diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-06-10 14:19:07 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
| commit | 4ae3f815ba8e8f910cd2179c5ed402e7c3ea3db8 (patch) | |
| tree | 033df4185f139f7a8f22ffd94c23c08c85159ef4 /ipalib | |
| parent | 586373cf077f3761004414c3809785dfbcb6ef46 (diff) | |
| download | freeipa-4ae3f815ba8e8f910cd2179c5ed402e7c3ea3db8.tar.gz freeipa-4ae3f815ba8e8f910cd2179c5ed402e7c3ea3db8.tar.xz freeipa-4ae3f815ba8e8f910cd2179c5ed402e7c3ea3db8.zip | |
Add functions for extracting certificates fields in DER to ipalib.x509.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/x509.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index 2d38261f6..bc9ea5f25 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -37,6 +37,8 @@ import base64 import re import nss.nss as nss from nss.error import NSPRError +from pyasn1.type import univ, namedtype, tag +from pyasn1.codec.der import decoder, encoder from ipapython import ipautil from ipalib import api from ipalib import _ @@ -171,6 +173,59 @@ def is_self_signed(certificate, datatype=PEM, dbdir=None): del nsscert return self_signed +class _TBSCertificate(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType( + 'version', + univ.Integer().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 0))), + namedtype.NamedType('serialNumber', univ.Integer()), + namedtype.NamedType('signature', univ.Sequence()), + namedtype.NamedType('issuer', univ.Sequence()), + namedtype.NamedType('validity', univ.Sequence()), + namedtype.NamedType('subject', univ.Sequence()), + namedtype.NamedType('subjectPublicKeyInfo', univ.Sequence()), + namedtype.OptionalNamedType( + 'issuerUniquedID', + univ.BitString().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 1))), + namedtype.OptionalNamedType( + 'subjectUniquedID', + univ.BitString().subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 2))), + namedtype.OptionalNamedType( + 'extensions', + univ.Sequence().subtype(explicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 3))), + ) + +class _Certificate(univ.Sequence): + componentType = namedtype.NamedTypes( + namedtype.NamedType('tbsCertificate', _TBSCertificate()), + namedtype.NamedType('signatureAlgorithm', univ.Sequence()), + namedtype.NamedType('signature', univ.BitString()), + ) + +def _get_der_field(cert, datatype, dbdir, field): + cert = load_certificate(cert, datatype, dbdir) + cert = cert.der_data + cert = decoder.decode(cert, _Certificate())[0] + field = cert['tbsCertificate'][field] + field = encoder.encode(field) + return field + +def get_der_subject(cert, datatype=PEM, dbdir=None): + return _get_der_field(cert, datatype, dbdir, 'subject') + +def get_der_issuer(cert, datatype=PEM, dbdir=None): + return _get_der_field(cert, datatype, dbdir, 'issuer') + +def get_der_serial_number(cert, datatype=PEM, dbdir=None): + return _get_der_field(cert, datatype, dbdir, 'serialNumber') + +def get_der_public_key_info(cert, datatype=PEM, dbdir=None): + return _get_der_field(cert, datatype, dbdir, 'subjectPublicKeyInfo') + def make_pem(data): """ Convert a raw base64-encoded blob into something that looks like a PE |