fix starting Gajim when pyasn1 is not installed. see #7066

98045727 · Yann Leboulanger · aa946717 · 98045727
Commit 98045727 authored 13 years ago by Yann Leboulanger
--- a/src/common/check_X509.py
+++ b/src/common/check_X509.py
-from pyasn1.type import univ, constraint, char, namedtype, tag
+import logging
-from pyasn1.codec.der.decoder import decode
+log = logging.getLogger('gajim.c.check_X509')
-from common.helpers import prep, InvalidFormat
+try:
-MAX = 64
+    import OpenSSL.SSL
-oid_xmppaddr = '(1, 3, 6, 1, 5, 5, 7, 8, 5)'
+    import OpenSSL.crypto
-oid_dnssrv   = '(1, 3, 6, 1, 5, 5, 7, 8, 7)'
+    from pyasn1.type import univ, constraint, char, namedtype, tag
+    from pyasn1.codec.der.decoder import decode
+    from common.helpers import prep, InvalidFormat
-class DirectoryString(univ.Choice):
+    MAX = 64
-    componentType = namedtype.NamedTypes(
+    oid_xmppaddr = '(1, 3, 6, 1, 5, 5, 7, 8, 5)'
-        namedtype.NamedType(
+    oid_dnssrv   = '(1, 3, 6, 1, 5, 5, 7, 8, 7)'
-            'teletexString', char.TeletexString().subtype(
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-        namedtype.NamedType(
-            'printableString', char.PrintableString().subtype(
+    class DirectoryString(univ.Choice):
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+        componentType = namedtype.NamedTypes(
-        namedtype.NamedType(
+            namedtype.NamedType(
-            'universalString', char.UniversalString().subtype(
+                'teletexString', char.TeletexString().subtype(
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-        namedtype.NamedType(
+            namedtype.NamedType(
-            'utf8String', char.UTF8String().subtype(
+                'printableString', char.PrintableString().subtype(
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-        namedtype.NamedType(
+            namedtype.NamedType(
-            'bmpString', char.BMPString().subtype(
+                'universalString', char.UniversalString().subtype(
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-        namedtype.NamedType(
+            namedtype.NamedType(
-            'ia5String', char.IA5String().subtype(
+                'utf8String', char.UTF8String().subtype(
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-        namedtype.NamedType(
+            namedtype.NamedType(
-            'gString', univ.OctetString().subtype(
+                'bmpString', char.BMPString().subtype(
-                subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-        )
+            namedtype.NamedType(
+                'ia5String', char.IA5String().subtype(
-class AttributeValue(DirectoryString):
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-    pass
+            namedtype.NamedType(
+                'gString', univ.OctetString().subtype(
-class AttributeType(univ.ObjectIdentifier):
+                    subtypeSpec=constraint.ValueSizeConstraint(1, MAX))),
-    pass
+            )
-class AttributeTypeAndValue(univ.Sequence):
+    class AttributeValue(DirectoryString):
-    componentType = namedtype.NamedTypes(
+        pass
-        namedtype.NamedType('type', AttributeType()),
-        namedtype.NamedType('value', AttributeValue()),
+    class AttributeType(univ.ObjectIdentifier):
-        )
+        pass
-class RelativeDistinguishedName(univ.SetOf):
+    class AttributeTypeAndValue(univ.Sequence):
-    componentType = AttributeTypeAndValue()
+        componentType = namedtype.NamedTypes(
+            namedtype.NamedType('type', AttributeType()),
-class RDNSequence(univ.SequenceOf):
+            namedtype.NamedType('value', AttributeValue()),
-    componentType = RelativeDistinguishedName()
+            )
-class Name(univ.Choice):
+    class RelativeDistinguishedName(univ.SetOf):
-    componentType = namedtype.NamedTypes(
+        componentType = AttributeTypeAndValue()
-        namedtype.NamedType('', RDNSequence()),
-        )
+    class RDNSequence(univ.SequenceOf):
+        componentType = RelativeDistinguishedName()
-class GeneralName(univ.Choice):
-    componentType = namedtype.NamedTypes(
+    class Name(univ.Choice):
-        namedtype.NamedType('otherName', univ.Sequence().subtype(
+        componentType = namedtype.NamedTypes(
-            implicitTag=tag.Tag(tag.tagClassContext,
+            namedtype.NamedType('', RDNSequence()),
-            tag.tagFormatConstructed, 0x0))),
+            )
-        namedtype.NamedType('rfc822Name', char.IA5String().subtype(
-            implicitTag=tag.Tag(tag.tagClassContext,
+    class GeneralName(univ.Choice):
-            tag.tagFormatSimple, 1))),
+        componentType = namedtype.NamedTypes(
-        namedtype.NamedType('dNSName', char.IA5String().subtype(
+            namedtype.NamedType('otherName', univ.Sequence().subtype(
-            implicitTag=tag.Tag(tag.tagClassContext,
+                implicitTag=tag.Tag(tag.tagClassContext,
-            tag.tagFormatSimple, 2))),
+                tag.tagFormatConstructed, 0x0))),
-        namedtype.NamedType('x400Address', univ.Sequence().subtype(
+            namedtype.NamedType('rfc822Name', char.IA5String().subtype(
-            implicitTag=tag.Tag(tag.tagClassContext,
+                implicitTag=tag.Tag(tag.tagClassContext,
-            tag.tagFormatConstructed, 0x3))),
+                tag.tagFormatSimple, 1))),
-        namedtype.NamedType('directoryName', Name().subtype(
+            namedtype.NamedType('dNSName', char.IA5String().subtype(
-            implicitTag=tag.Tag(tag.tagClassContext,
+                implicitTag=tag.Tag(tag.tagClassContext,
-            tag.tagFormatConstructed, 0x4))),
+                tag.tagFormatSimple, 2))),
-        namedtype.NamedType('ediPartyName', univ.Sequence().subtype(
+            namedtype.NamedType('x400Address', univ.Sequence().subtype(
-            implicitTag=tag.Tag(tag.tagClassContext,
+                implicitTag=tag.Tag(tag.tagClassContext,
-            tag.tagFormatConstructed, 0x5))),
+                tag.tagFormatConstructed, 0x3))),
-        namedtype.NamedType('uniformResourceIdentifier',
+            namedtype.NamedType('directoryName', Name().subtype(
-            char.IA5String().subtype(
+                implicitTag=tag.Tag(tag.tagClassContext,
-            implicitTag=tag.Tag(tag.tagClassContext,
+                tag.tagFormatConstructed, 0x4))),
-            tag.tagFormatSimple, 6))),
+            namedtype.NamedType('ediPartyName', univ.Sequence().subtype(
-        namedtype.NamedType('iPAddress', univ.OctetString().subtype(
+                implicitTag=tag.Tag(tag.tagClassContext,
-            implicitTag=tag.Tag(tag.tagClassContext,
+                tag.tagFormatConstructed, 0x5))),
-            tag.tagFormatSimple, 7))),
+            namedtype.NamedType('uniformResourceIdentifier',
-        namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(
+                char.IA5String().subtype(
-            implicitTag=tag.Tag(tag.tagClassContext,
+                implicitTag=tag.Tag(tag.tagClassContext,
-            tag.tagFormatSimple, 8))),
+                tag.tagFormatSimple, 6))),
-        )
+            namedtype.NamedType('iPAddress', univ.OctetString().subtype(
+                implicitTag=tag.Tag(tag.tagClassContext,
-class GeneralNames(univ.SequenceOf):
+                tag.tagFormatSimple, 7))),
-    componentType = GeneralName()
+            namedtype.NamedType('registeredID', univ.ObjectIdentifier().subtype(
-    sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
+                implicitTag=tag.Tag(tag.tagClassContext,
+                tag.tagFormatSimple, 8))),
+            )
-#s = '0\x1a\x82\rwww.gajim.org\x82\tgajim.org'
-s = '0\x81\x86\x82\x0c*.jabber.org\x82\njabber.org\xa0\x1a\x06\x08+\x06\x01\x05\x05\x07\x08\x05\xa0\x0e\x0c\x0c*.jabber.org\xa0\x1a\x06\x08+\x06\x01\x05\x05\x07\x08\x07\xa0\x0e\x16\x0c*.jabber.org\xa0\x18\x06\x08+\x06\x01\x05\x05\x07\x08\x05\xa0\x0c\x0c\njabber.org\xa0\x18\x06\x08+\x06\x01\x05\x05\x07\x08\x07\xa0\x0c\x16\njabber.org'
+    class GeneralNames(univ.SequenceOf):
+        componentType = GeneralName()
-def _parse_asn1(asn1):
+        sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX)
-    obj = decode(asn1, asn1Spec=GeneralNames())[0]
-    r = {}
+    def _parse_asn1(asn1):
-    for o in obj:
+        obj = decode(asn1, asn1Spec=GeneralNames())[0]
-        name = o.getName()
+        r = {}
-        if name == 'dNSName':
+        for o in obj:
-            if name not in r:
+            name = o.getName()
-                r[name] = []
+            if name == 'dNSName':
-            r[name].append(str(o.getComponent()))
+                if name not in r:
-        if name == 'otherName':
+                    r[name] = []
-            if name not in r:
+                r[name].append(str(o.getComponent()))
-                r[name] = {}
+            if name == 'otherName':
-            tag = str(tuple(o.getComponent())[0])
+                if name not in r:
-            val = str(tuple(o.getComponent())[1])
+                    r[name] = {}
-            if tag not in r[name]:
+                tag = str(tuple(o.getComponent())[0])
-                r[name][tag] = []
+                val = str(tuple(o.getComponent())[1])
-            r[name][tag].append(val)
+                if tag not in r[name]:
-        if name == 'uniformResourceIdentifier':
+                    r[name][tag] = []
-            r['uniformResourceIdentifier'] = True
+                r[name][tag].append(val)
-    return r
+            if name == 'uniformResourceIdentifier':
+                r['uniformResourceIdentifier'] = True
-def check_certificate(cert, domain):
+        return r
-    cnt = cert.get_extension_count()
-    if '.' in domain:
+    def check_certificate(cert, domain):
-        compared_domain = domain.split('.', 1)[1]
+        cnt = cert.get_extension_count()
-    else:
+        if '.' in domain:
-        compared_domain = ''
+            compared_domain = domain.split('.', 1)[1]
-    srv_domain = '_xmpp-client.' + domain
+        else:
-    compared_srv_domain = '_xmpp-client.' + compared_domain
+            compared_domain = ''
-    for i in range(0, cnt):
+        srv_domain = '_xmpp-client.' + domain
-        ext = cert.get_extension(i)
+        compared_srv_domain = '_xmpp-client.' + compared_domain
-        if ext.get_short_name() == 'subjectAltName':
+        for i in range(0, cnt):
-            r = _parse_asn1(ext.get_data())
+            ext = cert.get_extension(i)
-            if 'otherName' in r:
+            if ext.get_short_name() == 'subjectAltName':
-                if oid_xmppaddr in r['otherName']:
+                r = _parse_asn1(ext.get_data())
-                    for host in r['otherName'][oid_xmppaddr]:
+                if 'otherName' in r:
-                        try:
+                    if oid_xmppaddr in r['otherName']:
-                            host = prep(None, host, None)
+                        for host in r['otherName'][oid_xmppaddr]:
-                        except InvalidFormat:
+                            try:
-                            continue
+                                host = prep(None, host, None)
-                        if host == domain:
+                            except InvalidFormat:
-                            return True
+                                continue
-                if oid_dnssrv in r['otherName']:
+                            if host == domain:
-                    for host in r['otherName'][oid_dnssrv]:
+                                return True
-                        if host.startswith('_xmpp-client.*.'):
+                    if oid_dnssrv in r['otherName']:
-                            if host.replace('*.', '', 1) == compared_srv_domain:
+                        for host in r['otherName'][oid_dnssrv]:
+                            if host.startswith('_xmpp-client.*.'):
+                                if host.replace('*.', '', 1) == compared_srv_domain:
+                                    return True
+                                continue
+                            if host == srv_domain:
+                                return True
+                if 'dNSName' in r:
+                    for host in r['dNSName']:
+                        if host.startswith('*.'):
+                            if host[2:] == compared_domain:
                                return True
                            continue
-                        if host == srv_domain:
+                        if host == domain:
-                            return True
-            if 'dNSName' in r:
-                for host in r['dNSName']:
-                    if host.startswith('*.'):
-                        if host[2:] == compared_domain:
                            return True
-                        continue
+                if r:
-                    if host == domain:
+                    return False
-                        return True
+                break
-            if r:
-                return False
+        subject = cert.get_subject()
-            break
+        if subject.commonName == domain:
+            return True
-    subject = cert.get_subject()
+        return False
-    if subject.commonName == domain:
+except ImportError:
-        return True
+    log.warn('Import of PyOpenSSL or pyasn1 failed. Cannot correctly check '
-    return False
+        'SSL certificate')
+    def check_certificate(cert, domain):
+        subject = cert.get_subject()
+        if subject.commonName == domain:
+            return True
+        return False