Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 94b1c249a1
Branches Tags
ydb
/
contrib
/
tools
/
python3
/
Modules
/
_ssl
/
cert.c

cert.c 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245 
  1. #include "Python.h"
    2. 

  2. #include "../_ssl.h"
    3. 

  3. 

  4. #include "openssl/err.h"
    5. 

  5. #include "openssl/bio.h"
    6. 

  6. #include "openssl/pem.h"
    7. 

  7. #include "openssl/x509.h"
    8. 

  8. 

  9. /*[clinic input]
    10. 

  10. module _ssl
    11. 

  11. class _ssl.Certificate "PySSLCertificate *" "PySSLCertificate_Type"
    12. 

  12. [clinic start generated code]*/
    13. 

  13. /*[clinic end generated code: output=da39a3ee5e6b4b0d input=780fc647948cfffc]*/
    14. 

  14. 

  15. #include "clinic/cert.c.h"
    16. 

  16. 

  17. static PyObject *
    18. 

  18. newCertificate(PyTypeObject *type, X509 *cert, int upref)
    19. 

  19. {
    20. 

  20.     PySSLCertificate *self;
    21. 

  21. 

  22.     assert(type != NULL && type->tp_alloc != NULL);
    23. 

  23.     assert(cert != NULL);
    24. 

  24. 

  25.     self = (PySSLCertificate *) type->tp_alloc(type, 0);
    26. 

  26.     if (self == NULL) {
    27. 

  27.         return NULL;
    28. 

  28.     }
    29. 

  29.     if (upref == 1) {
    30. 

  30.         X509_up_ref(cert);
    31. 

  31.     }
    32. 

  32.     self->cert = cert;
    33. 

  33.     self->hash = -1;
    34. 

  34. 

  35.     return (PyObject *) self;
    36. 

  36. }
    37. 

  37. 

  38. static PyObject *
    39. 

  39. _PySSL_CertificateFromX509(_sslmodulestate *state, X509 *cert, int upref)
    40. 

  40. {
    41. 

  41.     return newCertificate(state->PySSLCertificate_Type, cert, upref);
    42. 

  42. }
    43. 

  43. 

  44. static PyObject*
    45. 

  45. _PySSL_CertificateFromX509Stack(_sslmodulestate *state, STACK_OF(X509) *stack, int upref)
    46. 

  46. {
    47. 

  47.     int len, i;
    48. 

  48.     PyObject *result = NULL;
    49. 

  49. 

  50.     len = sk_X509_num(stack);
    51. 

  51.     result = PyList_New(len);
    52. 

  52.     if (result == NULL) {
    53. 

  53.         return NULL;
    54. 

  54.     }
    55. 

  55.     for (i = 0; i < len; i++) {
    56. 

  56.         X509 *cert = sk_X509_value(stack, i);
    57. 

  57.         PyObject *ocert = _PySSL_CertificateFromX509(state, cert, upref);
    58. 

  58.         if (ocert == NULL) {
    59. 

  59.             Py_DECREF(result);
    60. 

  60.             return NULL;
    61. 

  61.         }
    62. 

  62.         PyList_SetItem(result, i, ocert);
    63. 

  63.     }
    64. 

  64.     return result;
    65. 

  65. }
    66. 

  66. 

  67. /*[clinic input]
    68. 

  68. _ssl.Certificate.public_bytes
    69. 

  69.     format: int(c_default="PY_SSL_ENCODING_PEM") = Encoding.PEM
    70. 

  70. 

  71. [clinic start generated code]*/
    72. 

  72. 

  73. static PyObject *
    74. 

  74. _ssl_Certificate_public_bytes_impl(PySSLCertificate *self, int format)
    75. 

  75. /*[clinic end generated code: output=c01ddbb697429e12 input=4d38c45e874b0e64]*/
    76. 

  76. {
    77. 

  77.     BIO *bio;
    78. 

  78.     int retcode;
    79. 

  79.     PyObject *result;
    80. 

  80.     _sslmodulestate *state = get_state_cert(self);
    81. 

  81. 

  82.     bio = BIO_new(BIO_s_mem());
    83. 

  83.     if (bio == NULL) {
    84. 

  84.         PyErr_SetString(state->PySSLErrorObject,
    85. 

  85.                         "failed to allocate BIO");
    86. 

  86.         return NULL;
    87. 

  87.     }
    88. 

  88.     switch(format) {
    89. 

  89.     case PY_SSL_ENCODING_PEM:
    90. 

  90.         retcode = PEM_write_bio_X509(bio, self->cert);
    91. 

  91.         break;
    92. 

  92.     case PY_SSL_ENCODING_PEM_AUX:
    93. 

  93.         retcode = PEM_write_bio_X509_AUX(bio, self->cert);
    94. 

  94.         break;
    95. 

  95.     case PY_SSL_ENCODING_DER:
    96. 

  96.         retcode = i2d_X509_bio(bio, self->cert);
    97. 

  97.         break;
    98. 

  98.     default:
    99. 

  99.         PyErr_SetString(PyExc_ValueError, "Unsupported format");
    100. 

  100.         BIO_free(bio);
    101. 

  101.         return NULL;
    102. 

  102.     }
    103. 

  103.     if (retcode != 1) {
    104. 

  104.         BIO_free(bio);
    105. 

  105.         _setSSLError(state, NULL, 0, __FILE__, __LINE__);
    106. 

  106.         return NULL;
    107. 

  107.     }
    108. 

  108.     if (format == PY_SSL_ENCODING_DER) {
    109. 

  109.         result = _PySSL_BytesFromBIO(state, bio);
    110. 

  110.     } else {
    111. 

  111.         result = _PySSL_UnicodeFromBIO(state, bio, "error");
    112. 

  112.     }
    113. 

  113.     BIO_free(bio);
    114. 

  114.     return result;
    115. 

  115. }
    116. 

  116. 

  117. 

  118. /*[clinic input]
    119. 

  119. _ssl.Certificate.get_info
    120. 

  120. 

  121. [clinic start generated code]*/
    122. 

  122. 

  123. static PyObject *
    124. 

  124. _ssl_Certificate_get_info_impl(PySSLCertificate *self)
    125. 

  125. /*[clinic end generated code: output=0f0deaac54f4408b input=ba2c1694b39d0778]*/
    126. 

  126. {
    127. 

  127.     return _decode_certificate(get_state_cert(self), self->cert);
    128. 

  128. }
    129. 

  129. 

  130. static PyObject*
    131. 

  131. _x509name_print(_sslmodulestate *state, X509_NAME *name, int indent, unsigned long flags)
    132. 

  132. {
    133. 

  133.     PyObject *res;
    134. 

  134.     BIO *biobuf;
    135. 

  135. 

  136.     biobuf = BIO_new(BIO_s_mem());
    137. 

  137.     if (biobuf == NULL) {
    138. 

  138.         PyErr_SetString(PyExc_MemoryError, "failed to allocate BIO");
    139. 

  139.         return NULL;
    140. 

  140.     }
    141. 

  141. 

  142.     if (X509_NAME_print_ex(biobuf, name, indent, flags) <= 0) {
    143. 

  143.         _setSSLError(state, NULL, 0, __FILE__, __LINE__);
    144. 

  144.         BIO_free(biobuf);
    145. 

  145.         return NULL;
    146. 

  146.     }
    147. 

  147.     res = _PySSL_UnicodeFromBIO(state, biobuf, "strict");
    148. 

  148.     BIO_free(biobuf);
    149. 

  149.     return res;
    150. 

  150. }
    151. 

  151. 

  152. /* ************************************************************************
    153. 

  153.  * PySSLCertificate_Type
    154. 

  154.  */
    155. 

  155. 

  156. static PyObject *
    157. 

  157. certificate_repr(PySSLCertificate *self)
    158. 

  158. {
    159. 

  159.     PyObject *osubject, *result;
    160. 

  160. 

  161.     /* subject string is ASCII encoded, UTF-8 chars are quoted */
    162. 

  162.     osubject = _x509name_print(
    163. 

  163.         get_state_cert(self),
    164. 

  164.         X509_get_subject_name(self->cert),
    165. 

  165.         0,
    166. 

  166.         XN_FLAG_RFC2253
    167. 

  167.     );
    168. 

  168.     if (osubject == NULL)
    169. 

  169.         return NULL;
    170. 

  170.     result = PyUnicode_FromFormat(
    171. 

  171.         "<%s '%U'>",
    172. 

  172.         Py_TYPE(self)->tp_name, osubject
    173. 

  173.     );
    174. 

  174.     Py_DECREF(osubject);
    175. 

  175.     return result;
    176. 

  176. }
    177. 

  177. 

  178. static Py_hash_t
    179. 

  179. certificate_hash(PySSLCertificate *self)
    180. 

  180. {
    181. 

  181.     if (self->hash == (Py_hash_t)-1) {
    182. 

  182.         unsigned long hash;
    183. 

  183.         hash = X509_subject_name_hash(self->cert);
    184. 

  184.         if ((Py_hash_t)hash == (Py_hash_t)-1) {
    185. 

  185.             self->hash = -2;
    186. 

  186.         } else {
    187. 

  187.             self->hash = (Py_hash_t)hash;
    188. 

  188.         }
    189. 

  189.     }
    190. 

  190.     return self->hash;
    191. 

  191. }
    192. 

  192. 

  193. static PyObject *
    194. 

  194. certificate_richcompare(PySSLCertificate *self, PyObject *other, int op)
    195. 

  195. {
    196. 

  196.     int cmp;
    197. 

  197.     _sslmodulestate *state = get_state_cert(self);
    198. 

  198. 

  199.     if (Py_TYPE(other) != state->PySSLCertificate_Type) {
    200. 

  200.         Py_RETURN_NOTIMPLEMENTED;
    201. 

  201.     }
    202. 

  202.     /* only support == and != */
    203. 

  203.     if ((op != Py_EQ) && (op != Py_NE)) {
    204. 

  204.         Py_RETURN_NOTIMPLEMENTED;
    205. 

  205.     }
    206. 

  206.     cmp = X509_cmp(self->cert, ((PySSLCertificate*)other)->cert);
    207. 

  207.     if (((op == Py_EQ) && (cmp == 0)) || ((op == Py_NE) && (cmp != 0))) {
    208. 

  208.         Py_RETURN_TRUE;
    209. 

  209.     } else {
    210. 

  210.         Py_RETURN_FALSE;
    211. 

  211.     }
    212. 

  212. }
    213. 

  213. 

  214. static void
    215. 

  215. certificate_dealloc(PySSLCertificate *self)
    216. 

  216. {
    217. 

  217.     PyTypeObject *tp = Py_TYPE(self);
    218. 

  218.     X509_free(self->cert);
    219. 

  219.     Py_TYPE(self)->tp_free(self);
    220. 

  220.     Py_DECREF(tp);
    221. 

  221. }
    222. 

  222. 

  223. static PyMethodDef certificate_methods[] = {
    224. 

  224.     /* methods */
    225. 

  225.     _SSL_CERTIFICATE_PUBLIC_BYTES_METHODDEF
    226. 

  226.     _SSL_CERTIFICATE_GET_INFO_METHODDEF
    227. 

  227.     {NULL, NULL}
    228. 

  228. };
    229. 

  229. 

  230. static PyType_Slot PySSLCertificate_slots[] = {
    231. 

  231.     {Py_tp_dealloc, certificate_dealloc},
    232. 

  232.     {Py_tp_repr, certificate_repr},
    233. 

  233.     {Py_tp_hash, certificate_hash},
    234. 

  234.     {Py_tp_richcompare, certificate_richcompare},
    235. 

  235.     {Py_tp_methods, certificate_methods},
    236. 

  236.     {0, 0},
    237. 

  237. };
    238. 

  238. 

  239. static PyType_Spec PySSLCertificate_spec = {
    240. 

  240.     "_ssl.Certificate",
    241. 

  241.     sizeof(PySSLCertificate),
    242. 

  242.     0,
    243. 

  243.     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_DISALLOW_INSTANTIATION | Py_TPFLAGS_IMMUTABLETYPE,
    244. 

  244.     PySSLCertificate_slots,
    245. 

  245. };
    246.