Tighten up PKCS#10 attribute decoding

svn path=/pow/POW-0.7/lib/pkix.py; revision=1046
author: Rob Austein <sra@hactrn.net> 2007-09-28 20:06:35 +0000
committer: Rob Austein <sra@hactrn.net> 2007-09-28 20:06:35 +0000
commit: 405f90f77a8ca2a8fc5a0837b2eaf91a4cd0255f (patch)
tree: 5aebeb09c10daf1eadbace4b5313e0db302ac2d5 /pow/POW-0.7/lib/pkix.py
parent: 0f8c986dd4595122991493c192b794d2831f3977 (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/pow/POW-0.7/lib/pkix.py b/pow/POW-0.7/lib/pkix.py
index 26881e51..7dd75322 100755
--- a/pow/POW-0.7/lib/pkix.py
+++ b/pow/POW-0.7/lib/pkix.py
@@ -787,7 +787,7 @@ class Certificate(Sequence):
    def sign(self, rsa, digestType):
       driver = getCryptoDriver()
       oid = driver.getOID(digestType)
-      self.tbs.subjectPublicKeyInfo.set((((1, 2, 840, 113549, 1, 1, 1), None), driver.toPublicDER(key)))
+      self.tbs.subjectPublicKeyInfo.set(driver.toPublicDER(key))
       self.tbs.signature.set([oid, None])
       signedText = driver.sign(rsa, oid, self.tbs.toString())
       self.signatureAlgorithm.set([oid, None])
@@ -1193,7 +1193,7 @@ class PKCS10AttributeChoice(Choice):
       Choice.__init__(self, choices, optional, default)
 
 class PKCS10Attributes(Sequence):
-   def __init__(self, optional=0, default=''):
+   def __init__(self, optional=1, default=''):
       self.oid = Oid()
       self.val = PKCS10AttributeChoice()
       contents = [ self.oid, self.val ]
@@ -1220,10 +1220,19 @@ class CertificationRequest(Sequence):
    def verify(self):
       driver = getCryptoDriver()
       oid = self.signatureAlgorithm.get()[0]
-      # Should check self.certificationRequestInfo.subjectPublicKeyInfo.algorithmId 
       rsa = driver.fromPublicDER(self.certificationRequestInfo.subjectPublicKeyInfo.toString())
       return driver.verify(rsa, oid, self.certificationRequestInfo.toString(), self.signatureValue.get())
 
+   def getExtensions(self):
+      oid = self.certificationRequestInfo.attributes.oid.get()
+      if oid is None:
+         return None
+      if oid != (1, 2, 840, 113549, 1, 9, 14) or \
+         self.certificationRequestInfo.attributes.val.choice != "set" or \
+         len(self.certificationRequestInfo.attributes.val.choices["set"]) > 1:
+         raise DerError, "failed to understand X.501 Attribute encoding, sorry: %s" % self.get()
+      return self.certificationRequestInfo.attributes.val.choices["set"][0]
+
 #---------- PKCS10 ----------#
 #---------- GeneralNames object support ----------#
 class OtherName(Sequence):
@@ -1968,7 +1977,7 @@ class Extension(Sequence):
          if not (isinstance(oid, types.TupleType) or isinstance(oid, types.ListType)):
             raise DerError, 'the oid should be specified as a sequence of integers'
          else:
-            raise DerError, 'unkown object extension %s' % oid
+            raise DerError, 'unknown object extension %s' % oid
 
       try:
          extnObj.set( val )
author	Rob Austein <sra@hactrn.net>	2007-09-28 20:06:35 +0000
committer	Rob Austein <sra@hactrn.net>	2007-09-28 20:06:35 +0000
commit	405f90f77a8ca2a8fc5a0837b2eaf91a4cd0255f (patch)
tree	5aebeb09c10daf1eadbace4b5313e0db302ac2d5 /pow/POW-0.7/lib/pkix.py
parent	0f8c986dd4595122991493c192b794d2831f3977 (diff)