;ò ‡D?c@sìdZdkZdkZdkZdkZdkZdklZdkZdk Z dk Z dk Z dei fd„ƒYZ de fd„ƒYZde fd„ƒYZd fd „ƒYZd efd „ƒYZd efd„ƒYZdS(s x509.py - X.509 certificate objects (c) by Michael Stroeder This module is distributed under the terms of the GPL (GNU GENERAL PUBLIC LICENSE) Version 2 (see http://www.gnu.org/copyleft/gpl.html) $Id: x509.py,v 1.10 2003/08/21 08:47:07 michael Exp $ N(sasn1s AttributecBs tZdZd„Zd„ZRS(s Base class for all attributes and extensions. Do not use directly! Just for saving typing methods again and again... cCs ||_dS(N(svalsself(sselfsval((s./pylib/mspki/x509.pys__init__scCsd|ii|fSdS(Ns (sselfs __class__s__name__(sself((s./pylib/mspki/x509.pys__repr__s(s__name__s __module__s__doc__s__init__s__repr__(((s./pylib/mspki/x509.pys Attributes  sVersioncBs tZdZd„Zd„ZRS(s [0] EXPLICIT Version DEFAULT v1cCs-|itjodSnt|iƒdSdS(Ni(sselfsvalsNonesint(sself((s./pylib/mspki/x509.pys__int__$scCs:|itjotdƒSnd|id|ifSdS(Nis %d (0x%X)(sselfsvalsNonesstr(sself((s./pylib/mspki/x509.pys__str__*s(s__name__s __module__s__doc__s__int__s__str__(((s./pylib/mspki/x509.pysVersion!s  sCertificateSerialNumbercBs2tZdZd„Zd„Zd„Zd„ZRS(s#CertificateSerialNumber ::= INTEGERcCs9t|ƒtdƒjoti|ƒ}n||_dS(Ns(stypesvalsutils bytestolongsself(sselfsval((s./pylib/mspki/x509.pys__init__4scCst|iƒSdS(N(sintsselfsval(sself((s./pylib/mspki/x509.pys__int__9scCst|iƒSdS(N(shexsselfsval(sself((s./pylib/mspki/x509.pys__hex__<scCs6|itjod|i|ifSn ttƒSdS(Ns %d (0x%X)(sselfsvalsNonesrepr(sself((s./pylib/mspki/x509.pys__str__?s(s__name__s __module__s__doc__s__init__s__int__s__hex__s__str__(((s./pylib/mspki/x509.pysCertificateSerialNumber1s    sX509SignedObjectcBs/tZdZdd„Zed„Zd„ZRS(s] Base class for X.509 certificates and CRLs This class should not be used directly! sdercCs§ti|ƒ}|djoti|ƒ|_nr|djotiti |ƒƒ|_nF|djo(tit i ti |ƒƒƒ|_nt d|f‚dS(Nsderspemsbase64sIValue %s for parameter inform invalid. Must be either DER, PEM or BASE64.(sstringslowersinformsasn1sparsesbufsselfsvalsutilspem2dersbase64s decodestringsstrips ValueError(sselfsbufsinform((s./pylib/mspki/x509.pys__init__Ms   (cCs?|o"ti|idid|ƒSn|ididSdS(s&Algorithm used when creating signatureiiN(soidss asn1helpersGetOIDDescriptionsselfsval(sselfsoids((s./pylib/mspki/x509.pyssignatureAlgorithmas"cCs|idiSdS(sCertificate's signature valueiN(sselfsval(sself((s./pylib/mspki/x509.pyssignatureValuehs(s__name__s __module__s__doc__s__init__sNonessignatureAlgorithmssignatureValue(((s./pylib/mspki/x509.pysX509SignedObjectFs   s CertificatecBs•tZdZdd„Zd„Zd„Zed„Zd„Zd„Z d„Z ed „Z d d „Z d d „Z d „Zd„Zed„ZRS(s´ Class for X.509 certificates Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version shall be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version shall be v3 } sdercCsÃti|||ƒ|id|_ti|ƒi ƒ|_ t i|ƒi ƒ|_ t |iddƒo|ididjo&t|idiƒ|_d|_nttƒ|_d|_dS(Nistagi(sX509SignedObjects__init__sselfsbufsinformsvalstbsCertificatesmd5snewsdigests md5_digestsshas sha1_digestshasattrstagsVersions __version__s __tbsoffset__sNone(sselfsbufsinform((s./pylib/mspki/x509.pys__init__‡s. cCs |iSdS(s+X.509 certificate version number as integerN(sselfs __version__(sself((s./pylib/mspki/x509.pysversionšscCst|i|idƒSdS(s+Certificate's serial number as long integeriN(sCertificateSerialNumbersselfstbsCertificates __tbsoffset__(sself((s./pylib/mspki/x509.pys serialNumberžscCsM|o)ti|i|idid|ƒSn|i|ididSdS(sCertificate's signatureiiN(soidss asn1helpersGetOIDDescriptionsselfstbsCertificates __tbsoffset__sval(sselfsoids((s./pylib/mspki/x509.pys signature¢s)cCsti|i|idƒSdS(sIssuer's distinguished nameiN(sx500sNamesselfstbsCertificates __tbsoffset__(sself((s./pylib/mspki/x509.pysissuer©scCsJti|i|iddiƒti|i|iddiƒfSdS(s¢ Returns tuple (notBefore,notAfter) notBefore, notAfter are instances of utctime.UTCTime containing UTCTime of begin and end of validity period. iiiN(sutctimesUTCTimesselfstbsCertificates __tbsoffset__sval(sself((s./pylib/mspki/x509.pysvalidity­scCsti|i|idƒSdS(sSubject's distinguished nameiN(sx500sNamesselfstbsCertificates __tbsoffset__(sself((s./pylib/mspki/x509.pyssubject¹scCs™|o2ti|i|ididid|ƒ}n#|i|ididid}ti |i|ididiƒ\}}|||fSdS(sSubject's public keyiiiN( soidss asn1helpersGetOIDDescriptionsselfstbsCertificates __tbsoffset__svalsalgsasn1sparsesmodulusspublicExponent(sselfsoidsspublicExponentsalgsmodulus((s./pylib/mspki/x509.pyssubjectPublicKeyInfo½s 2"-s:cCsti|i|ƒSdS(s<MD5 fingerprint in dotted notation (delimiter between bytes)N(sutils HexStringsselfs md5_digests delimiter(sselfs delimiter((s./pylib/mspki/x509.pysMD5FingerprintÆscCsti|i|ƒSdS(sEReturn SHA-1 fingerprint in dotted notation (delimiter between bytes)N(sutils HexStringsselfs sha1_digests delimiter(sselfs delimiter((s./pylib/mspki/x509.pysSHA1FingerprintÊscCsvxkt|idt|iƒƒD]J}t|i|tiƒo*|i|i djo|i|Sqjq q Wt SdS(sGet subjectUniqueID (tag 1)iiN( srangesselfs __tbsoffset__slenstbsCertificatesis isinstancesasn1s ContextualstagsNone(sselfsi((s./pylib/mspki/x509.pysissuerUniqueIDÎs cCsvxkt|idt|iƒƒD]J}t|i|tiƒo*|i|i djo|i|Sqjq q Wt SdS(sGet subjectUniqueID (tag 2)iiN( srangesselfs __tbsoffset__slenstbsCertificatesis isinstancesasn1s ContextualstagsNone(sselfsi((s./pylib/mspki/x509.pyssubjectUniqueIDÖs c Cs|iƒ\}}|i|ƒ\}}}t i |dƒ}|i ƒ}d|i ƒ||i|ƒ|iƒi|ƒ|||iƒi|ƒ|dt|ƒdt|ƒt ihdd<dd<|dj|d d d d ƒ|||i|ƒt i|iƒd d d dƒfSdS(s.Try to mimique the as_text() output of OpenSSLi€s¦Certificate: Data: Version: %s Serial Number: %s Signature Algorithm: %s Issuer: %s Validity Not Before: %s Not After : %s Subject: %s Subject Public Key Info: Public Key Algorithm: %s RSA Public Key: (%d bit) Modulus (%d bit): %s Exponent: %d (0x%X) Signature Algorithm: %s %s iisislswrapiBsindentii@N(sselfsvaliditys notBeforesnotAfterssubjectPublicKeyInfosoidsssubjectPublicKeyAlgssubjectPublicKeyModulusssubjectPublicKeyExponentsutils longtobytesssubjectPublicKeyModulus_strs serialNumbersversions signaturesissuers__str__ssubjectslens HexStringssignatureAlgorithmssignatureValue( sselfsoidss notBefores serialNumberssubjectPublicKeyModulussnotAfterssubjectPublicKeyModulus_strssubjectPublicKeyExponentssubjectPublicKeyAlg((s./pylib/mspki/x509.pysas_textÞs  (s__name__s __module__s__doc__s__init__sversions serialNumbersNones signaturesissuersvalidityssubjectssubjectPublicKeyInfosMD5FingerprintsSHA1FingerprintsissuerUniqueIDssubjectUniqueIDsas_text(((s./pylib/mspki/x509.pys Certificatems           sCRLcBs_tZdZdd„Zd„Zed„Zd„Zd„Zd„Z d„Z ed „Z RS( sò Class for X.509 CRLs CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, shall be v2 signature AlgorithmIdentifier, issuer Name, thisUpdate Time, nextUpdate Time OPTIONAL, revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate Time, crlEntryExtensions Extensions OPTIONAL -- if present, shall be v2 } OPTIONAL, crlExtensions [0] EXPLICIT Extensions OPTIONAL -- if present, shall be v2 } sdercCs|ti|||ƒ|id|_t|idti ƒot t ƒ|_ d|_ n t |idƒ|_ d|_ dS(Nii(sX509SignedObjects__init__sselfsbufsinformsvals tbsCertLists isinstancesasn1sSequencesVersionsNones __version__s __tbsoffset__(sselfsbufsinform((s./pylib/mspki/x509.pys__init__"s cCs |iSdS(s#X.509 CRL version number as integerN(sselfs __version__(sself((s./pylib/mspki/x509.pysversion/scCsM|o)ti|i|idid|ƒSn|i|ididSdS(s!Certificate's signature algorithmiN(soidss asn1helpersGetOIDDescriptionsselfs tbsCertLists __tbsoffset__sval(sselfsoids((s./pylib/mspki/x509.pys signature3s  cCsti|i|idƒSdS(sIssuer's distinguished nameiN(sx500sNamesselfs tbsCertLists __tbsoffset__(sself((s./pylib/mspki/x509.pysissuer=scCs"ti|i|idiƒSdS(s Returns time tuple of thisUpdateiN(sutctimesUTCTimesselfs tbsCertLists __tbsoffset__sval(sself((s./pylib/mspki/x509.pys thisUpdateAscCslt|i|idtiƒpt|i|idtiƒo"ti|i|idiƒSnt SdS(s;Returns utctime.UTCTime of nextUpdate if present, None elseiN( s isinstancesselfs tbsCertLists __tbsoffset__sasn1sUTCTimesGeneralizedTimesutctimesvalsNone(sself((s./pylib/mspki/x509.pys nextUpdateEsB"cCs"g}t|iƒ|iddjo:t|i|iddƒ p|i|ididjo¶x³|i|idiD]–}t|ƒ}|ddgjo*|d}t i t |diƒƒ}ntd|f‚|djo|d}nt}|i|||fƒq|Wn|SdS( s- Get list of revoked certificates. Each list member is a tuple ( userCertificate, # serial number of revoked certificate # as long integer revocationDate, # time tuple of revocation timestamp crlEntryExtensions # optional (None if not present) ) iistagiiis9Item in revokedCertificates list has invalid length (%d).N(s revokeListslensselfs tbsCertLists __tbsoffset__shasattrstagsvalsisi_lensuserCertificatesutctimesUTCTimesstrsrevocationDates ValueErrorscrlEntryExtensionssNonesappend(sselfsi_lensisuserCertificatesrevocationDates revokeListscrlEntryExtensions((s./pylib/mspki/x509.pysrevokedCertificatesMs ^    cCs­|iƒ}|o"titd„|ƒdƒ}nd}d|iƒ|i|ƒ|i ƒi |ƒ|i ƒ|i ƒ||i|ƒti|iƒddddƒfSdS( NcCsd|d|dfS(Ns1 Serial Number: %d Revocation Date: %sii(sx(sx((s./pylib/mspki/x509.pysrss sNonesÑCertificate Revocation List (CRL): Version %X Signature Algorithm: %s Issuer: %s Last Update: %s Next Update: %s Revoked Certificates: %s Signature Algorithm: %s %s swrapi@sindenti(sselfsrevokedCertificatess revokeListsstringsjoinsmapsrevokeList_strsversions signaturesoidssissuers__str__s thisUpdates nextUpdatessignatureAlgorithmsutils HexStringssignatureValue(sselfsoidssrevokeList_strs revokeList((s./pylib/mspki/x509.pysas_textms  ( s__name__s __module__s__doc__s__init__sversionsNones signaturesissuers thisUpdates nextUpdatesrevokedCertificatessas_text(((s./pylib/mspki/x509.pysCRLs      (s__doc__ssyssstringsbase64smd5sshaspiscessasn1sutctimesutilsx500s asn1helpers ASN1Objects AttributesVersionsCertificateSerialNumbersX509SignedObjects CertificatesCRL(sutilsstrings Certificatesx500s Attributes asn1helpersbase64sasn1ssyssshasutctimesVersionsCertificateSerialNumbersX509SignedObjectsCRLsmd5((s./pylib/mspki/x509.pys? s- $ 'š