~ubuntu-branches/ubuntu/maverick/pyca/maverick

« back to all changes in this revision

Viewing changes to pylib/openssl/cert.py

Committer: Bazaar Package Importer
Author(s): Lars Bahner
Date: 2003-12-02 19:39:35 UTC
Revision ID: james.westby@ubuntu.com-20031202193935-fzzt289mntvy6a8q

Tags: upstream-20031118

Import upstream version 20031118

files added:

bin/ca2ldif.py

bin/certs2ldap.py

bin/copy-cacerts.py

bin/ldap2certs.py

bin/ns-jsconfig.py

bin/print-cacerts.py

cgi-bin

cgi-bin/browser-check.py

cgi-bin/ca-index.py

cgi-bin/cert-query.py

cgi-bin/client-enroll.py

cgi-bin/get-cert.py

cgi-bin/ns-check-rev.py

cgi-bin/ns-revoke.py

cgi-bin/pycacnf.py

cgi-bin/scep.py

cgi-bin/view-cert.py

conf

conf/cacert_AuthCerts.cnf

conf/cacert_CodeSigning.cnf

conf/cacert_EmailCerts.cnf

conf/cacert_Root.cnf

conf/cacert_ServerCerts.cnf

conf/openssl.cnf

conf/ssl_server_csr.cnf

docs

help

htdocs

htdocs/changes.html

htdocs/config.html

htdocs/demo.html

htdocs/download.html

htdocs/faq.html

htdocs/features.html

htdocs/feedback.html

htdocs/files.html

htdocs/help

htdocs/help/client-enroll.html.de

htdocs/help/client-enroll.html.en

htdocs/install.html

htdocs/news.html

htdocs/overview.html

htdocs/pyca.html

htdocs/related.html

htdocs/roadmap.html

htdocs/security.html

htdocs/ssi

htdocs/ssi/footer.html

htdocs/ssi/head.html

htdocs/ssi/navigation.html

pylib

pylib/certhelper.py

pylib/cgiforms.py

pylib/cgihelper.py

pylib/cgissl.py

pylib/charset.py

pylib/htmlbase.py

pylib/ipadr.py

pylib/ldapbase.py

pylib/ldif.py

pylib/openssl

pylib/openssl/__init__.py

pylib/openssl/cert.py

pylib/openssl/cnf.py

pylib/openssl/db.py

pylib/vbs.py

sbin

sbin/ca-certreq-mail.py

sbin/ca-cycle-priv.py

sbin/ca-cycle-pub.py

sbin/ca-make.py

sbin/ca-revoke.py

sbin/pickle-cnf.py

Show diffs side-by-side

added added

removed removed

pylib/openssl/cert.py

#######################################################################

# openssl.cert.py Version 0.6.6

# (c) by Michael Stroeder, michael.stroeder@propack-data.de

########################################################################

# Module for accessing certificate files

########################################################################

import sys, string, os, time

import openssl, charset, certhelper

certformats = ['pem','der','txt','net']

X509v1_certattrlist = ['CN','Email','OU','O','L','ST','C']

########################################################################

# functions used throughout this module

########################################################################

def GuessFormatbyExt(certfilename):

ext = string.lower(os.path.splitext(certfilename)[1])

if ext in certformats:

return ext

else:

return 'pem'

def GetCertValues(certfilename,inform='',command='x509'):

command = string.lower(command)

if command == 'x509':

opensslcommand = '%s x509 -in %s -fingerprint -inform %s -noout -subject -issuer -dates -serial -hash' % (openssl.bin_filename,certfilename,inform)

elif command == 'crl':

opensslcommand = '%s crl -in %s -inform %s -noout -issuer -lastupdate -nextupdate -hash' % (openssl.bin_filename,certfilename,inform)

result={}

hash=''

pipe = os.popen(opensslcommand)

s=pipe.readline()

while s:

try:

name, value = string.split(s,'=',1)

except ValueError:

hash = string.strip(s)

result[name]=string.strip(value)

s=pipe.readline()

rc = pipe.close()

if rc and rc!=256:

raise IOError,"Error %s: %s" % (rc,opensslcommand)

return hash, result

########################################################################

# X509CertificateClass

########################################################################

class X509CertificateClass:

def __init__(self,certfilename,inform=''):

self.filename = certfilename

if not inform:

self.format = GuessFormatbyExt(self.filename)

else:

self.format = inform

self.hash,certattrs = GetCertValues(self.filename,self.format,'x509')

self.issuer = openssl.db.SplitDN(certattrs.get('issuer',{}))

self.subject = openssl.db.SplitDN(certattrs.get('subject',{}))

self.serial = string.atoi(certattrs.get('serial','-1'),16)

self.notBefore = certattrs.get('notBefore','')

if self.notBefore:

self.notBefore_secs = time.mktime(time.strptime(self.notBefore,'%b %d %H:%M:%S %Y GMT'))

else:

self.notBefore_secs = 0

self.notAfter = certattrs.get('notAfter','')

if self.notAfter:

self.notAfter_secs = time.mktime(time.strptime(self.notAfter,'%b %d %H:%M:%S %Y GMT'))

else:

self.notAfter_secs = 0

# Fingerprint suchen

certattrs_keys = certattrs.keys()

self.fingerprint = {}

for i in certattrs_keys:

if i[-11:]=='Fingerprint':

self.fingerprint[string.upper(string.split(i)[0])] = string.split(certattrs[i],':')

# get serial number of certificate

def serial(self):

return string.atoi(self.serial)

def getfingerprint(self,digest='md5',delimiter=':'):

digest = string.upper(digest)

if not digest in ['MD2','MD5','MDC2','RMD160','SHA','SHA1']:

raise ValueError, 'Illegal parameter for digest: %s' % digest

elif self.fingerprint.has_key(digest):

result = self.fingerprint[digest]

elif digest=='MD5':

100

return certhelper.MD5Fingerprint(certhelper.pem2der(open(self.filename,'r').read()),delimiter)

101

elif digest=='SHA1':

102

return certhelper.SHA1Fingerprint(certhelper.pem2der(open(self.filename,'r').read()),delimiter)

103

else:

104

opensslcommand = '%s x509 -in %s -inform %s -outform DER | %s %s' % (

105

openssl.bin_filename,

106

self.filename,

107

self.format,

108

openssl.bin_filename,

109

string.lower(digest)

110

)

111

f = os.popen(opensslcommand)

112

rawdigest = string.strip(f.read())

113

rc = f.close()

114

if rc and rc!=256:

115

raise IOError,"Error %s: %s" % (rc,opensslcommand)

116

result = []

117

for i in range(len(rawdigest)/2):

118

result.append(rawdigest[2*i:2*(i+1)])

119

self.fingerprint[digest] = result

120

return string.upper(string.join(result,delimiter))

121

122

# return certificate in a string, desired format given in outform

123

def readcertfile(self,outform='PEM'):

124

if not (string.lower(outform) in certformats):

125

raise ValueError,'invalid certificate output format'

126

f = os.popen('%s x509 -in %s -inform %s -outform %s' % (openssl.bin_filename,self.filename,self.format,outform))

127

buf = f.read()

128

result = []

129

while buf:

130

result.append(buf)

131

buf = f.read()

132

rc = f.close()

133

if rc and rc!=256:

134

raise IOError,"Error %s: %s" % (rc,opensslcommand)

135

return string.join(result)

136

137

# Return a string containing the cert attributes

138

def asciiprint(self):

139

140

# Convert character sets

141

subjectdatalist = []

142

issuerdatalist = []

143

for attr in X509v1_certattrlist:

144

subjectdatalist.append('%-5s: %s' % (attr,string.strip(charset.asn12iso(self.subject.get(attr,'')))))

145

issuerdatalist.append('%-5s: %s' % (attr,string.strip(charset.asn12iso(self.issuer.get(attr,'')))))

146

147

return """This certificate belongs to:

148

149

150

This certificate was issued by:

151

152

153

Serial Number: %s

154

155

This certificate is valid

156

from %s until %s.

157

158

Certificate Fingerprint:

159

SHA-1: %s

160

MD5 : %s

161

""" % ( \

162

string.join(subjectdatalist,'\n'),

163

string.join(issuerdatalist,'\n'),

164

self.serial,

165

self.notBefore,

166

self.notAfter,

167

self.getfingerprint('sha1'),

168

self.getfingerprint('md5'),

169

)

170

171

# Return a string containing a nice formatted <TABLE> with cert info

172

def htmlprint(self):

173

174

# Convert character sets

175

subjectdatalist = []

176

issuerdatalist = []

177

for attr in X509v1_certattrlist:

178

subjectdatalist.append(string.strip(charset.asn12html4(self.subject.get(attr,''))))

179

issuerdatalist.append(string.strip(charset.asn12html4(self.issuer.get(attr,''))))

180

181

return """

182

183

<TR>

184

185

<DL>

186

<DT><STRONG>This certificate belongs to:</STRONG></DT>

187

188

</DL>

189

</TD>

190

<TD>

191

<DL>

192

<DT><STRONG>This certificate was issued by:</STRONG></DT>

193

194

</DL>

195

</TD>

196

</TR>

197

<TR>

198

199

<DL>

200

<DT><STRONG>Serial Number:</STRONG><DT>

201

202

<DT><STRONG>This certificate is valid from %s until %s.</STRONG></DT>

203

<DT><STRONG>Certificate Fingerprint:</STRONG></DT>

204

205

</DL>

206

</TD>

207

</TR>

208

</TABLE>

209

""" % ( \

210

string.join(subjectdatalist,'<BR>'),

211

string.join(issuerdatalist,'<BR>'),

212

self.serial,

213

self.notBefore,

214

self.notAfter,

215

self.getfingerprint('sha1'),

216

self.getfingerprint('md5'),

217

)

218

219

220

########################################################################

221

# CRLClass

222

########################################################################

223

224

class CRLClass:

225

226

def __init__(self,crlfilename,inform=''):

227

self.filename = crlfilename

228

if not inform:

229

self.format = GuessFormatbyExt(self.filename)

230

else:

231

self.format = inform

232

self.hash,certattrs = GetCertValues(self.filename,self.format,'crl')

233

self.issuer = openssl.db.SplitDN(certattrs.get('issuer',openssl.db.empty_DN_dict))

234

self.hash = certattrs.get('hash','')

235

self.lastUpdate = certattrs.get('lastUpdate','')

236

if self.lastUpdate:

237

self.lastUpdate_secs = time.mktime(time.strptime(self.lastUpdate,'%b %d %H:%M:%S %Y GMT'))

238

else:

239

self.lastUpdate_secs = 0

240

self.nextUpdate = certattrs.get('nextUpdate','')

241

if self.nextUpdate:

242

self.nextUpdate_secs = time.mktime(time.strptime(self.nextUpdate,'%b %d %H:%M:%S %Y GMT'))

243

else:

244

self.notAfter_secs = 0

245

246

# return certificate in a string, desired format given in outform

247

def readcertfile(self,outform='PEM'):

248

if not (string.lower(outform) in certformats):

249

raise ValueError,'invalid certificate output format'

250

f = os.popen('%s crl -in %s -inform %s -outform %s' % (openssl.bin_filename,self.filename,self.format,outform))

251

buf = f.read()

252

result = []

253

while buf:

254

result.append(buf)

255

buf = f.read()

256

rc = f.close()

257

if rc and rc!=256:

258

raise IOError,"Error %s: %s" % (rc,opensslcommand)

259

return string.join(result)

260

261

262

########################################################################

263

# SPKACClass

264

########################################################################

265

266

class SPKACClass:

267

268

def __init__(self,spkacfilename,inform=''):

269

self.filename = spkacfilename

270

self.data = {}

271

spkacfile = open(self.filename,'r')

272

s = spkacfile.readline()

273

while s:

274

try:

275

attr,value=string.split(s,'=',1)

276

self.data[string.strip(attr)]=string.strip(value)

277

except ValueError:

278

pass

279

s = spkacfile.readline()

280

Older »