add support for Certificate signature and tbs_certificate

author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-10-01 16:50:42 -0500
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-11-03 15:00:10 +0900
commit: d91e7c1d3fa1bece0e77262b46d9992271fd24b0 (patch)
tree: 4bf4ac0adfe53723d6b72273c6e1b3645041e523 /src
parent: 5f80d6cd7bb3c2275de2fbad4ac6a24a15709b66 (diff)
download: cryptography-d91e7c1d3fa1bece0e77262b46d9992271fd24b0.tar.gz
cryptography-d91e7c1d3fa1bece0e77262b46d9992271fd24b0.tar.bz2
cryptography-d91e7c1d3fa1bece0e77262b46d9992271fd24b0.zip
4 files changed, 29 insertions, 1 deletions
diff --git a/src/_cffi_src/openssl/asn1.py b/src/_cffi_src/openssl/asn1.py
index 259adf19..ddf4b9c5 100644
--- a/src/_cffi_src/openssl/asn1.py
+++ b/src/_cffi_src/openssl/asn1.py
@@ -23,7 +23,7 @@ struct asn1_string_st {
 
 typedef struct asn1_string_st ASN1_OCTET_STRING;
 typedef struct asn1_string_st ASN1_IA5STRING;
-typedef ... ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_BIT_STRING;
 typedef ... ASN1_OBJECT;
 typedef struct asn1_string_st ASN1_STRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 468d74ea..2024101b 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -71,6 +71,7 @@ typedef struct {
 typedef struct {
     X509_ALGOR *sig_alg;
     X509_CINF *cert_info;
+    ASN1_BIT_STRING *signature;
     ...;
 } X509;
 
@@ -257,6 +258,7 @@ void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *);
 """
 
 MACROS = """
+int i2d_X509_CINF(X509_CINF *, unsigned char **);
 long X509_get_version(X509 *);
 
 ASN1_TIME *X509_get_notBefore(X509 *);
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 1ba59b68..0e5ab914 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -322,6 +322,20 @@ class _Certificate(object):
     def extensions(self):
         return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509)
 
+    @property
+    def signature(self):
+        return self._backend._asn1_string_to_bytes(self._x509.signature)
+
+    @property
+    def tbs_certificate(self):
+        pp = self._backend._ffi.new("unsigned char **")
+        res = self._backend._lib.i2d_X509_CINF(self._x509.cert_info, pp)
+        self._backend.openssl_assert(res > 0)
+        pp = self._backend._ffi.gc(
+            pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
+        )
+        return self._backend._ffi.buffer(pp[0], res)[:]
+
     def public_bytes(self, encoding):
         bio = self._backend._create_mem_bio()
         if encoding is serialization.Encoding.PEM:
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 01eadfcb..53893a1f 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -117,6 +117,18 @@ class Certificate(object):
         Returns an Extensions object.
         """
 
+    @abc.abstractproperty
+    def signature(self):
+        """
+        Returns the signature bytes.
+        """
+
+    @abc.abstractproperty
+    def tbs_certificate(self):
+        """
+        Returns the tbsCertificate payload bytes as defined in RFC 5280.
+        """
+
     @abc.abstractmethod
     def __eq__(self, other):
         """
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-10-01 16:50:42 -0500
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-11-03 15:00:10 +0900
commit	d91e7c1d3fa1bece0e77262b46d9992271fd24b0 (patch)
tree	4bf4ac0adfe53723d6b72273c6e1b3645041e523 /src
parent	5f80d6cd7bb3c2275de2fbad4ac6a24a15709b66 (diff)
download	cryptography-d91e7c1d3fa1bece0e77262b46d9992271fd24b0.tar.gz cryptography-d91e7c1d3fa1bece0e77262b46d9992271fd24b0.tar.bz2 cryptography-d91e7c1d3fa1bece0e77262b46d9992271fd24b0.zip