From 405f90f77a8ca2a8fc5a0837b2eaf91a4cd0255f Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 28 Sep 2007 20:06:35 +0000
Subject: Tighten up PKCS#10 attribute decoding

svn path=/pow/POW-0.7/lib/pkix.py; revision=1046
---
 pow/POW-0.7/lib/pkix.py | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'pow/POW-0.7/lib/pkix.py')

diff --git a/pow/POW-0.7/lib/pkix.py b/pow/POW-0.7/lib/pkix.py
index 26881e51..7dd75322 100755
--- a/pow/POW-0.7/lib/pkix.py
+++ b/pow/POW-0.7/lib/pkix.py
@@ -787,7 +787,7 @@ class Certificate(Sequence):
    def sign(self, rsa, digestType):
       driver = getCryptoDriver()
       oid = driver.getOID(digestType)
-      self.tbs.subjectPublicKeyInfo.set((((1, 2, 840, 113549, 1, 1, 1), None), driver.toPublicDER(key)))
+      self.tbs.subjectPublicKeyInfo.set(driver.toPublicDER(key))
       self.tbs.signature.set([oid, None])
       signedText = driver.sign(rsa, oid, self.tbs.toString())
       self.signatureAlgorithm.set([oid, None])
@@ -1193,7 +1193,7 @@ class PKCS10AttributeChoice(Choice):
       Choice.__init__(self, choices, optional, default)
 
 class PKCS10Attributes(Sequence):
-   def __init__(self, optional=0, default=''):
+   def __init__(self, optional=1, default=''):
       self.oid = Oid()
       self.val = PKCS10AttributeChoice()
       contents = [ self.oid, self.val ]
@@ -1220,10 +1220,19 @@ class CertificationRequest(Sequence):
    def verify(self):
       driver = getCryptoDriver()
       oid = self.signatureAlgorithm.get()[0]
-      # Should check self.certificationRequestInfo.subjectPublicKeyInfo.algorithmId 
       rsa = driver.fromPublicDER(self.certificationRequestInfo.subjectPublicKeyInfo.toString())
       return driver.verify(rsa, oid, self.certificationRequestInfo.toString(), self.signatureValue.get())
 
+   def getExtensions(self):
+      oid = self.certificationRequestInfo.attributes.oid.get()
+      if oid is None:
+         return None
+      if oid != (1, 2, 840, 113549, 1, 9, 14) or \
+         self.certificationRequestInfo.attributes.val.choice != "set" or \
+         len(self.certificationRequestInfo.attributes.val.choices["set"]) > 1:
+         raise DerError, "failed to understand X.501 Attribute encoding, sorry: %s" % self.get()
+      return self.certificationRequestInfo.attributes.val.choices["set"][0]
+
 #---------- PKCS10 ----------#
 #---------- GeneralNames object support ----------#
 class OtherName(Sequence):
@@ -1968,7 +1977,7 @@ class Extension(Sequence):
          if not (isinstance(oid, types.TupleType) or isinstance(oid, types.ListType)):
             raise DerError, 'the oid should be specified as a sequence of integers'
          else:
-            raise DerError, 'unkown object extension %s' % oid
+            raise DerError, 'unknown object extension %s' % oid
 
       try:
          extnObj.set( val )
-- 
cgit v1.2.3