[pypy-commit] pypy py3.5: Implement ssl.enum_crls() for win32

arigo pypy.commits at gmail.com
Mon Apr 23 12:15:24 EDT 2018 

Author: Armin Rigo <arigo at tunes.org>
Branch: py3.5
Changeset: r94429:2a637a86bcba
Date: 2018-04-23 18:02 +0200
http://bitbucket.org/pypy/pypy/changeset/2a637a86bcba/

Log:	Implement ssl.enum_crls() for win32

diff --git a/lib_pypy/_cffi_ssl/_cffi_src/openssl/pypy_win32_extra.py b/lib_pypy/_cffi_ssl/_cffi_src/openssl/pypy_win32_extra.py
--- a/lib_pypy/_cffi_ssl/_cffi_src/openssl/pypy_win32_extra.py
+++ b/lib_pypy/_cffi_ssl/_cffi_src/openssl/pypy_win32_extra.py
@@ -12,12 +12,21 @@
 TYPES = """
 typedef ... *HCERTSTORE;
 typedef ... *HCRYPTPROV_LEGACY;
+
 typedef struct {
     DWORD      dwCertEncodingType;
     BYTE       *pbCertEncoded;
     DWORD      cbCertEncoded;
     ...;
 } CERT_CONTEXT, *PCCERT_CONTEXT;
+
+typedef struct {
+    DWORD      dwCertEncodingType;
+    BYTE       *pbCrlEncoded;
+    DWORD      cbCrlEncoded;
+    ...;
+} CRL_CONTEXT, *PCCRL_CONTEXT;
+
 typedef struct {
     DWORD cUsageIdentifier;
     LPSTR *rgpszUsageIdentifier;
@@ -40,6 +49,9 @@
 BOOL WINAPI CertFreeCertificateContext(
          PCCERT_CONTEXT pCertContext
 );
+BOOL WINAPI CertFreeCRLContext(
+         PCCRL_CONTEXT pCrlContext
+);
 BOOL WINAPI CertCloseStore(
          HCERTSTORE hCertStore,
          DWORD      dwFlags
@@ -50,6 +62,10 @@
          PCERT_ENHKEY_USAGE pUsage,
          DWORD              *pcbUsage
 );
+PCCRL_CONTEXT WINAPI CertEnumCRLsInStore(
+         HCERTSTORE    hCertStore,
+         PCCRL_CONTEXT pPrevCrlContext
+);
 """
 
 MACROS = """
diff --git a/lib_pypy/_cffi_ssl/_stdssl/__init__.py b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
--- a/lib_pypy/_cffi_ssl/_stdssl/__init__.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/__init__.py
@@ -24,7 +24,7 @@
 from enum import IntEnum as _IntEnum
 
 if sys.platform == 'win32':
-    from _cffi_ssl._stdssl.win32_extra import enum_certificates
+    from _cffi_ssl._stdssl.win32_extra import enum_certificates, enum_crls
     HAVE_POLL = False
 else:
     from select import poll, POLLIN, POLLOUT
diff --git a/lib_pypy/_cffi_ssl/_stdssl/win32_extra.py b/lib_pypy/_cffi_ssl/_stdssl/win32_extra.py
--- a/lib_pypy/_cffi_ssl/_stdssl/win32_extra.py
+++ b/lib_pypy/_cffi_ssl/_stdssl/win32_extra.py
@@ -18,20 +18,55 @@
     
     result = []
     pCertCtx = ffi.NULL
-    while True:
-        pCertCtx = lib.CertEnumCertificatesInStore(hStore, pCertCtx)
-        if pCertCtx == ffi.NULL:
-            break
-        cert = ffi.buffer(pCertCtx.pbCertEncoded, pCertCtx.cbCertEncoded)[:]
-        enc = certEncodingType(pCertCtx.dwCertEncodingType)
-        keyusage = parseKeyUsage(pCertCtx, lib.CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG)
-        if keyusage is True:
-            keyusage = parseKeyUsage(pCertCtx, lib.CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG)
-        result.append((cert, enc, keyusage))
+    try:
+        while True:
+            pCertCtx = lib.CertEnumCertificatesInStore(hStore, pCertCtx)
+            if pCertCtx == ffi.NULL:
+                break
+            cert = ffi.buffer(pCertCtx.pbCertEncoded, pCertCtx.cbCertEncoded)[:]
+            enc = certEncodingType(pCertCtx.dwCertEncodingType)
+            keyusage = parseKeyUsage(pCertCtx, lib.CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG)
+            if keyusage is True:
+                keyusage = parseKeyUsage(pCertCtx, lib.CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG)
+            result.append((cert, enc, keyusage))
+    finally:
+        if pCertCtx != ffi.NULL:
+            lib.CertFreeCertificateContext(pCertCtx)
+        if not lib.CertCloseStore(hStore, 0):
+            # This error case might shadow another exception.
+            raise WindowsError(*ffi.getwinerror())
+    return result
 
-    if pCertCtx != ffi.NULL:
-        lib.CertFreeCertificateContext(pCertCtx)
-    lib.CertCloseStore(hStore, 0)
+
+def enum_crls(store_name):
+    """Retrieve CRLs from Windows' cert store.
+
+store_name may be one of 'CA', 'ROOT' or 'MY'.  The system may provide
+more cert storages, too.  The function returns a list of (bytes,
+encoding_type) tuples.  The encoding_type flag can be interpreted with
+X509_ASN_ENCODING or PKCS_7_ASN_ENCODING."""
+    hStore = lib.CertOpenStore(lib.CERT_STORE_PROV_SYSTEM_A, 0, ffi.NULL,
+                               lib.CERT_STORE_READONLY_FLAG | lib.CERT_SYSTEM_STORE_LOCAL_MACHINE,
+                               bytes(store_name, "ascii"))
+    if hStore == ffi.NULL:
+        raise WindowsError(*ffi.getwinerror())
+
+    result = []
+    pCrlCtx = ffi.NULL
+    try:
+        while True:
+            pCrlCtx = lib.CertEnumCRLsInStore(hStore, pCrlCtx)
+            if pCrlCtx == ffi.NULL:
+                break
+            crl = ffi.buffer(pCrlCtx.pbCrlEncoded, pCrlCtx.cbCrlEncoded)[:]
+            enc = certEncodingType(pCrlCtx.dwCertEncodingType)
+            result.append((crl, enc))
+    finally:
+        if pCrlCtx != ffi.NULL:
+            lib.CertFreeCRLContext(pCrlCtx)
+        if not lib.CertCloseStore(hStore, 0):
+            # This error case might shadow another exception.
+            raise WindowsError(*ffi.getwinerror())
     return result

More information about the pypy-commit mailing list