-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for signature & tbs_certificate to Certificate #2387
Changes from 2 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -382,6 +382,26 @@ X.509 Certificate Object | |
<Extension(oid=<ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>, critical=False, value=<CertificatePolicies([<PolicyInformation(policy_identifier=<ObjectIdentifier(oid=2.16.840.1.101.3.2.1.48.1, name=Unknown OID)>, policy_qualifiers=None)>])>)> | ||
<Extension(oid=<ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>, critical=True, value=<BasicConstraints(ca=True, path_length=None)>)> | ||
|
||
.. attribute:: signature | ||
|
||
.. versionadded:: 1.2 | ||
|
||
:type: bytes | ||
|
||
The bytes of the certificate's signature. | ||
|
||
.. attribute:: tbs_certificate | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this the right way to expose this data? It feels a bit ad-hoc compared to There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure what the best approach is here. tbsCertificate is a subset of the ASN1 that makes up the complete certificate object. I don't think I'd like it in |
||
|
||
.. versionadded:: 1.2 | ||
|
||
:type: bytes | ||
|
||
The DER encoded bytes payload (as defined by :rfc:`5280`) that is hashed | ||
and then signed by the private key of the certificate's issuer. This | ||
data may be used to validate a signature, but use extreme caution as | ||
certificate validation is a complex problem that involves much more | ||
than just signature checks. | ||
|
||
.. method:: public_bytes(encoding) | ||
|
||
.. versionadded:: 1.0 | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -322,6 +322,20 @@ def signature_hash_algorithm(self): | |
def extensions(self): | ||
return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509) | ||
|
||
@property | ||
def signature(self): | ||
return self._backend._asn1_string_to_bytes(self._x509.signature) | ||
|
||
@property | ||
def tbs_certificate(self): | ||
pp = self._backend._ffi.new("unsigned char **") | ||
res = self._backend._lib.i2d_X509_CINF(self._x509.cert_info, pp) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you add a comment that says that X509_CINF holds all the tbs data |
||
self._backend.openssl_assert(res > 0) | ||
pp = self._backend._ffi.gc( | ||
pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0]) | ||
) | ||
return self._backend._ffi.buffer(pp[0], res)[:] | ||
|
||
def public_bytes(self, encoding): | ||
bio = self._backend._create_mem_bio() | ||
if encoding is serialization.Encoding.PEM: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need some words to express that you probably don't want to use this?