class X509PrivateKey(object):
def __new__(cls, *args, **kwargs):
instance = object.__new__(cls)
instance.__deinit = gnutls_x509_privkey_deinit
instance._c_object = gnutls_x509_privkey_t()
return instance
@method_args(str, one_of(X509_FMT_PEM, X509_FMT_DER))
def __init__(self, buf, format=X509_FMT_PEM):
gnutls_x509_privkey_init(byref(self._c_object))
data = gnutls_datum_t(cast(c_char_p(buf), POINTER(c_ubyte)), c_uint(len(buf)))
gnutls_x509_privkey_import(self._c_object, byref(data), format)
def __del__(self):
self.__deinit(self._c_object)
@method_args(one_of(X509_FMT_PEM, X509_FMT_DER))
def export(self, format=X509_FMT_PEM):
size = c_size_t(4096)
pemdata = create_string_buffer(size.value)
try:
gnutls_x509_privkey_export(self._c_object, format, cast(pemdata, c_void_p), byref(size))
except MemoryError:
pemdata = create_string_buffer(size.value)
gnutls_x509_privkey_export(self._c_object, format, cast(pemdata, c_void_p), byref(size))
return pemdata.raw[:size.value]
class OpenPGPPrivateKey(object):
def __new__(cls, *args, **kwargs):
instance = object.__new__(cls)
instance.__deinit = gnutls_openpgp_privkey_deinit
instance._c_object = gnutls_openpgp_privkey_t()
return instance
@method_args(str, one_of(OPENPGP_FMT_RAW, OPENPGP_FMT_BASE64))
def __init__(self, buf, format=OPENPGP_FMT_BASE64):
gnutls_openpgp_privkey_init(byref(self._c_object))
data = gnutls_datum_t(cast(c_char_p(buf), POINTER(c_ubyte)),
c_uint(len(buf)))
gnutls_openpgp_privkey_import(self._c_object, byref(data), format,
None, c_uint(0))
def __del__(self):
self.__deinit(self._c_object)
@method_args(one_of(OPENPGP_FMT_RAW, OPENPGP_FMT_BASE64))
def export(self, format=OPENPGP_FMT_BASE64):
size = c_size_t(4096)
pemdata = create_string_buffer(size.value)
try:
gnutls_openpgp_privkey_export(self._c_object, format, None, 0,
cast(pemdata, c_void_p), byref(size))
except MemoryError:
pemdata = create_string_buffer(size.value)
gnutls_openpgp_privkey_export(self._c_object, format, None, 0,
cast(pemdata, c_void_p), byref(size))
return pemdata.value
class X509CRL(object):
def __new__(cls, *args, **kwargs):
instance = object.__new__(cls)
instance.__deinit = gnutls_x509_crl_deinit
instance._c_object = gnutls_x509_crl_t()
return instance
@method_args(str, one_of(X509_FMT_PEM, X509_FMT_DER))
def __init__(self, buf, format=X509_FMT_PEM):
gnutls_x509_crl_init(byref(self._c_object))
data = gnutls_datum_t(cast(c_char_p(buf), POINTER(c_ubyte)),
c_uint(len(buf)))
gnutls_x509_crl_import(self._c_object, byref(data), format)
def __del__(self):
self.__deinit(self._c_object)
@property
def count(self):
return gnutls_x509_crl_get_crt_count(self._c_object)
@property
def version(self):
return gnutls_x509_crl_get_version(self._c_object)
@property
def issuer(self):
size = c_size_t(256)
dname = create_string_buffer(size.value)
try:
gnutls_x509_crl_get_issuer_dn(self._c_object, dname, byref(size))
except MemoryError:
dname = create_string_buffer(size.value)
gnutls_x509_crl_get_issuer_dn(self._c_object, dname, byref(size))
return X509Name(dname.value)
@method_args(X509Certificate)
def is_revoked(self, cert):
"""Return True if certificate is revoked, False otherwise"""
return bool(
gnutls_x509_crt_check_revocation(cert._c_object,
byref(self._c_object), 1))
def check_revocation(self, cert, cert_name='certificate'):
"""Raise CertificateRevokedError if the given certificate is revoked"""
if self.is_revoked(cert):
raise CertificateRevokedError("%s was revoked" % cert_name)
@method_args(one_of(X509_FMT_PEM, X509_FMT_DER))
def export(self, format=X509_FMT_PEM):
size = c_size_t(4096)
pemdata = create_string_buffer(size.value)
try:
gnutls_x509_crl_export(self._c_object, format,
cast(pemdata, c_void_p), byref(size))
except MemoryError:
pemdata = create_string_buffer(size.value)
gnutls_x509_crl_export(self._c_object, format,
cast(pemdata, c_void_p), byref(size))
return pemdata.value
class X509Certificate(object):
def __new__(cls, *args, **kwargs):
instance = object.__new__(cls)
instance.__deinit = gnutls_x509_crt_deinit
instance._c_object = gnutls_x509_crt_t()
instance._alternative_names = None
return instance
@method_args(str, one_of(X509_FMT_PEM, X509_FMT_DER))
def __init__(self, buf, format=X509_FMT_PEM):
gnutls_x509_crt_init(byref(self._c_object))
data = gnutls_datum_t(cast(c_char_p(buf), POINTER(c_ubyte)), c_uint(len(buf)))
gnutls_x509_crt_import(self._c_object, byref(data), format)
def __del__(self):
self.__deinit(self._c_object)
@property
def subject(self):
size = c_size_t(256)
dname = create_string_buffer(size.value)
try:
gnutls_x509_crt_get_dn(self._c_object, dname, byref(size))
except MemoryError:
dname = create_string_buffer(size.value)
gnutls_x509_crt_get_dn(self._c_object, dname, byref(size))
return X509Name(dname.value)
@property
def issuer(self):
size = c_size_t(256)
dname = create_string_buffer(size.value)
try:
gnutls_x509_crt_get_issuer_dn(self._c_object, dname, byref(size))
except MemoryError:
dname = create_string_buffer(size.value)
gnutls_x509_crt_get_issuer_dn(self._c_object, dname, byref(size))
return X509Name(dname.value)
@property
def alternative_names(self):
if self._alternative_names is not None:
return self._alternative_names
names = {}
size = c_size_t(256)
alt_name = create_string_buffer(size.value)
for i in xrange(65536):
try:
name_type = gnutls_x509_crt_get_subject_alt_name(self._c_object, i, alt_name, byref(size), None)
except RequestedDataNotAvailable:
break
except MemoryError:
alt_name = create_string_buffer(size.value)
name_type = gnutls_x509_crt_get_subject_alt_name(self._c_object, i, alt_name, byref(size), None)
names.setdefault(name_type, []).append(alt_name.value)
self._alternative_names = AlternativeNames(names)
return self._alternative_names
@property
def serial_number(self):
size = c_size_t(1)
serial = c_ulong()
try:
gnutls_x509_crt_get_serial(self._c_object, cast(byref(serial), c_void_p), byref(size))
except MemoryError:
import struct, sys
serial = create_string_buffer(size.value * sizeof(c_void_p))
gnutls_x509_crt_get_serial(self._c_object, cast(serial, c_void_p), byref(size))
pad = size.value * sizeof(c_void_p) - len(serial.value)
format = '@%dL' % size.value
numbers = list(struct.unpack(format, serial.value + pad*'\x00'))
if sys.byteorder == 'little':
numbers.reverse()
number = 0
offset = sizeof(c_void_p) * 8
for n in numbers:
number = (number<<offset) + n
return number
else:
return serial.value
@property
def activation_time(self):
return gnutls_x509_crt_get_activation_time(self._c_object)
@property
def expiration_time(self):
return gnutls_x509_crt_get_expiration_time(self._c_object)
@property
def version(self):
return gnutls_x509_crt_get_version(self._c_object)
#@method_args(X509Certificate)
def has_issuer(self, issuer):
"""Return True if the certificate was issued by the given issuer, False otherwise."""
if not isinstance(issuer, X509Certificate):
raise TypeError("issuer must be an X509Certificate object")
return bool(gnutls_x509_crt_check_issuer(self._c_object, issuer._c_object))
@method_args(str)
def has_hostname(self, hostname):
"""Return True if the hostname matches the DNSName/IPAddress subject alternative name extension
of this certificate, False otherwise."""
## For details see http://www.ietf.org/rfc/rfc2459.txt, section 4.2.1.7 Subject Alternative Name
return bool(gnutls_x509_crt_check_hostname(self._c_object, hostname))
def check_issuer(self, issuer):
"""Raise CertificateError if certificate was not issued by the given issuer"""
if not self.has_issuer(issuer):
raise CertificateError("certificate issuer doesn't match")
def check_hostname(self, hostname):
"""Raise CertificateError if the certificate DNSName/IPAddress subject alternative name extension
doesn't match the given hostname"""
if not self.has_hostname(hostname):
raise CertificateError("certificate doesn't match hostname")
@method_args(one_of(X509_FMT_PEM, X509_FMT_DER))
def export(self, format=X509_FMT_PEM):
size = c_size_t(4096)
pemdata = create_string_buffer(size.value)
try:
gnutls_x509_crt_export(self._c_object, format, cast(pemdata, c_void_p), byref(size))
except MemoryError:
pemdata = create_string_buffer(size.value)
gnutls_x509_crt_export(self._c_object, format, cast(pemdata, c_void_p), byref(size))
return pemdata.raw[:size.value]
class OpenPGPCertificate(object):
def __new__(cls, *args, **kwargs):
instance = object.__new__(cls)
instance.__deinit = gnutls_openpgp_crt_deinit
instance._c_object = gnutls_openpgp_crt_t()
instance._alternative_names = None
return instance
@method_args(str, one_of(OPENPGP_FMT_RAW, OPENPGP_FMT_BASE64))
def __init__(self, buf, format=OPENPGP_FMT_BASE64):
gnutls_openpgp_crt_init(byref(self._c_object))
data = gnutls_datum_t(cast(c_char_p(buf), POINTER(c_ubyte)),
c_uint(len(buf)))
gnutls_openpgp_crt_import(self._c_object, byref(data), format)
def __del__(self):
self.__deinit(self._c_object)
@method_args(int)
def uid(self, idx=0):
size = c_size_t(256)
dname = create_string_buffer(size.value)
try:
gnutls_openpgp_crt_get_name(self._c_object, idx, dname,
byref(size))
except MemoryError:
dname = create_string_buffer(size.value)
gnutls_openpgp_crt_get_name(self._c_object, idx, dname,
byref(size))
return OpenPGPUid(dname.value)
@property
def creation_time(self):
return gnutls_openpgp_crt_get_creation_time(self._c_object)
@property
def expiration_time(self):
return gnutls_openpgp_crt_get_expiration_time(self._c_object)
@property
def fingerprint(self):
size = c_size_t(20)
fprdata = create_string_buffer(size.value)
gnutls_openpgp_crt_get_fingerprint(self._c_object,
cast(fprdata, c_void_p),
byref(size))
return ''.join(["%02X" % ord(x) for x in fprdata.value])
@property
def version(self):
return gnutls_openpgp_crt_get_version(self._c_object)
@method_args(one_of(OPENPGP_FMT_RAW, OPENPGP_FMT_BASE64))
def export(self, format=OPENPGP_FMT_BASE64):
size = c_size_t(4096)
pemdata = create_string_buffer(size.value)
try:
gnutls_openpgp_crt_export(self._c_object, format,
cast(pemdata, c_void_p), byref(size))
except MemoryError:
pemdata = create_string_buffer(size.value)
gnutls_openpgp_crt_export(self._c_object, format,
cast(pemdata, c_void_p), byref(size))
return pemdata.value