Package nss :: Module nss :: Class Certificate
[hide private]
[frames] | no frames]

Class Certificate

object --+
         |
        Certificate

Certificate(data=None)

:Parameters:
    data : SecItem or str or any buffer compatible object
        Data to initialize the certificate from, must be in DER format

An object representing a Certificate

Instance Methods [hide private]
 
__init__(data=None)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature
a new object with type S, a subtype of T

__new__(T, S, ...)
 
__repr__(x)
repr(x)
 
__str__(x)
str(x)
 
check_valid_times(...)
check_valid_times(time=now, allow_override=False) --> validity
kea_type

find_kea_type()
Returns key exchange type of the keys in an SSL server certificate.
string)

format(level=0, indent=' ')
:Parameters: level : integer Initial indentation level, all subsequent indents are relative to this starting level.
[(level, string),...]

format_lines(level=0)
:Parameters: level : integer Initial indentation level, all subsequent indents are relative to this starting level.
bool

has_signer_in_ca_names(ca_names)
:Parameters: ca_names : (SecItem, ...) Sequence of CA distinguished names.
bool

verify_hostname(hostname)
A restricted regular expression syntax is used to test if the common name specified in the subject DN of the certificate is a match, returning True if so, False otherwise.
 
verify_now(...)
verify_now(certdb, check_sig, required_usages, [user_data1, ...]) -> valid_usages

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __subclasshook__

Properties [hide private]
  der_data
raw certificate DER data as data buffer
  email_trust_str
certificate email trust flags as array of strings, or None if trust is not defined
  extensions
certificate extensions as a tuple of CertificateExtension objects
  issuer
certificate issuer as a `DN` object
  serial_number
certificate serial number
  signature_algorithm
certificate signature algorithm
  signed_data
certificate signature as SignedData object
  signing_trust_str
certificate object signing trust flags as array of strings, or None if trust is not defined
  ssl_trust_str
certificate SSL trust flags as array of strings, or None if trust is not defined
  subject
certificate subject as a `DN` object
  subject_common_name
certificate subject
  subject_public_key_info
certificate public info as SubjectPublicKeyInfo object
  valid_not_after
certificate not valid after this time (floating point value expressed as microseconds since the epoch, midnight January 1st 1970, UTC)
  valid_not_after_str
certificate not valid after this time (string value expressed, UTC)
  valid_not_before
certificate not valid before this time (floating point value expressed as microseconds since the epoch, midnight January 1st 1970 UTC)
  valid_not_before_str
certificate not valid before this time (string value expressed, UTC)
  version
certificate version

Inherited from object: __class__

Method Details [hide private]

__init__(data=None)
(Constructor)

 
x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Overrides: object.__init__

__new__(T, S, ...)

 


Returns:
a new object with type S, a subtype of T

Overrides: object.__new__

__repr__(x)
(Representation operator)

 
repr(x)

Overrides: object.__repr__

__str__(x)
(Informal representation operator)

 
str(x)

Overrides: object.__str__

check_valid_times(...)

 
check_valid_times(time=now, allow_override=False) --> validity

:Parameters:
    time : number
        an optional point in time as number of microseconds
        since the NSPR epoch, midnight (00:00:00) 1 January
        1970 UTC, either as an integer or a float. If time 
        is not specified the current time is used.
    allow_override : bool
        If True then check to see if the invalidity has
        been overridden by the user, defaults to False.

Checks whether a specified time is within a certificate's validity
period.

Returns one of:

- secCertTimeValid
- secCertTimeExpired
- secCertTimeNotValidYet

find_kea_type()

 
Returns key exchange type of the keys in an SSL server certificate.

May be one of the following:
    - ssl_kea_null
    - ssl_kea_rsa
    - ssl_kea_dh
    - ssl_kea_fortezza (deprecated)
    - ssl_kea_ecdh

Returns:
kea_type

format(level=0, indent=' ')

 
:Parameters:
    level : integer
        Initial indentation level, all subsequent indents are relative
        to this starting level.
    indent : string
        string replicated once for each indent level then prepended to output line

This is equivalent to:
nss.indented_format(cert.signed_data.format_lines())

Returns:
string)

format_lines(level=0)

 
:Parameters:
    level : integer
        Initial indentation level, all subsequent indents are relative
        to this starting level.

Formats the object into a sequence of lines with indent level
information.  The return value is a list where each list item is a 2
valued tuple pair.  The first item in the pair is an integer
representing the indentation level for that line and the second item
in the pair is the string value for the line.

The output of this function can be formatted into a single string
by calling nss.indented_format(). The reason this function returns
(level, string) pairs as opposed to an single indented string is to
support other text formatting systems with indentation controls.

Returns:
[(level, string),...]

has_signer_in_ca_names(ca_names)

 
:Parameters:
    ca_names : (SecItem, ...)
        Sequence of CA distinguished names. Each item in the sequence must
        be a SecItem object containing a distinguished name.

Returns True if any of the signers in the certificate chain for a
specified certificate are in the list of CA names, False
otherwise.

Returns:
bool

verify_hostname(hostname)

 
A restricted regular expression syntax is used to test if the common
name specified in the subject DN of the certificate is a match,
returning True if so, False otherwise.

The regular expression systax is:
    \*
        matches anything
    \?
        matches one character
    \\ (backslash)
        escapes a special character
    \$
         matches the end of the string
    [abc]
        matches one occurrence of a, b, or c. The only character
        that needs to be escaped in this is ], all others are not special.
    [a-z]
        matches any character between a and z
    [^az]
        matches any character except a or z
    \~
        followed by another shell expression removes any pattern matching
        the shell expression from the match list
    (foo|bar)
        matches either the substring foo or the substring bar.
        These can be shell expressions as well.

Returns:
bool

verify_now(...)

 
verify_now(certdb, check_sig, required_usages, [user_data1, ...]) -> valid_usages

:Parameters:
    certdb : CertDB object
        CertDB certificate database object
    check_sig : bool
        True if certificate signatures should be checked
    required_usages : integer
        A bitfield of all cert usages that are required for verification
        to succeed. If zero return all possible valid usages.
    user_dataN : object
        zero or more caller supplied parameters which will
        be passed to the password callback function

Verify a certificate by checking if it's valid and that we
trust the issuer.

Possible usage bitfield values are:
    - certificateUsageCheckAllUsages
    - certificateUsageSSLClient
    - certificateUsageSSLServer
    - certificateUsageSSLServerWithStepUp
    - certificateUsageSSLCA
    - certificateUsageEmailSigner
    - certificateUsageEmailRecipient
    - certificateUsageObjectSigner
    - certificateUsageUserCertImport
    - certificateUsageVerifyCA
    - certificateUsageProtectedObjectSigner
    - certificateUsageStatusResponder
    - certificateUsageAnyCA

Returns valid_usages, a bitfield of certificate usages.  If
required_usages is non-zero, the returned bitmap is only for those
required usages, otherwise it is for all possible usages.

Hint: You can obtain a printable representation of the usage flags
via `cert_usage_flags`.