Example #1
0
    def getCommonName(self):
        """Get the Subject's Common Name from the certificate.

        The cryptlib_py module must be installed in order to use this
        function.

        @rtype: str or None
        @return: The CN component of the certificate's subject DN, if
        present.
        """
        import cryptlib_py
        import array

        c = cryptlib_py.cryptImportCert(self.bytes, cryptlib_py.CRYPT_UNUSED)
        name = cryptlib_py.CRYPT_CERTINFO_COMMONNAME
        try:
            try:
                length = cryptlib_py.cryptGetAttributeString(c, name, None)
                returnVal = array.array("B", [0] * length)
                cryptlib_py.cryptGetAttributeString(c, name, returnVal)
                returnVal = returnVal.tostring()
            except cryptlib_py.CryptException, e:
                if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND:
                    returnVal = None
            return returnVal
Example #2
0
    def getCommonName(self):
        """Get the Subject's Common Name from the certificate.

        The cryptlib_py module must be installed in order to use this
        function.

        @rtype: str or None
        @return: The CN component of the certificate's subject DN, if
        present.
        """
        import cryptlib_py
        import array
        c = cryptlib_py.cryptImportCert(self.bytes, cryptlib_py.CRYPT_UNUSED)
        name = cryptlib_py.CRYPT_CERTINFO_COMMONNAME
        try:
            try:
                length = cryptlib_py.cryptGetAttributeString(c, name, None)
                returnVal = array.array('B', [0] * length)
                cryptlib_py.cryptGetAttributeString(c, name, returnVal)
                returnVal = returnVal.tostring()
            except cryptlib_py.CryptException as e:
                if e[0] == cryptlib_py.CRYPT_ERROR_NOTFOUND:
                    returnVal = None
            return returnVal
        finally:
            cryptlib_py.cryptDestroyCert(c)
    def validate(self, x509TrustList):
        """Check the validity of the certificate chain.

        This checks that every certificate in the chain validates with
        the subsequent one, until some certificate validates with (or
        is identical to) one of the passed-in root certificates.

        The cryptlib_py module must be installed in order to use this
        function.

        @type x509TrustList: list of L{tlslite.X509.X509}
        @param x509TrustList: A list of trusted root certificates.  The
        certificate chain must extend to one of these certificates to
        be considered valid.
        """

        import cryptlib_py
        c1 = None
        c2 = None
        lastC = None
        rootC = None

        try:
            rootFingerprints = [c.getFingerprint() for c in x509TrustList]

            #Check that every certificate in the chain validates with the
            #next one
            for cert1, cert2 in zip(self.x509List, self.x509List[1:]):

                #If we come upon a root certificate, we're done.
                if cert1.getFingerprint() in rootFingerprints:
                    return True

                c1 = cryptlib_py.cryptImportCert(cert1.writeBytes(),
                                                 cryptlib_py.CRYPT_UNUSED)
                c2 = cryptlib_py.cryptImportCert(cert2.writeBytes(),
                                                 cryptlib_py.CRYPT_UNUSED)
                try:
                    cryptlib_py.cryptCheckCert(c1, c2)
                except:
                    return False
                cryptlib_py.cryptDestroyCert(c1)
                c1 = None
                cryptlib_py.cryptDestroyCert(c2)
                c2 = None

            #If the last certificate is one of the root certificates, we're
            #done.
            if self.x509List[-1].getFingerprint() in rootFingerprints:
                return True

            #Otherwise, find a root certificate that the last certificate
            #chains to, and validate them.
            lastC = cryptlib_py.cryptImportCert(self.x509List[-1].writeBytes(),
                                                cryptlib_py.CRYPT_UNUSED)
            for rootCert in x509TrustList:
                rootC = cryptlib_py.cryptImportCert(rootCert.writeBytes(),
                                                    cryptlib_py.CRYPT_UNUSED)
                if self._checkChaining(lastC, rootC):
                    try:
                        cryptlib_py.cryptCheckCert(lastC, rootC)
                        return True
                    except:
                        return False
            return False
        finally:
            if not (c1 is None):
                cryptlib_py.cryptDestroyCert(c1)
            if not (c2 is None):
                cryptlib_py.cryptDestroyCert(c2)
            if not (lastC is None):
                cryptlib_py.cryptDestroyCert(lastC)
            if not (rootC is None):
                cryptlib_py.cryptDestroyCert(rootC)
Example #4
0
    def validate(self, x509TrustList):
        """Check the validity of the certificate chain.

        This checks that every certificate in the chain validates with
        the subsequent one, until some certificate validates with (or
        is identical to) one of the passed-in root certificates.

        The cryptlib_py module must be installed in order to use this
        function.

        @type x509TrustList: list of L{tlslite.X509.X509}
        @param x509TrustList: A list of trusted root certificates.  The
        certificate chain must extend to one of these certificates to
        be considered valid.
        """

        import cryptlib_py
        c1 = None
        c2 = None
        lastC = None
        rootC = None

        try:
            rootFingerprints = [c.getFingerprint() for c in x509TrustList]

            #Check that every certificate in the chain validates with the
            #next one
            for cert1, cert2 in zip(self.x509List, self.x509List[1:]):

                #If we come upon a root certificate, we're done.
                if cert1.getFingerprint() in rootFingerprints:
                    return True

                c1 = cryptlib_py.cryptImportCert(cert1.writeBytes(),
                                                 cryptlib_py.CRYPT_UNUSED)
                c2 = cryptlib_py.cryptImportCert(cert2.writeBytes(),
                                                 cryptlib_py.CRYPT_UNUSED)
                try:
                    cryptlib_py.cryptCheckCert(c1, c2)
                except:
                    return False
                cryptlib_py.cryptDestroyCert(c1)
                c1 = None
                cryptlib_py.cryptDestroyCert(c2)
                c2 = None

            #If the last certificate is one of the root certificates, we're
            #done.
            if self.x509List[-1].getFingerprint() in rootFingerprints:
                return True

            #Otherwise, find a root certificate that the last certificate
            #chains to, and validate them.
            lastC = cryptlib_py.cryptImportCert(self.x509List[-1].writeBytes(),
                                                cryptlib_py.CRYPT_UNUSED)
            for rootCert in x509TrustList:
                rootC = cryptlib_py.cryptImportCert(rootCert.writeBytes(),
                                                    cryptlib_py.CRYPT_UNUSED)
                if self._checkChaining(lastC, rootC):
                    try:
                        cryptlib_py.cryptCheckCert(lastC, rootC)
                        return True
                    except:
                        return False
            return False
        finally:
            if not (c1 is None):
                cryptlib_py.cryptDestroyCert(c1)
            if not (c2 is None):
                cryptlib_py.cryptDestroyCert(c2)
            if not (lastC is None):
                cryptlib_py.cryptDestroyCert(lastC)
            if not (rootC is None):
                cryptlib_py.cryptDestroyCert(rootC)