<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[15213] PySecureTransport/trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/15213">15213</a></dd>
<dt>Author</dt> <dd>cdaboo@apple.com</dd>
<dt>Date</dt> <dd>2015-10-22 14:58:28 -0700 (Thu, 22 Oct 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Add certificate/keychain identity import features. Add tests and update documentation.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#PySecureTransporttrunkOpenSSLSSLpy">PySecureTransport/trunk/OpenSSL/SSL.py</a></li>
<li><a href="#PySecureTransporttrunkOpenSSL__init__py">PySecureTransport/trunk/OpenSSL/__init__.py</a></li>
<li><a href="#PySecureTransporttrunkOpenSSLcryptopy">PySecureTransport/trunk/OpenSSL/crypto.py</a></li>
<li><a href="#PySecureTransporttrunkREADME">PySecureTransport/trunk/README</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li>PySecureTransport/trunk/OpenSSL/test/</li>
<li><a href="#PySecureTransporttrunkOpenSSLtest__init__py">PySecureTransport/trunk/OpenSSL/test/__init__.py</a></li>
<li>PySecureTransport/trunk/OpenSSL/test/data/</li>
<li><a href="#PySecureTransporttrunkOpenSSLtestdataserverpem">PySecureTransport/trunk/OpenSSL/test/data/server.pem</a></li>
<li><a href="#PySecureTransporttrunkOpenSSLtesttest_cryptopy">PySecureTransport/trunk/OpenSSL/test/test_crypto.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="PySecureTransporttrunkOpenSSLSSLpy"></a>
<div class="modfile"><h4>Modified: PySecureTransport/trunk/OpenSSL/SSL.py (15212 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/OpenSSL/SSL.py 2015-10-22 21:49:54 UTC (rev 15212)
+++ PySecureTransport/trunk/OpenSSL/SSL.py 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -23,7 +23,7 @@
</span><span class="cx"> from osx._corefoundation import ffi, lib as security
</span><span class="cx"> from osx.corefoundation import CFArrayRef
</span><span class="cx">
</span><del>-from OpenSSL.crypto import _getIdentityCertificate
</del><ins>+from OpenSSL.crypto import load_certificate, load_privatekey, load_keychain_identity, FILETYPE_PEM
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> class Error(Exception):
</span><span class="lines">@@ -91,6 +91,8 @@
</span><span class="cx"> @type method: L{int}
</span><span class="cx"> """
</span><span class="cx"> self.method = method
</span><ins>+ self.certificate = None
+ self.pkey = None
</ins><span class="cx"> self.identity = None
</span><span class="cx"> self.options = set()
</span><span class="cx">
</span><span class="lines">@@ -110,11 +112,14 @@
</span><span class="cx"> Certificate file to use - for SecureTransport we actually treat the file name as the certificate name
</span><span class="cx"> to lookup in the KeyChain. Set it only if an identity has not already been set.
</span><span class="cx">
</span><del>- @param certificateFileName: subject name of the certificate to use
</del><ins>+ @param certificateFileName: name of the certificate file to use
</ins><span class="cx"> @type certificateFileName: L{str}
</span><span class="cx"> """
</span><span class="cx"> if self.identity is None and certificateFileName:
</span><del>- self.identity = _getIdentityCertificate(certificateFileName)
</del><ins>+ with open(certificateFileName) as f:
+ data = f.read()
+ self.certificate = load_certificate(FILETYPE_PEM, data)
+ raise NotImplementedError("SecureTransport cannot use cert files directly. Put them in the keychain.")
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> def use_privatekey_file(self, privateKeyFileName):
</span><span class="lines">@@ -122,17 +127,25 @@
</span><span class="cx"> Private key file to use - for SecureTransport we actually treat the file name as the certificate name
</span><span class="cx"> to lookup in the KeyChain. Set it only if an identity has not already been set.
</span><span class="cx">
</span><del>- @param certificateFileName: subject name of the certificate to use
- @type certificateFileName: L{str}
</del><ins>+ @param privateKeyFileName: name of the private key file to use
+ @type privateKeyFileName: L{str}
</ins><span class="cx"> """
</span><span class="cx"> if self.identity is None and privateKeyFileName:
</span><del>- self.identity = _getIdentityCertificate(privateKeyFileName)
</del><ins>+ with open(privateKeyFileName) as f:
+ data = f.read()
+ self.pkey = load_privatekey(FILETYPE_PEM, data)
+ raise NotImplementedError("SecureTransport cannot use of pkey files directly. Put them in the keychain.")
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> def use_certificate_chain_file(self, certfile):
</span><span class="cx"> pass
</span><span class="cx">
</span><span class="cx">
</span><ins>+ def use_keychain_identity(self, identity):
+ if self.identity is None and identity:
+ self.identity = load_keychain_identity(identity)
+
+
</ins><span class="cx"> def set_passwd_cb(self, callback, userdata=None):
</span><span class="cx"> pass
</span><span class="cx">
</span><span class="lines">@@ -365,7 +378,7 @@
</span><span class="cx"> self.shutdown()
</span><span class="cx"> raise Error("No certificate")
</span><span class="cx">
</span><del>- # Add the crtificate
</del><ins>+ # Add the certificate
</ins><span class="cx"> if self.context.identity is not None:
</span><span class="cx"> certs = CFArrayRef.fromList([self.context.identity])
</span><span class="cx"> err = security.SSLSetCertificate(self.ctx, certs.ref())
</span></span></pre></div>
<a id="PySecureTransporttrunkOpenSSL__init__py"></a>
<div class="modfile"><h4>Modified: PySecureTransport/trunk/OpenSSL/__init__.py (15212 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/OpenSSL/__init__.py 2015-10-22 21:49:54 UTC (rev 15212)
+++ PySecureTransport/trunk/OpenSSL/__init__.py 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -17,6 +17,8 @@
</span><span class="cx"> from OpenSSL import crypto, SSL
</span><span class="cx"> from OpenSSL.version import __version__
</span><span class="cx">
</span><ins>+__SecureTransport__ = True
+
</ins><span class="cx"> __all__ = [
</span><span class="cx"> 'crypto', 'SSL', '__version__'
</span><span class="cx"> ]
</span></span></pre></div>
<a id="PySecureTransporttrunkOpenSSLcryptopy"></a>
<div class="modfile"><h4>Modified: PySecureTransport/trunk/OpenSSL/crypto.py (15212 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/OpenSSL/crypto.py 2015-10-22 21:49:54 UTC (rev 15212)
+++ PySecureTransport/trunk/OpenSSL/crypto.py 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -20,7 +20,7 @@
</span><span class="cx">
</span><span class="cx"> from osx._corefoundation import ffi, lib as security
</span><span class="cx"> from osx.corefoundation import CFDictionaryRef, CFStringRef, CFArrayRef, \
</span><del>- CFBooleanRef, CFObjectRef, CFErrorRef
</del><ins>+ CFBooleanRef, CFObjectRef, CFErrorRef, CFDataRef
</ins><span class="cx">
</span><span class="cx"> userIDOID = "0.9.2342.19200300.100.1.1"
</span><span class="cx">
</span><span class="lines">@@ -50,6 +50,16 @@
</span><span class="cx">
</span><span class="cx">
</span><span class="cx">
</span><ins>+class PKey(object):
+ """
+ Equivalent of an pyOpenSSL OpenSSL.crypto.PKey object, with many methods unimplemented.
+ """
+
+ def __init__(self, pkey=None):
+ self._pkey = pkey
+
+
+
</ins><span class="cx"> class X509Name(object):
</span><span class="cx"> """
</span><span class="cx"> Equivalent of an pyOpenSSL OpenSSL.crypto.X509Name object.
</span><span class="lines">@@ -70,7 +80,7 @@
</span><span class="cx"> """
</span><span class="cx">
</span><span class="cx"> def __init__(self, certificate=None):
</span><del>- self.certificate = certificate
</del><ins>+ self._x509 = certificate
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> def set_version(self, version):
</span><span class="lines">@@ -164,7 +174,7 @@
</span><span class="cx"> """
</span><span class="cx"> keys = CFArrayRef.fromList([CFStringRef.fromRef(security.kSecOIDX509V1SubjectName)])
</span><span class="cx"> error = ffi.new("CFErrorRef *")
</span><del>- values = security.SecCertificateCopyValues(self.certificate.ref(), keys.ref(), error)
</del><ins>+ values = security.SecCertificateCopyValues(self._x509.ref(), keys.ref(), error)
</ins><span class="cx"> if values == ffi.NULL:
</span><span class="cx"> error = CFErrorRef(error[0])
</span><span class="cx"> raise Error("Unable to get certificate subject")
</span><span class="lines">@@ -202,29 +212,104 @@
</span><span class="cx">
</span><span class="cx"> def load_certificate(certtype, buffer):
</span><span class="cx"> """
</span><del>- Load a certificate with the supplied identity string.
</del><ins>+ Load a certificate with the supplied type and data. If the type is
+ L{None} then assume the data is the name of a Keychain identity,
+ otherwise assume it is data of the specified type.
</ins><span class="cx">
</span><ins>+ @param certtype: certificate data type or L{None} to read from Keychain
+ @type certtype: L{int}
+ @param buffer: certificate data or name of the KeyChain item to lookup
+ @type buffer: L{str}
+
+ @return: the certificate
+ @rtype: L{X509}
+ """
+
+ if certtype is None:
+ return _load_keychain_item(buffer)
+ else:
+ return X509(_load_certificate_data(certtype, buffer, security.SecCertificateGetTypeID()))
+
+
+
+def load_privatekey(certtype, buffer, passphrase=None):
+ """
+ Load a private key with the supplied type and data. If the type is
+ L{None} then assume the data is the name of a Keychain identity,
+ otherwise assume it is data of the specified type.
+
+ @param certtype: certificate data type or L{None} to read from Keychain
+ @type certtype: L{int}
+ @param buffer: certificate data or name of the KeyChain item to lookup
+ @type buffer: L{str}
+
+ @return: the certificate
+ @rtype: L{X509}
+ """
+
+ if certtype is None:
+ return _load_keychain_item(buffer)
+ else:
+ return PKey(_load_certificate_data(certtype, buffer, security.SecKeyGetTypeID()))
+
+
+
+def _load_certificate_data(certtype, buffer, result_typeid):
+ """
+ Load a certificate with the supplied type and data.
+
</ins><span class="cx"> @param certtype: ignored
</span><span class="cx"> @type certtype: -
</span><span class="cx"> @param buffer: name of the KeyChain item to lookup
</span><span class="cx"> @type buffer: L{str}
</span><ins>+ @param result_typeid: The type to return (certificate or key)
+ @type result_typeid: L{ffi.CFTypeID}
</ins><span class="cx">
</span><span class="cx"> @return: the certificate
</span><span class="cx"> @rtype: L{X509}
</span><span class="cx"> """
</span><span class="cx">
</span><span class="cx"> # First try to get the identity from the KeyChain
</span><del>- name = CFStringRef.fromString(buffer)
</del><ins>+ data = CFDataRef.fromString(buffer)
+ results = ffi.new("CFArrayRef *")
+ err = security.SecItemImport(data.ref(), ffi.NULL, ffi.NULL, ffi.NULL, 0, ffi.NULL, ffi.NULL, results)
+ if err != 0:
+ raise Error("Could not load certificate data")
+
+ results = CFArrayRef(results[0]).toList()
+
+ # Try to find a SecCertificateRef
+ for result in results:
+ if result.instanceTypeId() == result_typeid:
+ return result
+ else:
+ raise Error("No certificate in data")
+
+
+
+def _load_keychain_item(identifier):
+ """
+ Load a certificate with the supplied identity string.
+
+ @param identifier: name of the KeyChain item to lookup
+ @type identifier: L{str}
+
+ @return: the certificate
+ @rtype: L{X509}
+ """
+
+ # First try to get the identity from the KeyChain
+ name = CFStringRef.fromString(identifier)
</ins><span class="cx"> certificate = security.SecCertificateCopyPreferred(name.ref(), ffi.NULL)
</span><span class="cx"> if certificate == ffi.NULL:
</span><span class="cx"> try:
</span><del>- identity = _getIdentityCertificate(buffer)
</del><ins>+ identity = load_keychain_identity(identifier)
</ins><span class="cx"> except Error:
</span><del>- raise Error("Certificate for preferred name '{}' was not found".format(buffer))
</del><ins>+ raise Error("Identity for preferred name '{}' was not found".format(identifier))
</ins><span class="cx"> certificate = ffi.new("SecCertificateRef *")
</span><span class="cx"> err = security.SecIdentityCopyCertificate(identity.ref(), certificate)
</span><span class="cx"> if err != 0:
</span><del>- raise Error("Certificate for preferred name '{}' was not found".format(buffer))
</del><ins>+ raise Error("Identity for preferred name '{}' was not found".format(identifier))
</ins><span class="cx"> certificate = certificate[0]
</span><span class="cx"> certificate = CFObjectRef(certificate)
</span><span class="cx">
</span><span class="lines">@@ -232,7 +317,7 @@
</span><span class="cx">
</span><span class="cx">
</span><span class="cx">
</span><del>-def _getIdentityCertificate(subject):
</del><ins>+def load_keychain_identity(subject):
</ins><span class="cx"> """
</span><span class="cx"> Retrieve a SecIdentityRef from the KeyChain with a subject that exactly matches the passed in value.
</span><span class="cx">
</span><span class="lines">@@ -240,8 +325,16 @@
</span><span class="cx"> @type subject: L{str}
</span><span class="cx">
</span><span class="cx"> @return: matched SecIdentityRef item or L{None}
</span><del>- @rtpe: L{CFObjectRef}
</del><ins>+ @rtype: L{CFObjectRef}
</ins><span class="cx"> """
</span><ins>+
+ # First try to load this from an identity preference
+ cfsubject = CFStringRef.fromString(subject)
+ identity = security.SecIdentityCopyPreferred(cfsubject.ref(), ffi.NULL, ffi.NULL)
+ if identity != ffi.NULL:
+ return CFObjectRef(identity)
+
+ # Now iterate items to find a match
</ins><span class="cx"> match = CFDictionaryRef.fromDict({
</span><span class="cx"> CFStringRef.fromRef(security.kSecClass): CFStringRef.fromRef(security.kSecClassIdentity),
</span><span class="cx"> CFStringRef.fromRef(security.kSecReturnRef): CFBooleanRef.fromBool(True),
</span><span class="lines">@@ -265,8 +358,3 @@
</span><span class="cx"> raise Error("Certificate with id '{}' was not found in the KeyChain".format(subject))
</span><span class="cx">
</span><span class="cx"> return identity
</span><del>-
-
-if __name__ == '__main__':
- x = load_certificate("", "APSP:d6e49079-75ba-4380-a2cd-a66191469145")
- print(x.get_subject().get_components())
</del></span></pre></div>
<a id="PySecureTransporttrunkOpenSSLtest__init__py"></a>
<div class="addfile"><h4>Added: PySecureTransport/trunk/OpenSSL/test/__init__.py (0 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/OpenSSL/test/__init__.py (rev 0)
+++ PySecureTransport/trunk/OpenSSL/test/__init__.py 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+##
+# Copyright (c) 2015 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
</ins></span></pre></div>
<a id="PySecureTransporttrunkOpenSSLtestdataserverpem"></a>
<div class="addfile"><h4>Added: PySecureTransport/trunk/OpenSSL/test/data/server.pem (0 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/OpenSSL/test/data/server.pem (rev 0)
+++ PySecureTransport/trunk/OpenSSL/test/data/server.pem 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -0,0 +1,52 @@
</span><ins>+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuhBjrq4nmSEo/V5nfnq+euKyRP5gJB0tp8lvawwTPT/kftqu
+ouXq58NvX9TwmDidzFgNGEqqirCLu14GYkFpL6fUjs8zlTIGrNIDb/W//DbiQ0Dy
+rhJMvGPErl3tTQn2pg9cw65zIHXQ2GgR4i/Fm52dZ9hIaybaYcO1UFqMQ6lHjLWE
+mc8svIhhovIgcLV3YZQ8hrhrTMSJfFqeVhMUrOxcdc5VnEiKXkblOtbeAiVOZdEm
+2jC5ME4w0PH3bXiQouqlmxtuPZuw7KZUNqiwJ0X1lhhM2SH3F/HHC2bY8ff/25sy
+ZdzoHwe2EuYwm1wAYN5IfjWqtGuuElr0jdL/TQIDAQABAoIBAGzJlF7XuJNRzhOG
+FODgh2p2DWFFkZTL8pu9rQVbxAv1xXVeCul3oIbtv7q6WAnIYIrPmKhxT5FTc/+T
+FAxyzjts11zATRqYa0q0aAoYF64xsM09tiaM0Iz9kEua41o9zxZ8uPI4l1uNRxSg
+lIQ5BkLcPuIulPkBeIHc2bAnoQcVfSQc1ZRR4IOtiZqk6bwxN/U6a1kbQ6EVrdEp
+tIWa6RHKemwNoTPiFc3eQHe8sYmVjkPu6S9yQI69hOicPK4y/PkH+5L+LtCh9cBC
+ijbAp7uTdGJ9BvXf+aIA9bM/eFG5+9nU8nsrOj2xT2axJ02FuLI/H0IxC8aCi1eP
+aKHB+IECgYEA5F/k0KkDa2mIg/tsIhHVCo5ic073pCMUQ6Ka2O9SM2EL7WrZSppm
+A0+sJpc/8aPuia1hB4izIME4zOKlIArMXvATq6OT2dAaXqGZFDwiOdyinFHKFDaP
+U68g4bQktMLb3phAsqTtXNxiyRnmiKDEkvPVbK6WbxVJ6RUdSFySLJECgYEA0JJC
+OjTPuz9e3DJc9PFvxSuwBmsV0kOkVa3D2Two24vNieWHv3ZujHSfN/prqZVkIgsL
+6grL9nfVxt/m2t62irBBKL2DlfxTMZhf+8H1anAjDF6h4jDsg3Ybar6NF0gl4w0t
+3km/8/UwQYNe1TDfuh+M4/rONqP+VbX9jDkXtP0CgYEAsEA95Lf79qLtBAc/jg+7
+HrmCy8EvKFMWaZiN70zMYPDN9r6W0pfUkUuk7eefJwvApirUDq92p5nYD2//xnnu
+/npEhBvrmJeeMlh/Pvml5IgeS4xn7C+rcAdh1i9kgMk+TU2t6PGWayt/ZfsCS4Hg
+FBXxKj6XxUVl1GhCQD2JZrECgYEAkUZOetxuFK5/FEDAHpxMjblwUggkmuAihssR
+ry4IB2PJNlN5yhJjzdEtVYBHnUdBB7VKByqeBn5RmMQ7uBeIbfF2cToPfVjTWagY
+svLWTdztjKAdgb8x/h812ZQAEkdenFeBq2MTIImXowot87CnJKz1JZZ8K/LuJCUv
+BYx+xsECgYAXspEZGSoW1LlJnnpAI8MUXBGYz1QnyOFn41O9niZ9rg0dX5L7laO/
+Frjq4ibegsNtVAPOIDebzrbhkocmH/vhgWbemTTs+Jiq0zfYxi/4m6kYDAruUKii
+Ol+8r1ZG1YZtuZg1FKe7cOY9FToMRjVethqiVJeoTlT62BzPhl1j8w==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIJAJYU3laSIOMjMA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJQ3VwZXJ0aW5vMRMwEQYDVQQK
+EwpBcHBsZSBJbmMuMRQwEgYDVQQLEwtPUyBYIFNlcnZlcjESMBAGA1UEAxMJbG9j
+YWxob3N0MB4XDTE0MDUyODE5MjUyOFoXDTE3MDUyNzE5MjUyOFowbTELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlDdXBlcnRpbm8xEzARBgNVBAoT
+CkFwcGxlIEluYy4xFDASBgNVBAsTC09TIFggU2VydmVyMRIwEAYDVQQDEwlsb2Nh
+bGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6EGOurieZISj9
+Xmd+er564rJE/mAkHS2nyW9rDBM9P+R+2q6i5ernw29f1PCYOJ3MWA0YSqqKsIu7
+XgZiQWkvp9SOzzOVMgas0gNv9b/8NuJDQPKuEky8Y8SuXe1NCfamD1zDrnMgddDY
+aBHiL8WbnZ1n2EhrJtphw7VQWoxDqUeMtYSZzyy8iGGi8iBwtXdhlDyGuGtMxIl8
+Wp5WExSs7Fx1zlWcSIpeRuU61t4CJU5l0SbaMLkwTjDQ8fdteJCi6qWbG249m7Ds
+plQ2qLAnRfWWGEzZIfcX8ccLZtjx9//bmzJl3OgfB7YS5jCbXABg3kh+Naq0a64S
+WvSN0v9NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFMoKhtrzSrJs/1DHjE7XuSAx4w8y
+MIGfBgNVHSMEgZcwgZSAFMoKhtrzSrJs/1DHjE7XuSAx4w8yoXGkbzBtMQswCQYD
+VQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUN1cGVydGlubzETMBEGA1UE
+ChMKQXBwbGUgSW5jLjEUMBIGA1UECxMLT1MgWCBTZXJ2ZXIxEjAQBgNVBAMTCWxv
+Y2FsaG9zdIIJAJYU3laSIOMjMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAFdLKR6+xddHJ4jZw6b0M6oh5pQgDPU9iUQEBoPHS4BrtkODyUeJViEkVLVJ
+UhJYpkMiGl0B+2x7mymUTSCd/Z5xDsuexzfU1pbcArn34Be4L40+YlHBREkw+ZgM
+rcwUF1MWUw2YIb+EAJIJ1K3KNScYWi3j+0fUZ569Gg8a2/c0YETQ0+3jItg4ADZw
+Nj9Nc0TxEtKByl9Mpvz65CqM75zDkZzxS4DSOPT8v3j8QRz90A+U9J4K+xpox1Xg
+cLMvGmxHsBXktJ4ULKXS31oyAZQ4xZGj1J5YnvyNLk0ExHFpZLlxzrqpd2QBv6xX
+3UDm/8ymLyqZzD92CxVAEGOc3fc=
+-----END CERTIFICATE-----
</ins></span></pre></div>
<a id="PySecureTransporttrunkOpenSSLtesttest_cryptopy"></a>
<div class="addfile"><h4>Added: PySecureTransport/trunk/OpenSSL/test/test_crypto.py (0 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/OpenSSL/test/test_crypto.py (rev 0)
+++ PySecureTransport/trunk/OpenSSL/test/test_crypto.py 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -0,0 +1,57 @@
</span><ins>+##
+# Copyright (c) 2010-2015 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from OpenSSL import crypto
+import os
+import unittest
+
+
+"""
+crypto tests.
+"""
+
+class CryptoTestCase(unittest.TestCase):
+ """
+ Tests for L{crypto} module.
+ """
+
+ dataDir = os.path.join(os.path.dirname(__file__), "data")
+
+ def test_load_certificate_pem(self):
+ """
+ Make sure L{crypto.load_certificate} can load a PEM file.
+ """
+
+ with open(os.path.join(self.dataDir, "server.pem")) as f:
+ data = f.read()
+
+ cert = crypto.load_certificate(crypto.FILETYPE_PEM, data)
+ self.assertTrue(isinstance(cert, crypto.X509))
+ for item in cert.get_subject().get_components():
+ if item[0] == "CN":
+ self.assertEqual(item[1], "localhost")
+
+
+ def test_load_privatekey_pem(self):
+ """
+ Make sure L{crypto.load_privatekey} can load a PEM file.
+ """
+
+ with open(os.path.join(self.dataDir, "server.pem")) as f:
+ data = f.read()
+
+ pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, data)
+ self.assertTrue(isinstance(pkey, crypto.PKey))
</ins></span></pre></div>
<a id="PySecureTransporttrunkREADME"></a>
<div class="modfile"><h4>Modified: PySecureTransport/trunk/README (15212 => 15213)</h4>
<pre class="diff"><span>
<span class="info">--- PySecureTransport/trunk/README 2015-10-22 21:49:54 UTC (rev 15212)
+++ PySecureTransport/trunk/README 2015-10-22 21:58:28 UTC (rev 15213)
</span><span class="lines">@@ -3,7 +3,11 @@
</span><span class="cx">
</span><span class="cx"> OS X SecureTransport cffi based API that looks like pyOpenSSL.
</span><span class="cx">
</span><ins>+The goal here is to provide the minimum API needed to support
+TLS in Twisted. All certificate handling and verification is
+managed via OS X (via the Keychain and its trust related settings).
</ins><span class="cx">
</span><ins>+
</ins><span class="cx"> Copyright and License
</span><span class="cx"> =====================
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>