40
static char crypto_PKCS12_set_certificate_doc[] = "\n\
41
Replace the certificate portion of the PKCS12 structure\n\
43
@param cert: The new certificate.\n\
44
@type cert: L{X509} or L{NoneType}\n\
48
crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
49
PyObject *cert = NULL;
50
static char *kwlist[] = {"cert", NULL};
52
if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_certificate",
56
if (cert != Py_None && ! crypto_X509_Check(cert)) {
57
PyErr_SetString(PyExc_TypeError, "cert must be type X509 or None");
61
Py_INCREF(cert); /* Make consistent before calling Py_DECREF() */
62
Py_DECREF(self->cert);
39
69
static char crypto_PKCS12_get_privatekey_doc[] = "\n\
40
70
Return private key portion of the PKCS12 structure\n\
42
72
@returns: PKey object containing the private key\n\
74
static crypto_PKeyObj *
45
75
crypto_PKCS12_get_privatekey(crypto_PKCS12Obj *self, PyObject *args)
47
77
if (!PyArg_ParseTuple(args, ":get_privatekey"))
50
80
Py_INCREF(self->key);
81
return (crypto_PKeyObj *) self->key;
84
static char crypto_PKCS12_set_privatekey_doc[] = "\n\
85
Replace or set the certificate portion of the PKCS12 structure\n\
87
@param pkey: The new private key.\n\
88
@type pkey: L{PKey}\n\
92
crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
93
PyObject *pkey = NULL;
94
static char *kwlist[] = {"pkey", NULL};
96
if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_privatekey",
100
if (pkey != Py_None && ! crypto_PKey_Check(pkey)) {
101
PyErr_SetString(PyExc_TypeError, "pkey must be type X509 or None");
105
Py_INCREF(pkey); /* Make consistent before calling Py_DECREF() */
106
Py_DECREF(self->key);
54
113
static char crypto_PKCS12_get_ca_certificates_doc[] = "\n\
67
126
return self->cacerts;
129
static char crypto_PKCS12_set_ca_certificates_doc[] = "\n\
130
Replace or set the CA certificates withing the PKCS12 object.\n\
132
@param cacerts: The new CA certificates.\n\
133
@type cacerts: Iterable of L{X509} or L{NoneType}\n\
137
crypto_PKCS12_set_ca_certificates(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
141
static char *kwlist[] = {"cacerts", NULL};
142
int i, len; /* Py_ssize_t for Python 2.5+ */
144
if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_ca_certificates",
147
if (cacerts == Py_None) {
151
cacerts = PySequence_Tuple(cacerts);
152
if (cacerts == NULL) {
155
len = PyTuple_Size(cacerts);
157
/* Check is's a simple list filled only with X509 objects. */
158
for (i = 0; i < len; i++) {
159
obj = PyTuple_GetItem(cacerts, i);
160
if (!crypto_X509_Check(obj)) {
162
PyErr_SetString(PyExc_TypeError, "iterable must only contain X509Type");
168
Py_DECREF(self->cacerts);
169
self->cacerts = cacerts;
175
static char crypto_PKCS12_get_friendlyname_doc[] = "\n\
176
Return friendly name portion of the PKCS12 structure\n\
178
@returns: String containing the friendlyname\n\
181
crypto_PKCS12_get_friendlyname(crypto_PKCS12Obj *self, PyObject *args) {
182
if (!PyArg_ParseTuple(args, ":get_friendlyname"))
185
Py_INCREF(self->friendlyname);
186
return (PyObject *) self->friendlyname;
189
static char crypto_PKCS12_set_friendlyname_doc[] = "\n\
190
Replace or set the certificate portion of the PKCS12 structure\n\
192
@param name: The new friendly name.\n\
193
@type name: L{str}\n\
197
crypto_PKCS12_set_friendlyname(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
198
PyObject *name = NULL;
199
static char *kwlist[] = {"name", NULL};
201
if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_friendlyname",
205
if (name != Py_None && ! PyString_CheckExact(name)) {
206
PyErr_SetString(PyExc_TypeError, "name must be a str or None");
210
Py_INCREF(name); /* Make consistent before calling Py_DECREF() */
211
Py_DECREF(self->friendlyname);
212
self->friendlyname = name;
218
static char crypto_PKCS12_export_doc[] = "\n\
219
export([passphrase=None][, friendly_name=None][, iter=2048][, maciter=1]\n\
220
Dump a PKCS12 object as a string. See also \"man PKCS12_create\".\n\
222
@param passphrase: used to encrypt the PKCS12\n\
223
@type passphrase: L{str}\n\
224
@param iter: How many times to repeat the encryption\n\
225
@type iter: L{int}\n\
226
@param maciter: How many times to repeat the MAC\n\
227
@type maciter: L{int}\n\
228
@return: The string containing the PKCS12\n\
231
crypto_PKCS12_export(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
232
int i; /* Py_ssize_t for Python 2.5+ */
236
char *temp, *passphrase = NULL, *friendly_name = NULL;
239
EVP_PKEY *pkey = NULL;
240
STACK_OF(X509) *cacerts = NULL;
242
int iter = 0; /* defaults to PKCS12_DEFAULT_ITER */
244
static char *kwlist[] = {"passphrase", "iter", "maciter", NULL};
246
if (!PyArg_ParseTupleAndKeywords(args, keywds, "|zii:export",
247
kwlist, &passphrase, &iter, &maciter))
250
if (self->key != Py_None) {
251
pkey = ((crypto_PKeyObj*) self->key)->pkey;
253
if (self->cert != Py_None) {
254
x509 = ((crypto_X509Obj*) self->cert)->x509;
256
if (self->cacerts != Py_None) {
257
cacerts = sk_X509_new_null();
258
for (i = 0; i < PyTuple_Size(self->cacerts); i++) { /* For each CA cert */
259
obj = PySequence_GetItem(self->cacerts, i);
260
/* assert(PyObject_IsInstance(obj, (PyObject *) &crypto_X509_Type )); */
261
sk_X509_push(cacerts, (( crypto_X509Obj* ) obj)->x509);
265
if (self->friendlyname != Py_None) {
266
friendly_name = PyString_AsString(self->friendlyname);
269
p12 = PKCS12_create(passphrase, friendly_name, pkey, x509, cacerts,
270
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
271
NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
273
sk_X509_free(cacerts); /* NULL safe. Free just the container. */
275
exception_from_error_queue(crypto_Error);
278
bio = BIO_new(BIO_s_mem());
279
i2d_PKCS12_bio(bio, p12);
280
buf_len = BIO_get_mem_data(bio, &temp);
281
buffer = PyString_FromStringAndSize(temp, buf_len);
71
287
* ADD_METHOD(name) expands to a correct PyMethodDef declaration
72
288
* { 'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc }
75
291
#define ADD_METHOD(name) \
76
292
{ #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS, crypto_PKCS12_##name##_doc }
293
#define ADD_KW_METHOD(name) \
294
{ #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS | METH_KEYWORDS, crypto_PKCS12_##name##_doc }
77
295
static PyMethodDef crypto_PKCS12_methods[] =
79
297
ADD_METHOD(get_certificate),
298
ADD_KW_METHOD(set_certificate),
80
299
ADD_METHOD(get_privatekey),
300
ADD_KW_METHOD(set_privatekey),
81
301
ADD_METHOD(get_ca_certificates),
302
ADD_KW_METHOD(set_ca_certificates),
303
ADD_METHOD(get_friendlyname),
304
ADD_KW_METHOD(set_friendlyname),
305
ADD_KW_METHOD(export),
105
331
int i, cacert_count = 0;
107
333
/* allocate space for the CA cert stack */
108
cacerts = sk_X509_new_null();
334
if((cacerts = sk_X509_new_null()) == NULL) {
335
goto error; /* out of memory? */
110
338
/* parse the PKCS12 lump */
111
if (!(cacerts && PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)))
339
if (p12 && !PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
341
* If PKCS12_parse fails, and it allocated cacerts, it seems to free
342
* cacerts, but not re-NULL the pointer. Zounds! Make sure it is
343
* re-set to NULL here, else we'll have a double-free below.
113
346
exception_from_error_queue(crypto_Error);
117
if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type)))
123
self->cacerts = Py_None;
125
if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL)
128
if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
131
/* Make a tuple for the CA certs */
350
if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
354
/* client certificate and friendlyName */
357
self->cert = Py_None;
359
self->friendlyname = Py_None;
361
if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
365
/* Now we need to extract the friendlyName of the PKCS12
366
* that was stored by PKCS_parse() in the alias of the
368
alias_str = X509_alias_get0(cert, &alias_len);
370
if (!(self->friendlyname = Py_BuildValue("s#", alias_str, alias_len))) {
379
self->friendlyname = Py_None;
388
if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
132
393
cacert_count = sk_X509_num(cacerts);
133
if (cacert_count > 0)
135
Py_DECREF(self->cacerts);
136
if ((self->cacerts = PyTuple_New(cacert_count)) == NULL)
394
if (cacert_count <= 0) {
396
self->cacerts = Py_None;
398
if ((self->cacerts = PyTuple_New(cacert_count)) == NULL) {
139
for (i = 0; i < cacert_count; i++)
402
for (i = 0; i < cacert_count; i++) {
141
403
cert = sk_X509_value(cacerts, i);
142
if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL)
404
if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
144
407
PyTuple_SET_ITEM(self->cacerts, i, cacertobj);
148
sk_X509_free(cacerts); /* don't free the certs, just the stack */
411
sk_X509_free(cacerts); /* Don't free the certs, just the container. */
149
412
PyObject_GC_Track(self);
153
crypto_PKCS12_dealloc(self);
417
sk_X509_free(cacerts); /* NULL safe. Free just the container. */
419
crypto_PKCS12_clear(self);
420
PyObject_GC_Del(self);
425
static char crypto_PKCS12_doc[] = "\n\
426
PKCS12() -> PKCS12 instance\n\
428
Create a new empty PKCS12 object.\n\
430
@returns: The PKCS12 object\n\
433
crypto_PKCS12_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
434
if (!PyArg_ParseTuple(args, ":PKCS12")) {
438
return (PyObject *)crypto_PKCS12_New(NULL, NULL);