def _get_aia_uri(certificate, nid):
info = lib.X509_get_ext_d2i(certificate, lib.NID_info_access, ffi.NULL,
ffi.NULL)
if (info == ffi.NULL):
return None
if lib.sk_ACCESS_DESCRIPTION_num(info) == 0:
lib.sk_ACCESS_DESCRIPTION_free(info)
return None
lst = []
count = lib.sk_ACCESS_DESCRIPTION_num(info)
for i in range(count):
ad = lib.sk_ACCESS_DESCRIPTION_value(info, i)
if lib.OBJ_obj2nid(ad.method) != nid or \
ad.location.type != lib.GEN_URI:
continue
uri = ad.location.d.uniformResourceIdentifier
ostr = _str_with_len(uri.data, uri.length)
lst.append(ostr)
lib.sk_ACCESS_DESCRIPTION_free(info)
# convert to tuple or None
if len(lst) == 0: return None
return tuple(lst)
def _get_crl_dp(certificate):
if lib.OPENSSL_VERSION_NUMBER >= 0x10001000:
lib.X509_check_ca(certificate)
dps = lib.X509_get_ext_d2i(certificate, lib.NID_crl_distribution_points,
ffi.NULL, ffi.NULL)
if dps is ffi.NULL:
return None
lst = []
count = lib.sk_DIST_POINT_num(dps)
for i in range(count):
dp = lib.sk_DIST_POINT_value(dps, i)
if not dp.distpoint:
return None
gns = dp.distpoint.name.fullname
jcount = lib.sk_GENERAL_NAME_num(gns)
for j in range(jcount):
gn = lib.sk_GENERAL_NAME_value(gns, j)
if gn.type != lib.GEN_URI:
continue
uri = gn.d.uniformResourceIdentifier
ouri = _str_with_len(uri.data, uri.length)
lst.append(ouri)
if lib.OPENSSL_VERSION_NUMBER < 0x10001000:
lib.sk_DIST_POINT_free(dps)
if len(lst) == 0: return None
return tuple(lst)