1 # Author: Trevor Perrin
2 # See the LICENSE file for legal information regarding use of this file.
4 """Class representing an X.509 certificate chain."""
6 from .utils import cryptomath
7 from .utils.tackwrapper import *
8 from .utils.pem import *
11 class X509CertChain(object):
12 """This class represents a chain of X.509 certificates.
15 @ivar x509List: A list of L{tlslite.x509.X509} instances,
16 starting with the end-entity certificate and with every
17 subsequent certificate certifying the previous.
20 def __init__(self, x509List=None):
21 """Create a new X509CertChain.
24 @param x509List: A list of L{tlslite.x509.X509} instances,
25 starting with the end-entity certificate and with every
26 subsequent certificate certifying the previous.
29 self.x509List = x509List
33 def parsePemList(self, s):
34 """Parse a string containing a sequence of PEM certs.
36 Raise a SyntaxError if input is malformed.
39 bList = dePemList(s, "CERTIFICATE")
44 self.x509List = x509List
46 def getNumCerts(self):
47 """Get the number of certificates in this chain.
51 return len(self.x509List)
53 def getEndEntityPublicKey(self):
54 """Get the public key from the end-entity certificate.
56 @rtype: L{tlslite.utils.rsakey.RSAKey}
58 if self.getNumCerts() == 0:
59 raise AssertionError()
60 return self.x509List[0].publicKey
62 def getFingerprint(self):
63 """Get the hex-encoded fingerprint of the end-entity certificate.
66 @return: A hex-encoded fingerprint.
68 if self.getNumCerts() == 0:
69 raise AssertionError()
70 return self.x509List[0].getFingerprint()
72 def checkTack(self, tack):
74 tlsCert = TlsCertificate(self.x509List[0].bytes)
75 if tlsCert.matches(tack):
80 """Get the TACK and/or Break Sigs from a TACK Cert in the chain."""
82 # Search list in backwards order
83 for x509 in self.x509List[::-1]:
84 tlsCert = TlsCertificate(x509.bytes)
87 raise SyntaxError("Multiple TACK Extensions")
89 tackExt = tlsCert.tackExt