From 3b12bee84a50a18905dc72c0f2dc5e098f5383e8 Mon Sep 17 00:00:00 2001
From: Ng Pheng Siong <ngps@netmemetic.com>
Date: Sun, 21 Mar 2004 13:28:41 +0000
Subject: *** empty log message ***

git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@207 2715db39-9adf-0310-9c64-84f055769b4b
---
 contrib/README                  |  10 ++-
 contrib/SimpleX509create.README |   3 +
 contrib/SimpleX509create.py     | 167 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 178 insertions(+), 2 deletions(-)
 create mode 100644 contrib/SimpleX509create.README
 create mode 100644 contrib/SimpleX509create.py

(limited to 'contrib')

diff --git a/contrib/README b/contrib/README
index f8c66d9..504a0b1 100644
--- a/contrib/README
+++ b/contrib/README
@@ -1,5 +1,5 @@
 -------------
- 29 Dec 2002
+ 21 Mar 2004
 -------------
 
 This directory contains contributions by users of M2Crypto. Some of these
@@ -10,8 +10,14 @@ may get folded into the main distribution in time.
 - m2crypto.spec by Sean Reifschneider <jafo-rpms@tummy.com>.
 
 - Smarter non-blocking behaviour patch by Dave Brueck 
-  <dave@pythonapocrypha.com>.
+<dave@pythonapocrypha.com>.
 
+- Isaac Salzberg's application of Mihai Ibanescu's patch (on SF) that
+allows HTTPS tunneling thru an authenticating proxy.
+
+- A high-level interface to M2Crypto.SMIME by Bernard Yue.
+
+- Demonstration of PKI functionality contributed by Peter Teniz.
 
 Thanks guys!
 
diff --git a/contrib/SimpleX509create.README b/contrib/SimpleX509create.README
new file mode 100644
index 0000000..a08db85
--- /dev/null
+++ b/contrib/SimpleX509create.README
@@ -0,0 +1,3 @@
+Contributed by Peter Teniz <peter.teniz@inverisa.net> as a demonstration of
+PKI functionality, also contributed by him.
+
diff --git a/contrib/SimpleX509create.py b/contrib/SimpleX509create.py
new file mode 100644
index 0000000..5f439df
--- /dev/null
+++ b/contrib/SimpleX509create.py
@@ -0,0 +1,167 @@
+#!/usr/bin/env python
+#
+#vim: ts=4 sw=4 nowrap
+#
+
+"""PKI demo by Peter Teniz <peter.teniz@inverisa.net>"""
+
+import sys, os, re
+import StringIO
+import M2Crypto
+
+
+MBSTRING_FLAG = 0x1000
+MBSTRING_ASC  = MBSTRING_FLAG | 1
+MBSTRING_BMP  = MBSTRING_FLAG | 2
+
+
+class Cert:
+	def __init__ ( self ):
+		self.RsaKey = { 'KeyLength'       : 1024,
+						'PubExponent'     : 0x10001,		# -> 65537
+						'keygen_callback' : self.callback 
+					  }
+
+		self.KeyPair         = None
+		self.PKey            = None
+
+		self.X509Request     = None 
+		self.X509Certificate = None
+
+	def callback ( self, *args ):
+		return 'p'
+
+
+
+	def CreatePKey ( self ):
+		self.KeyPair = M2Crypto.RSA.gen_key( self.RsaKey['KeyLength'], self.RsaKey['PubExponent'], self.RsaKey['keygen_callback'] )
+		#PubKey = M2Crypto.RSA.new_pub_key( self.KeyPair.pub () )
+
+		self.KeyPair.save_key( 'KeyPair.pem', cipher='des_ede3_cbc', callback=self.callback )
+		
+		self.PKey = M2Crypto.EVP.PKey ( md='sha1')
+		self.PKey.assign_rsa ( self.KeyPair )
+
+
+	def CreateX509Request ( self ):
+		#
+		# X509 REQUEST
+		#
+
+		self.X509Request = M2Crypto.X509.Request ()
+
+		#
+		# subject
+		#
+
+		X509Name = M2Crypto.X509.X509_Name ()
+
+		X509Name.add_entry_by_txt ( field='C',            type=MBSTRING_ASC, entry='austria',               len=-1, loc=-1, set=0 )    # country name
+		X509Name.add_entry_by_txt ( field='SP',           type=MBSTRING_ASC, entry='kernten',               len=-1, loc=-1, set=0 )    # state of province name
+		X509Name.add_entry_by_txt ( field='L',            type=MBSTRING_ASC, entry='stgallen',              len=-1, loc=-1, set=0 )    # locality name
+		X509Name.add_entry_by_txt ( field='O',            type=MBSTRING_ASC, entry='labor',                 len=-1, loc=-1, set=0 )    # organization name
+		X509Name.add_entry_by_txt ( field='OU',           type=MBSTRING_ASC, entry='it-department',         len=-1, loc=-1, set=0 )    # organizational unit name
+		X509Name.add_entry_by_txt ( field='CN',           type=MBSTRING_ASC, entry='Certificate client',    len=-1, loc=-1, set=0 )    # common name
+		X509Name.add_entry_by_txt ( field='Email',        type=MBSTRING_ASC, entry='user@localhost',        len=-1, loc=-1, set=0 )    # pkcs9 email address
+		X509Name.add_entry_by_txt ( field='emailAddress', type=MBSTRING_ASC, entry='user@localhost',        len=-1, loc=-1, set=0 )    # pkcs9 email address     
+
+		self.X509Request.set_subject_name( x509NamePtr=X509Name._ptr() )
+
+		#
+		# publickey
+		#
+
+		self.X509Request.set_pubkey ( pkey=self.PKey )
+		self.X509Request.sign ( pkey=self.PKey, md='sha1' )
+		#print X509Request.as_text ()
+
+
+
+
+
+
+	def CreateX509Certificate ( self ):
+		#
+		# X509 CERTIFICATE
+		#
+
+		self.X509Certificate =  M2Crypto.X509.X509 ()
+
+		#
+		# version
+		#
+
+		self.X509Certificate.set_version ( 0 )
+
+		#
+		# time notBefore
+		#
+
+		ASN1 = M2Crypto.ASN1.ASN1_UTCTIME ()
+		ASN1.set_time ( 500 )
+		self.X509Certificate.set_not_before( ASN1._ptr() )		#  60 * 60 * 24 * 365  -> 1 year
+
+		#
+		# time notAfter
+		#
+
+		ASN1 = M2Crypto.ASN1.ASN1_UTCTIME ()
+		ASN1.set_time ( 500 )
+		self.X509Certificate.set_not_after( ASN1._ptr() )		#  60 * 60 * 24 * 365  -> 1 year
+
+		#
+		# public key
+		#
+
+		self.X509Certificate.set_pubkey ( pkey=self.PKey )
+		
+		#
+		# subject
+		#
+
+		X509Name = self.X509Request.get_subject ()
+
+		#print X509Name.entry_count ()
+		#print X509Name.as_text ()
+
+		self.X509Certificate.set_subject_name( x509NamePtr=X509Name._ptr() )
+
+		#
+		# issuer
+		#
+
+		X509Name = M2Crypto.X509.X509_Name ( M2Crypto.m2.x509_name_new () )
+
+		X509Name.add_entry_by_txt ( field='C',            type=MBSTRING_ASC, entry='germany',               len=-1, loc=-1, set=0 )    # country name
+		X509Name.add_entry_by_txt ( field='SP',           type=MBSTRING_ASC, entry='bavaria',               len=-1, loc=-1, set=0 )    # state of province name
+		X509Name.add_entry_by_txt ( field='L',            type=MBSTRING_ASC, entry='munich',                len=-1, loc=-1, set=0 )    # locality name
+		X509Name.add_entry_by_txt ( field='O',            type=MBSTRING_ASC, entry='sbs',                   len=-1, loc=-1, set=0 )    # organization name
+		X509Name.add_entry_by_txt ( field='OU',           type=MBSTRING_ASC, entry='it-department',         len=-1, loc=-1, set=0 )    # organizational unit name
+		X509Name.add_entry_by_txt ( field='CN',           type=MBSTRING_ASC, entry='Certificate Authority', len=-1, loc=-1, set=0 )    # common name
+		X509Name.add_entry_by_txt ( field='Email',        type=MBSTRING_ASC, entry='admin@localhost',       len=-1, loc=-1, set=0 )    # pkcs9 email address
+		X509Name.add_entry_by_txt ( field='emailAddress', type=MBSTRING_ASC, entry='admin@localhost',       len=-1, loc=-1, set=0 )    # pkcs9 email address     
+
+		#print X509Name.entry_count ()
+		#print X509Name.as_text ()
+
+		self.X509Certificate.set_issuer_name( x509NamePtr=X509Name._ptr() )
+
+		#
+		# signing
+		#
+
+		self.X509Certificate.sign( pkey=self.PKey, md='sha1' )
+		print self.X509Certificate.as_text ()
+
+
+
+
+
+if __name__ == '__main__':
+	run = Cert ()
+	run.CreatePKey ()
+	run.CreateX509Request ()
+	run.CreateX509Certificate ()
+
+
+
-- 
cgit v1.2.1