diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-02 14:58:02 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-02 14:58:02 +0000 |
| commit | 4317ccc735d9503b3a7c9f0a7043770322dd4bd9 (patch) | |
| tree | 73955dcfb3071054b5c4b687912a63cf1b2b08fe /third_party/tlslite | |
| parent | 88dbeefd2138789f1b9774e27d9a59da7b88143c (diff) | |
| download | chromium_src-4317ccc735d9503b3a7c9f0a7043770322dd4bd9.zip chromium_src-4317ccc735d9503b3a7c9f0a7043770322dd4bd9.tar.gz chromium_src-4317ccc735d9503b3a7c9f0a7043770322dd4bd9.tar.bz2 | |
Support reading PEM files in TLSLite
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/9515015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124637 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/tlslite')
| -rw-r--r-- | third_party/tlslite/README.chromium | 6 | ||||
| -rw-r--r-- | third_party/tlslite/patches/parse_chain.patch | 89 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/X509.py | 1 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/X509CertChain.py | 61 |
4 files changed, 156 insertions, 1 deletions
diff --git a/third_party/tlslite/README.chromium b/third_party/tlslite/README.chromium index bf8eb36..ea99656 100644 --- a/third_party/tlslite/README.chromium +++ b/third_party/tlslite/README.chromium @@ -1,6 +1,7 @@ Name: tlslite URL: http://trevp.net/tlslite/ -Version: unknown +Version: 0.3.8 +Security Critical: No Local Modifications: @@ -26,3 +27,6 @@ Local Modifications: default to a certificate_types of [rsa_sign] in CertificateRequest. Apple's Secure Transport library rejects an empty list and raises an SSL protocol error. +- patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were + updated to add a parseChain method, that can parse multiple certificates from + a PEM string. diff --git a/third_party/tlslite/patches/parse_chain.patch b/third_party/tlslite/patches/parse_chain.patch new file mode 100644 index 0000000..3a54733 --- /dev/null +++ b/third_party/tlslite/patches/parse_chain.patch @@ -0,0 +1,89 @@ +diff -aurb tlslite-0.3.8/tlslite/X509.py chromium/tlslite/X509.py +--- tlslite-0.3.8/tlslite/X509.py Fri Mar 19 18:43:19 2004 ++++ chromium/tlslite/X509.py Wed Feb 29 11:53:54 2012 +@@ -91,6 +91,7 @@ + + #Create a public key instance + self.publicKey = _createPublicRSAKey(n, e) ++ return self + + def getFingerprint(self): + """Get the hex-encoded fingerprint of this certificate. +diff -aurb tlslite-0.3.8/tlslite/X509CertChain.py chromium/tlslite/X509CertChain.py +--- tlslite-0.3.8/tlslite/X509CertChain.py Fri Mar 19 18:49:58 2004 ++++ chromium/tlslite/X509CertChain.py Wed Feb 29 11:53:42 2012 +@@ -1,6 +1,7 @@ + """Class representing an X.509 certificate chain.""" + + from utils import cryptomath ++from X509 import X509 + + class X509CertChain: + """This class represents a chain of X.509 certificates. +@@ -23,6 +24,66 @@ + self.x509List = x509List + else: + self.x509List = [] ++ ++ def parseChain(self, s): ++ """Parse a PEM-encoded X.509 certificate file chain file. ++ ++ @type s: str ++ @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every ++ certificate wrapped within "-----BEGIN CERTIFICATE-----" and ++ "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, ++ such as human readable representations, will be ignored. ++ """ ++ ++ class PEMIterator(object): ++ """Simple iterator over PEM-encoded certificates within a string. ++ ++ @type data: string ++ @ivar data: A string containing PEM-encoded (Base64) certificates, ++ with every certificate wrapped within "-----BEGIN CERTIFICATE-----" ++ and "-----END CERTIFICATE-----" tags). Extraneous data outside such ++ tags, such as human readable representations, will be ignored. ++ ++ @type index: integer ++ @ivar index: The current offset within data to begin iterating from. ++ """ ++ ++ _CERTIFICATE_HEADER = "----BEGIN CERTIFICATE-----" ++ """The PEM encoding block header for X.509 certificates.""" ++ ++ _CERTIFICATE_FOOTER = "----END CERTIFICATE-----" ++ """The PEM encoding block footer for X.509 certificates.""" ++ ++ def __init__(self, s): ++ self.data = s ++ self.index = 0 ++ ++ def __iter__(self): ++ return self ++ ++ def next(self): ++ """Iterates and returns the next L{tlslite.X509.X509} ++ certificate in data. ++ ++ @rtype tlslite.X509.X509 ++ """ ++ ++ self.index = self.data.find(self._CERTIFICATE_HEADER, ++ self.index) ++ if self.index == -1: ++ raise StopIteration ++ end = self.data.find(self._CERTIFICATE_FOOTER, self.index) ++ if end == -1: ++ raise StopIteration ++ ++ certStr = self.data[self.index+len(self._CERTIFICATE_HEADER) : ++ end] ++ self.index = end + len(self._CERTIFICATE_FOOTER) ++ bytes = cryptomath.base64ToBytes(certStr) ++ return X509().parseBinary(bytes) ++ ++ self.x509List = list(PEMIterator(s)) ++ return self + + def getNumCerts(self): + """Get the number of certificates in this chain. diff --git a/third_party/tlslite/tlslite/X509.py b/third_party/tlslite/tlslite/X509.py index d8b8bcc..a32d879 100644 --- a/third_party/tlslite/tlslite/X509.py +++ b/third_party/tlslite/tlslite/X509.py @@ -99,6 +99,7 @@ class X509: #Create a public key instance self.publicKey = _createPublicRSAKey(n, e) + return self def getFingerprint(self): """Get the hex-encoded fingerprint of this certificate. diff --git a/third_party/tlslite/tlslite/X509CertChain.py b/third_party/tlslite/tlslite/X509CertChain.py index 6bb503e..db55fa5 100644 --- a/third_party/tlslite/tlslite/X509CertChain.py +++ b/third_party/tlslite/tlslite/X509CertChain.py @@ -1,6 +1,7 @@ """Class representing an X.509 certificate chain.""" from utils import cryptomath +from X509 import X509 class X509CertChain: """This class represents a chain of X.509 certificates. @@ -24,6 +25,66 @@ class X509CertChain: else: self.x509List = [] + def parseChain(self, s): + """Parse a PEM-encoded X.509 certificate file chain file. + + @type s: str + @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every + certificate wrapped within "-----BEGIN CERTIFICATE-----" and + "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, + such as human readable representations, will be ignored. + """ + + class PEMIterator(object): + """Simple iterator over PEM-encoded certificates within a string. + + @type data: string + @ivar data: A string containing PEM-encoded (Base64) certificates, + with every certificate wrapped within "-----BEGIN CERTIFICATE-----" + and "-----END CERTIFICATE-----" tags). Extraneous data outside such + tags, such as human readable representations, will be ignored. + + @type index: integer + @ivar index: The current offset within data to begin iterating from. + """ + + _CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----" + """The PEM encoding block header for X.509 certificates.""" + + _CERTIFICATE_FOOTER = "-----END CERTIFICATE-----" + """The PEM encoding block footer for X.509 certificates.""" + + def __init__(self, s): + self.data = s + self.index = 0 + + def __iter__(self): + return self + + def next(self): + """Iterates and returns the next L{tlslite.X509.X509} + certificate in data. + + @rtype tlslite.X509.X509 + """ + + self.index = self.data.find(self._CERTIFICATE_HEADER, + self.index) + if self.index == -1: + raise StopIteration + end = self.data.find(self._CERTIFICATE_FOOTER, self.index) + if end == -1: + raise StopIteration + + certStr = self.data[self.index+len(self._CERTIFICATE_HEADER) : + end] + self.index = end + len(self._CERTIFICATE_FOOTER) + bytes = cryptomath.base64ToBytes(certStr) + return X509().parseBinary(bytes) + + self.x509List = list(PEMIterator(s)) + return self + def getNumCerts(self): """Get the number of certificates in this chain. |