def _create_v2_cert(self, version, extensions, x509, path):
# At this time, we only support v2 entitlement certificates:
if not EXT_ENT_PAYLOAD in extensions:
raise CertificateException("Unable to parse non-entitlement "
"v2 certificates")
payload = self._decompress_payload(extensions[EXT_ENT_PAYLOAD])
order = self._parse_v2_order(payload)
content = self._parse_v2_content(payload)
products = self._parse_v2_products(payload)
cert = EntitlementCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
subject=self._read_subject(x509),
order=order,
content=content,
products=products,
)
return cert
def _create_v3_cert(self, version, extensions, x509, path, pem):
# At this time, we only support v3 entitlement certificates:
try:
entitlement = pem.split("-----BEGIN ENTITLEMENT DATA-----")[1]
entitlement = entitlement.split("-----END ENTITLEMENT DATA-----")[0].strip()
except IndexError:
raise CertificateException("Unable to parse non-entitlement v3 certificate")
payload = self._decompress_payload(base64.b64decode(entitlement))
order = self._parse_v3_order(payload)
content = self._parse_v3_content(payload)
products = self._parse_v3_products(payload)
cert = EntitlementCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
subject=self._read_subject(x509),
order=order,
content=content,
products=products,
pem=pem
)
return cert
def _create_identity_cert(self, extensions, x509, path):
cert = IdentityCertificate(
x509=x509,
path=path,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
alt_name=self._read_alt_name(x509),
subject=self._read_subject(x509),
)
return cert
def _create_identity_cert(self, version, extensions, x509, path):
cert = IdentityCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
alt_name=self._read_alt_name(x509),
subject=self._read_subject(x509),
)
return cert
def _create_v1_prod_cert(self, version, extensions, x509, path):
products = self._parse_v1_products(extensions)
cert = ProductCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
products=products,
subject=self._read_subject(x509),
)
return cert
def _create_v1_prod_cert(self, version, extensions, x509, path):
products = self._parse_v1_products(extensions)
cert = ProductCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
products=products,
subject=self._read_subject(x509),
)
return cert
def _create_v1_ent_cert(self, version, extensions, x509, path):
order = self._parse_v1_order(extensions)
content = self._parse_v1_content(extensions)
products = self._parse_v1_products(extensions)
cert = EntitlementCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
subject=self._read_subject(x509),
order=order,
content=content,
products=products,
)
return cert
def _create_v1_ent_cert(self, version, extensions, x509, path):
order = self._parse_v1_order(extensions)
content = self._parse_v1_content(extensions)
products = self._parse_v1_products(extensions)
cert = EntitlementCertificate(
x509=x509,
path=path,
version=version,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
subject=self._read_subject(x509),
order=order,
content=content,
products=products,
extensions=extensions,
)
return cert
def _create_v3_cert(self, version, extensions, x509, path, pem):
# At this time, we only support v3 entitlement certificates
try:
# this is only expected to be available on the client side
entitlement_data = pem.split("-----BEGIN ENTITLEMENT DATA-----")[1]
entitlement_data = entitlement_data.split(
"-----END ENTITLEMENT DATA-----")[0].strip()
except IndexError:
entitlement_data = None
if entitlement_data:
payload = self._decompress_payload(
base64.b64decode(entitlement_data))
order = self._parse_v3_order(payload)
content = self._parse_v3_content(payload)
products = self._parse_v3_products(payload)
pool = self._parse_v3_pool(payload)
else:
order = None
content = None
products = None
pool = None
cert = EntitlementCertificate(
x509=x509,
path=path,
version=version,
extensions=extensions,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
subject=self._read_subject(x509),
order=order,
content=content,
products=products,
pool=pool,
pem=pem,
issuer=self._read_issuer(x509),
)
return cert
def _create_v3_cert(self, version, extensions, x509, path, pem):
# At this time, we only support v3 entitlement certificates
try:
# this is only expected to be available on the client side
entitlement_data = pem.split("-----BEGIN ENTITLEMENT DATA-----")[1]
entitlement_data = entitlement_data.split("-----END ENTITLEMENT DATA-----")[0].strip()
except IndexError:
entitlement_data = None
if entitlement_data:
payload = self._decompress_payload(base64.b64decode(entitlement_data))
order = self._parse_v3_order(payload)
content = self._parse_v3_content(payload)
products = self._parse_v3_products(payload)
pool = self._parse_v3_pool(payload)
else:
order = None
content = None
products = None
pool = None
cert = EntitlementCertificate(
x509=x509,
path=path,
version=version,
extensions=extensions,
serial=x509.get_serial_number(),
start=get_datetime_from_x509(x509.get_not_before()),
end=get_datetime_from_x509(x509.get_not_after()),
subject=self._read_subject(x509),
order=order,
content=content,
products=products,
pool=pool,
pem=pem,
issuer=self._read_issuer(x509),
)
return cert
