4 * Copyright (C) AB Strakt
5 * Copyright (C) Jean-Paul Calderone
6 * See LICENSE for details.
8 * X.509 Request handling, mostly thin wrapping.
9 * See the file RATIONALE for a short explanation of why this module was written.
16 static char crypto_X509Req_get_subject_doc[] = "\n\
17 Create an X509Name object for the subject of the certificate request\n\
19 @return: An X509Name object\n\
23 crypto_X509Req_get_subject(crypto_X509ReqObj *self, PyObject *args)
25 crypto_X509NameObj *crypto_X509Name_New(X509_NAME *, int);
27 crypto_X509NameObj* pyname;
29 if (!PyArg_ParseTuple(args, ":get_subject"))
32 if ((name = X509_REQ_get_subject_name(self->x509_req)) == NULL)
34 exception_from_error_queue(crypto_Error);
37 if ((pyname = crypto_X509Name_New(name, 0)) != NULL) {
38 pyname->parent_cert = (PyObject *)self;
41 return (PyObject *)pyname;
44 static char crypto_X509Req_get_pubkey_doc[] = "\n\
45 Get the public key from the certificate request\n\
47 @return: The public key\n\
51 crypto_X509Req_get_pubkey(crypto_X509ReqObj *self, PyObject *args)
53 crypto_PKeyObj *crypto_PKey_New(EVP_PKEY *, int);
55 crypto_PKeyObj *py_pkey;
57 if (!PyArg_ParseTuple(args, ":get_pubkey"))
60 if ((pkey = X509_REQ_get_pubkey(self->x509_req)) == NULL)
62 exception_from_error_queue(crypto_Error);
66 py_pkey = crypto_PKey_New(pkey, 1);
67 if (py_pkey != NULL) {
68 py_pkey->only_public = 1;
70 return (PyObject *)py_pkey;
73 static char crypto_X509Req_set_pubkey_doc[] = "\n\
74 Set the public key of the certificate request\n\
76 @param pkey: The public key to use\n\
81 crypto_X509Req_set_pubkey(crypto_X509ReqObj *self, PyObject *args)
85 if (!PyArg_ParseTuple(args, "O!:set_pubkey", &crypto_PKey_Type, &pkey))
88 if (!X509_REQ_set_pubkey(self->x509_req, pkey->pkey))
90 exception_from_error_queue(crypto_Error);
98 static char crypto_X509Req_sign_doc[] = "\n\
99 Sign the certificate request using the supplied key and digest\n\
101 @param pkey: The key to sign with\n\
102 @param digest: The message digest to use\n\
107 crypto_X509Req_sign(crypto_X509ReqObj *self, PyObject *args)
109 crypto_PKeyObj *pkey;
111 const EVP_MD *digest;
113 if (!PyArg_ParseTuple(args, "O!s:sign", &crypto_PKey_Type, &pkey,
117 if (pkey->only_public) {
118 PyErr_SetString(PyExc_ValueError, "Key has only public part");
122 if (!pkey->initialized) {
123 PyErr_SetString(PyExc_ValueError, "Key is uninitialized");
127 if ((digest = EVP_get_digestbyname(digest_name)) == NULL)
129 PyErr_SetString(PyExc_ValueError, "No such digest method");
133 if (!X509_REQ_sign(self->x509_req, pkey->pkey, digest))
135 exception_from_error_queue(crypto_Error);
143 static char crypto_X509Req_verify_doc[] = "\n\
144 Verifies a certificate request using the supplied public key\n\
146 @param key: a public key\n\
147 @return: True if the signature is correct.\n\
148 @raise OpenSSL.crypto.Error: If the signature is invalid or there is a\n\
149 problem verifying the signature.\n\
153 crypto_X509Req_verify(crypto_X509ReqObj *self, PyObject *args)
159 if (!PyArg_ParseTuple(args, "O!:verify", &crypto_PKey_Type, &obj)) {
163 key = (crypto_PKeyObj *)obj;
165 if ((answer = X509_REQ_verify(self->x509_req, key->pkey)) <= 0) {
166 exception_from_error_queue(crypto_Error);
170 return PyLong_FromLong(answer);
173 static char crypto_X509Req_add_extensions_doc[] = "\n\
174 Add extensions to the request.\n\
176 @param extensions: a sequence of X509Extension objects\n\
181 crypto_X509Req_add_extensions(crypto_X509ReqObj *self, PyObject *args)
183 PyObject *extensions;
184 crypto_X509ExtensionObj *ext;
185 STACK_OF(X509_EXTENSION) *exts;
186 int nr_of_extensions, i;
188 if (!PyArg_ParseTuple(args, "O:add_extensions", &extensions))
191 if (!PySequence_Check(extensions))
193 PyErr_SetString(PyExc_TypeError, "Expected a sequence");
197 /* Make a STACK_OF(X509_EXTENSION) from sequence */
198 if ((exts = sk_X509_EXTENSION_new_null()) == NULL)
200 exception_from_error_queue(crypto_Error);
204 /* Put the extensions in a stack */
205 nr_of_extensions = PySequence_Length(extensions);
207 for (i = 0; i < nr_of_extensions; i++)
209 ext = (crypto_X509ExtensionObj *)PySequence_GetItem(extensions, i);
210 if (!(crypto_X509Extension_Check(ext)))
212 PyErr_SetString(PyExc_ValueError,
213 "One of the elements is not an X509Extension");
214 sk_X509_EXTENSION_free(exts);
217 sk_X509_EXTENSION_push(exts, ext->x509_extension);
220 if (!X509_REQ_add_extensions(self->x509_req, exts))
222 sk_X509_EXTENSION_free(exts);
223 exception_from_error_queue(crypto_Error);
227 sk_X509_EXTENSION_free(exts);
233 static char crypto_X509Req_set_version_doc[] = "\n\
234 Set the version subfield (RFC 2459, section 4.1.2.1) of the certificate\n\
237 @param version: The version number\n\
242 crypto_X509Req_set_version(crypto_X509ReqObj *self, PyObject *args)
246 if (!PyArg_ParseTuple(args, "l:set_version", &version)) {
250 if (!X509_REQ_set_version(self->x509_req, version)) {
258 static char crypto_X509Req_get_version_doc[] = "\n\
259 Get the version subfield (RFC 2459, section 4.1.2.1) of the certificate\n\
262 @return: an integer giving the value of the version subfield\n\
266 crypto_X509Req_get_version(crypto_X509ReqObj *self, PyObject *args)
270 if (!PyArg_ParseTuple(args, ":get_version")) {
274 version = X509_REQ_get_version(self->x509_req);
276 return PyLong_FromLong(version);
280 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
281 * { 'name', (PyCFunction)crypto_X509Req_name, METH_VARARGS }
284 #define ADD_METHOD(name) \
285 { #name, (PyCFunction)crypto_X509Req_##name, METH_VARARGS, crypto_X509Req_##name##_doc }
286 static PyMethodDef crypto_X509Req_methods[] =
288 ADD_METHOD(get_subject),
289 ADD_METHOD(get_pubkey),
290 ADD_METHOD(set_pubkey),
293 ADD_METHOD(add_extensions),
294 ADD_METHOD(set_version),
295 ADD_METHOD(get_version),
302 * Constructor for X509Req, never called by Python code directly
304 * Arguments: name - A "real" X509_REQ object
305 * dealloc - Boolean value to specify whether the destructor should
306 * free the "real" X509_REQ object
307 * Returns: The newly created X509Req object
310 crypto_X509Req_New(X509_REQ *req, int dealloc)
312 crypto_X509ReqObj *self;
314 self = PyObject_New(crypto_X509ReqObj, &crypto_X509Req_Type);
319 self->x509_req = req;
320 self->dealloc = dealloc;
326 static char crypto_X509Req_doc[] = "\n\
327 X509Req() -> X509Req instance\n\
329 Create a new X509Req object.\n\
331 @return: The X509Req object\n\
335 crypto_X509Req_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
336 if (!PyArg_ParseTuple(args, ":X509Req")) {
340 return (PyObject *)crypto_X509Req_New(X509_REQ_new(), 1);
345 * Deallocate the memory used by the X509Req object
347 * Arguments: self - The X509Req object
351 crypto_X509Req_dealloc(crypto_X509ReqObj *self)
353 /* Sometimes we don't have to dealloc this */
355 X509_REQ_free(self->x509_req);
361 PyTypeObject crypto_X509Req_Type = {
362 PyOpenSSL_HEAD_INIT(&PyType_Type, 0)
364 sizeof(crypto_X509ReqObj),
366 (destructor)crypto_X509Req_dealloc,
372 NULL, /* as_number */
373 NULL, /* as_sequence */
374 NULL, /* as_mapping */
380 NULL, /* as_buffer */
382 crypto_X509Req_doc, /* doc */
385 NULL, /* tp_richcompare */
386 0, /* tp_weaklistoffset */
388 NULL, /* tp_iternext */
389 crypto_X509Req_methods, /* tp_methods */
390 NULL, /* tp_members */
391 NULL, /* tp_getset */
394 NULL, /* tp_descr_get */
395 NULL, /* tp_descr_set */
396 0, /* tp_dictoffset */
399 crypto_X509Req_new, /* tp_new */
404 * Initialize the X509Req part of the crypto module
406 * Arguments: module - The crypto module
410 init_crypto_x509req(PyObject *module)
412 if (PyType_Ready(&crypto_X509Req_Type) < 0) {
416 if (PyModule_AddObject(module, "X509Req", (PyObject *)&crypto_X509Req_Type) != 0) {
420 if (PyModule_AddObject(module, "X509ReqType", (PyObject *)&crypto_X509Req_Type) != 0) {