diff options
author | Ng Pheng Siong <ngps@netmemetic.com> | 2004-03-21 13:28:41 +0000 |
---|---|---|
committer | Ng Pheng Siong <ngps@netmemetic.com> | 2004-03-21 13:28:41 +0000 |
commit | 3b12bee84a50a18905dc72c0f2dc5e098f5383e8 (patch) | |
tree | 39355e9a969a1525f32e58462d06cf590bd8f6ef /contrib | |
parent | a21c1561235055b870d4ffd9b292beefbc2ab101 (diff) | |
download | m2crypto-3b12bee84a50a18905dc72c0f2dc5e098f5383e8.tar.gz |
*** empty log message ***
git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@207 2715db39-9adf-0310-9c64-84f055769b4b
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/README | 10 | ||||
-rw-r--r-- | contrib/SimpleX509create.README | 3 | ||||
-rw-r--r-- | contrib/SimpleX509create.py | 167 |
3 files changed, 178 insertions, 2 deletions
diff --git a/contrib/README b/contrib/README index f8c66d9..504a0b1 100644 --- a/contrib/README +++ b/contrib/README @@ -1,5 +1,5 @@ ------------- - 29 Dec 2002 + 21 Mar 2004 ------------- This directory contains contributions by users of M2Crypto. Some of these @@ -10,8 +10,14 @@ may get folded into the main distribution in time. - m2crypto.spec by Sean Reifschneider <jafo-rpms@tummy.com>. - Smarter non-blocking behaviour patch by Dave Brueck - <dave@pythonapocrypha.com>. +<dave@pythonapocrypha.com>. +- Isaac Salzberg's application of Mihai Ibanescu's patch (on SF) that +allows HTTPS tunneling thru an authenticating proxy. + +- A high-level interface to M2Crypto.SMIME by Bernard Yue. + +- Demonstration of PKI functionality contributed by Peter Teniz. Thanks guys! diff --git a/contrib/SimpleX509create.README b/contrib/SimpleX509create.README new file mode 100644 index 0000000..a08db85 --- /dev/null +++ b/contrib/SimpleX509create.README @@ -0,0 +1,3 @@ +Contributed by Peter Teniz <peter.teniz@inverisa.net> as a demonstration of +PKI functionality, also contributed by him. + diff --git a/contrib/SimpleX509create.py b/contrib/SimpleX509create.py new file mode 100644 index 0000000..5f439df --- /dev/null +++ b/contrib/SimpleX509create.py @@ -0,0 +1,167 @@ +#!/usr/bin/env python +# +#vim: ts=4 sw=4 nowrap +# + +"""PKI demo by Peter Teniz <peter.teniz@inverisa.net>""" + +import sys, os, re +import StringIO +import M2Crypto + + +MBSTRING_FLAG = 0x1000 +MBSTRING_ASC = MBSTRING_FLAG | 1 +MBSTRING_BMP = MBSTRING_FLAG | 2 + + +class Cert: + def __init__ ( self ): + self.RsaKey = { 'KeyLength' : 1024, + 'PubExponent' : 0x10001, # -> 65537 + 'keygen_callback' : self.callback + } + + self.KeyPair = None + self.PKey = None + + self.X509Request = None + self.X509Certificate = None + + def callback ( self, *args ): + return 'p' + + + + def CreatePKey ( self ): + self.KeyPair = M2Crypto.RSA.gen_key( self.RsaKey['KeyLength'], self.RsaKey['PubExponent'], self.RsaKey['keygen_callback'] ) + #PubKey = M2Crypto.RSA.new_pub_key( self.KeyPair.pub () ) + + self.KeyPair.save_key( 'KeyPair.pem', cipher='des_ede3_cbc', callback=self.callback ) + + self.PKey = M2Crypto.EVP.PKey ( md='sha1') + self.PKey.assign_rsa ( self.KeyPair ) + + + def CreateX509Request ( self ): + # + # X509 REQUEST + # + + self.X509Request = M2Crypto.X509.Request () + + # + # subject + # + + X509Name = M2Crypto.X509.X509_Name () + + X509Name.add_entry_by_txt ( field='C', type=MBSTRING_ASC, entry='austria', len=-1, loc=-1, set=0 ) # country name + X509Name.add_entry_by_txt ( field='SP', type=MBSTRING_ASC, entry='kernten', len=-1, loc=-1, set=0 ) # state of province name + X509Name.add_entry_by_txt ( field='L', type=MBSTRING_ASC, entry='stgallen', len=-1, loc=-1, set=0 ) # locality name + X509Name.add_entry_by_txt ( field='O', type=MBSTRING_ASC, entry='labor', len=-1, loc=-1, set=0 ) # organization name + X509Name.add_entry_by_txt ( field='OU', type=MBSTRING_ASC, entry='it-department', len=-1, loc=-1, set=0 ) # organizational unit name + X509Name.add_entry_by_txt ( field='CN', type=MBSTRING_ASC, entry='Certificate client', len=-1, loc=-1, set=0 ) # common name + X509Name.add_entry_by_txt ( field='Email', type=MBSTRING_ASC, entry='user@localhost', len=-1, loc=-1, set=0 ) # pkcs9 email address + X509Name.add_entry_by_txt ( field='emailAddress', type=MBSTRING_ASC, entry='user@localhost', len=-1, loc=-1, set=0 ) # pkcs9 email address + + self.X509Request.set_subject_name( x509NamePtr=X509Name._ptr() ) + + # + # publickey + # + + self.X509Request.set_pubkey ( pkey=self.PKey ) + self.X509Request.sign ( pkey=self.PKey, md='sha1' ) + #print X509Request.as_text () + + + + + + + def CreateX509Certificate ( self ): + # + # X509 CERTIFICATE + # + + self.X509Certificate = M2Crypto.X509.X509 () + + # + # version + # + + self.X509Certificate.set_version ( 0 ) + + # + # time notBefore + # + + ASN1 = M2Crypto.ASN1.ASN1_UTCTIME () + ASN1.set_time ( 500 ) + self.X509Certificate.set_not_before( ASN1._ptr() ) # 60 * 60 * 24 * 365 -> 1 year + + # + # time notAfter + # + + ASN1 = M2Crypto.ASN1.ASN1_UTCTIME () + ASN1.set_time ( 500 ) + self.X509Certificate.set_not_after( ASN1._ptr() ) # 60 * 60 * 24 * 365 -> 1 year + + # + # public key + # + + self.X509Certificate.set_pubkey ( pkey=self.PKey ) + + # + # subject + # + + X509Name = self.X509Request.get_subject () + + #print X509Name.entry_count () + #print X509Name.as_text () + + self.X509Certificate.set_subject_name( x509NamePtr=X509Name._ptr() ) + + # + # issuer + # + + X509Name = M2Crypto.X509.X509_Name ( M2Crypto.m2.x509_name_new () ) + + X509Name.add_entry_by_txt ( field='C', type=MBSTRING_ASC, entry='germany', len=-1, loc=-1, set=0 ) # country name + X509Name.add_entry_by_txt ( field='SP', type=MBSTRING_ASC, entry='bavaria', len=-1, loc=-1, set=0 ) # state of province name + X509Name.add_entry_by_txt ( field='L', type=MBSTRING_ASC, entry='munich', len=-1, loc=-1, set=0 ) # locality name + X509Name.add_entry_by_txt ( field='O', type=MBSTRING_ASC, entry='sbs', len=-1, loc=-1, set=0 ) # organization name + X509Name.add_entry_by_txt ( field='OU', type=MBSTRING_ASC, entry='it-department', len=-1, loc=-1, set=0 ) # organizational unit name + X509Name.add_entry_by_txt ( field='CN', type=MBSTRING_ASC, entry='Certificate Authority', len=-1, loc=-1, set=0 ) # common name + X509Name.add_entry_by_txt ( field='Email', type=MBSTRING_ASC, entry='admin@localhost', len=-1, loc=-1, set=0 ) # pkcs9 email address + X509Name.add_entry_by_txt ( field='emailAddress', type=MBSTRING_ASC, entry='admin@localhost', len=-1, loc=-1, set=0 ) # pkcs9 email address + + #print X509Name.entry_count () + #print X509Name.as_text () + + self.X509Certificate.set_issuer_name( x509NamePtr=X509Name._ptr() ) + + # + # signing + # + + self.X509Certificate.sign( pkey=self.PKey, md='sha1' ) + print self.X509Certificate.as_text () + + + + + +if __name__ == '__main__': + run = Cert () + run.CreatePKey () + run.CreateX509Request () + run.CreateX509Certificate () + + + |