Metadata-Version: 1.0
Name: arcs.gsi
Version: 1.2dev-20091120
Summary: Library to assist GSI authentication and certificate handling in python.
Home-page: http://code.arcs.org.au/gitorious/arcs-gsi/arcs-gsi
Author: Russell Sim
Author-email: russell.sim@arcs.org.au
License: GPL
Download-URL: http://code.arcs.org.au/pypi/simple/arcs.gsi/
Description: .. contents::
        
        Introduction
        ============
        
        This library provides some utility classes and functions for deailing with X509 certificates. Most of the tasks performed by these classes are trivial but they require use of the M2Crypto classes which can be a pain. The problem isn't that the M2Crypto classes are complex, it just that when doing GSI tasks i find myself repeating work in different projects.
        
        >>> import arcs.gsi.certificate
        >>> r = arcs.gsi.certificate.CertificateRequest()
        >>> r.set_dn("DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim")
        >>> r.sign()
        >>> print r.get_cert_req().as_text()
        Certificate Request:
        Data:
        Version: 0 (0x0)
        Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim
        Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (2048 bit)
        Modulus (2048 bit):
        ...
        Exponent: 65537 (0x10001)
        Attributes:
        a0:00
        Signature Algorithm: sha1WithRSAEncryption
        ...
        <BLANKLINE>
        
        Generating a request with a 1024 bit key for compatablity with older applications.
        
        >>> r = arcs.gsi.certificate.CertificateRequest(dn="DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim", keySize=1024)
        >>> r.sign()
        >>> print r
        Certificate Request:
        Data:
        Version: 0 (0x0)
        Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim
        Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (1024 bit)
        Modulus (1024 bit):
        ...
        Exponent: 65537 (0x10001)
        Attributes:
        a0:00
        Signature Algorithm: sha1WithRSAEncryption
        ...
        <BLANKLINE>
        
        It's easier to access a certificate without needing to introspect M2Crypto to figure out the calls.
        
        >>> r
        -----BEGIN CERTIFICATE REQUEST-----
        ...
        -----END CERTIFICATE REQUEST-----
        <BLANKLINE>
        
        >>> r = arcs.gsi.certificate.CertificateRequest(dn="DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim", keySize=1024)
        
        Extensions are passed in as a list of dictionarys.
        
        >>> r.add_extensions([{'critical': False, 'name': 'ExtendedKeyUsage', 'value': 'clientAuth'}, {'critical': True, 'name': 'KeyUsage', 'value': 'Digital Signature, Key Encipherment'}, {'critical': False, 'name': 'CertificatePolicies', 'value': '1.3.6.1.4.1.31863.1.0.1'}, {'critical': False, 'name': 'SubjectAltName', 'value': 'email:russell@vpac.org'}])
        >>> r.sign()
        >>> print r
        Certificate Request:
        Data:
        Version: 0 (0x0)
        Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim
        Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (1024 bit)
        Modulus (1024 bit):
        ...
        Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
        X509v3 Extended Key Usage:
        TLS Web Client Authentication
        X509v3 Key Usage: critical
        Digital Signature, Key Encipherment
        X509v3 Certificate Policies:
        Policy: 1.3.6.1.4.1.31863.1.0.1
        <BLANKLINE>
        X509v3 Subject Alternative Name:
        email:russell@vpac.org
        Signature Algorithm: sha1WithRSAEncryption
        ...
        <BLANKLINE>
        
        Creating certificates
        ---------------------
        
        Creating a certificate, currently this can't be done from a request because there are no methods to extract the extensions from a request.
        
        >>> c = arcs.gsi.certificate.Certificate()
        >>> c.set_dn("DC=au,DC=org,DC=arcs,DC=test,O=VPAC,CN=Russell Sim")
        >>> c.add_extensions([{'critical': False, 'name': 'ExtendedKeyUsage', 'value': 'clientAuth'}, {'critical': True, 'name': 'KeyUsage', 'value': 'Digital Signature, Key Encipherment'}, {'critical': False, 'name': 'CertificatePolicies', 'value': '1.3.6.1.4.1.31863.1.0.1'}, {'critical': False, 'name': 'SubjectAltName', 'value': 'email:russell@vpac.org'}])
        >>> c.set_version(2)
        >>> c.set_serial_number()
        >>> c.set_times()
        >>> c.set_issuer_name(c.get_subject())
        >>> k = arcs.gsi.key.Key()
        >>> c.sign(k)
        
        Creating a proxy certificate
        ----------------------------
        
        >>> p = arcs.gsi.proxy.ProxyCertificate(c)
        >>> p.sign()
        >>> print p
        Certificate:
        Data:
        Version: 3 (0x2)
        Serial Number: ... (0x...)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim
        Validity
        Not Before: ...
        Not After : ...
        Subject: DC=au, DC=org, DC=arcs, DC=test, O=VPAC, CN=Russell Sim, CN=...
        Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (2048 bit)
        Modulus (2048 bit):
        ...
        Exponent: 65537 (0x10001)
        X509v3 extensions:
        X509v3 Key Usage: critical
        Digital Signature, Key Encipherment, Data Encipherment
        Proxy Certificate Information: critical
        Path Length Constraint: infinite
        Policy Language: Inherit all
        <BLANKLINE>
        Signature Algorithm: sha1WithRSAEncryption
        ...
        <BLANKLINE>
        
        
        
        
        
        Changelog
        =========
        
        1.2 - Unreleased
        ----------------
        * Key class now accepts PEM formated keys [Russell]
        * Python 2.6 compatability, removed dependency on xpath [Russell]
        * Now using nose testing [Russell]
        
        
        1.1 - (2009-10-29)
        ------------------
        * updated documentation, including addition of sphinx [Russell]
        * Jython hack added to support webstart [Markus]
        * Jython example code added [Markus]
        * added slcs support functions [Russell]
        * Centos ignores M2Crypto requirement [Russell]
        * New certificates now have a start time of -5min [Sam]
        * Updated proxy name generation to avoid encoding errors [Russell]
        
        
        1.0 (2009-07-08)
        ----------------
        
        * Initial release
        * Certificate Classes added
        * Proxy Classes added
        * Key Classes added
        
        
Platform: UNKNOWN
Classifier: Programming Language :: Python
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: License :: OSI Approved :: GNU General Public License (GPL)
Classifier: Topic :: Security :: Cryptography
Classifier: Intended Audience :: Developers
Classifier: Topic :: System :: Distributed Computing
