1
2
3
4
5
6
7 """Class representing an X.509 certificate."""
8
9 from .utils.asn1parser import ASN1Parser
10 from .utils.cryptomath import *
11 from .utils.keyfactory import _createPublicRSAKey
12
13
15 """This class represents an X.509 certificate.
16
17 @type bytes: L{bytearray} of unsigned bytes
18 @ivar bytes: The DER-encoded ASN.1 certificate
19
20 @type publicKey: L{tlslite.utils.rsakey.RSAKey}
21 @ivar publicKey: The subject public key from the certificate.
22
23 @type subject: L{array.array} of unsigned bytes
24 @ivar subject: The DER-encoded ASN.1 subject distinguished name.
25 """
26
31
33 """Parse a PEM-encoded X.509 certificate.
34
35 @type s: str
36 @param s: A PEM-encoded X.509 certificate (i.e. a base64-encoded
37 certificate wrapped with "-----BEGIN CERTIFICATE-----" and
38 "-----END CERTIFICATE-----" tags).
39 """
40
41 start = s.find("-----BEGIN CERTIFICATE-----")
42 end = s.find("-----END CERTIFICATE-----")
43 if start == -1:
44 raise SyntaxError("Missing PEM prefix")
45 if end == -1:
46 raise SyntaxError("Missing PEM postfix")
47 s = s[start+len("-----BEGIN CERTIFICATE-----") : end]
48
49 bytes = base64ToBytes(s)
50 self.parseBinary(bytes)
51 return self
52
54 """Parse a DER-encoded X.509 certificate.
55
56 @type bytes: str or L{bytearray} of unsigned bytes
57 @param bytes: A DER-encoded X.509 certificate.
58 """
59
60 if isinstance(bytes, type("")):
61 bytes = stringToBytes(bytes)
62
63 self.bytes = bytes
64 p = ASN1Parser(bytes)
65
66
67 tbsCertificateP = p.getChild(0)
68
69
70
71 if tbsCertificateP.value[0]==0xA0:
72 subjectPublicKeyInfoIndex = 6
73 else:
74 subjectPublicKeyInfoIndex = 5
75
76
77 self.subject = tbsCertificateP.getChildBytes(\
78 subjectPublicKeyInfoIndex - 1)
79
80
81 subjectPublicKeyInfoP = tbsCertificateP.getChild(\
82 subjectPublicKeyInfoIndex)
83
84
85 algorithmP = subjectPublicKeyInfoP.getChild(0)
86 rsaOID = algorithmP.value
87 if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]:
88 raise SyntaxError("Unrecognized AlgorithmIdentifier")
89
90
91 subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1)
92
93
94 if (subjectPublicKeyP.value[0] !=0):
95 raise SyntaxError()
96 subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:])
97
98
99 modulusP = subjectPublicKeyP.getChild(0)
100 publicExponentP = subjectPublicKeyP.getChild(1)
101
102
103 n = bytesToNumber(modulusP.value)
104 e = bytesToNumber(publicExponentP.value)
105
106
107 self.publicKey = _createPublicRSAKey(n, e)
108
110 """Get the hex-encoded fingerprint of this certificate.
111
112 @rtype: str
113 @return: A hex-encoded fingerprint.
114 """
115 return sha1(bytesToString(self.bytes)).hexdigest()
116
119