++
+ %threadallow d2i_x509;
+ %inline %{
+ X509 *d2i_x509(BIO *bio) {
+@@ -342,6 +356,13 @@
+ }
+ %}
+ 
++%threadallow d2i_x509_crl;
++%inline %{
++X509_CRL *d2i_x509_crl(BIO *bio) {
++    return d2i_X509_CRL_bio(bio, NULL);
++}
++%}
++
+ %threadallow d2i_x509_req;
+ %inline %{
+ X509_REQ *d2i_x509_req(BIO *bio) {
+@@ -415,6 +436,33 @@
+     return X509_get_notAfter(x);
+ }
+ 
++/* X509_CRL_get_lastUpdate() is a macro. */
++ASN1_UTCTIME *x509_CRL_get_last_update(X509_CRL *x) {
++    return X509_CRL_get_lastUpdate(x);
++}
++
++/* X509_CRL_get_nextUpdate() is a macro. */
++ASN1_UTCTIME *x509_CRL_get_next_update(X509_CRL *x) {
++    return X509_CRL_get_nextUpdate(x);
++}
++
++/* X509_CRL_get_REVOKED() is a macro. */
++STACK_OF(X509_REVOKED) *x509_CRL_get_revoked(X509_CRL *x) {
++    return X509_CRL_get_REVOKED(x);
++}
++
++int sk_x509_REVOKED_num(STACK_OF(X509_REVOKED) *stack) {
++    return sk_X509_REVOKED_num(stack);
++}
++
++X509_REVOKED *sk_x509_REVOKED_get(STACK_OF(X509_REVOKED) *stack, int x) {
++    return sk_X509_REVOKED_value(stack, x);
++}
++
++ASN1_INTEGER *x509_REVOKED_get_serial_number(X509_REVOKED *x) {
++    return x->serialNumber;
++}
++
+ int x509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md) {
+     return X509_sign(x, pkey, md);
+ }
+@@ -487,6 +535,10 @@
+     return 1;
+ }
+ 
++int x509_CRL_type_check(X509_CRL *x509_CRL) {
++    return 1;
++}
++
+ int x509_name_type_check(X509_NAME *name) {
+     return 1;
+ }
upstream/oracle/userland-gate