diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2017-06-04 13:36:58 -0400 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-06-04 07:36:58 -1000 |
commit | 6a0718faddbc7b6b57f86417f6daa468c18ea248 (patch) | |
tree | 624fe16cf368a13cbbd7370b2a4780fa5da76c91 /src/cryptography/hazmat/backends/openssl/x509.py | |
parent | 140ec5d6e2167692ba5619b368f44a1b07f96a4a (diff) | |
download | cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.gz cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.tar.bz2 cryptography-6a0718faddbc7b6b57f86417f6daa468c18ea248.zip |
Refs #3461 -- parse SCTs from x.509 extension (#3480)
* Stub API for SCTs, feedback wanted
* grr, flake8
* finish up the __init__
* Initial implementation and tests
* write a test. it fails because computer
* get the tests passing and fix some TODOs
* changelog entry
* This can go now
* Put a skip in this test
* grump
* Removed unreachable code
* moved changelog to the correct section
* Use the deocrator for expressing requirements
* This needs f for the right entry_type
* coverage
* syntax error
* tests for coverage
* better sct eq tests
* docs
* technically correct, the most useless kind of correct
* typo and more details
* bug
* drop __eq__
Diffstat (limited to 'src/cryptography/hazmat/backends/openssl/x509.py')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 5b3304f3..43456382 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -4,6 +4,7 @@ from __future__ import absolute_import, division, print_function +import datetime import operator import warnings @@ -433,3 +434,43 @@ class _CertificateSigningRequest(object): return False return True + + +@utils.register_interface( + x509.certificate_transparency.SignedCertificateTimestamp +) +class _SignedCertificateTimestamp(object): + def __init__(self, backend, sct_list, sct): + self._backend = backend + # Keep the SCT_LIST that this SCT came from alive. + self._sct_list = sct_list + self._sct = sct + + @property + def version(self): + version = self._backend._lib.SCT_get_version(self._sct) + assert version == self._backend._lib.SCT_VERSION_V1 + return x509.certificate_transparency.Version.v1 + + @property + def log_id(self): + out = self._backend._ffi.new("unsigned char **") + log_id_length = self._backend._lib.SCT_get0_log_id(self._sct, out) + assert log_id_length >= 0 + return self._backend._ffi.buffer(out[0], log_id_length)[:] + + @property + def timestamp(self): + timestamp = self._backend._lib.SCT_get_timestamp(self._sct) + milliseconds = timestamp % 1000 + return datetime.datetime.utcfromtimestamp( + timestamp // 1000 + ).replace(microsecond=milliseconds * 1000) + + @property + def entry_type(self): + entry_type = self._backend._lib.SCT_get_log_entry_type(self._sct) + # We currently only support loading SCTs from the X.509 extension, so + # we only have precerts. + assert entry_type == self._backend._lib.CT_LOG_ENTRY_TYPE_PRECERT + return x509.certificate_transparency.LogEntryType.PRE_CERTIFICATE |