1 files changed, 91 insertions, 0 deletions

diff --git a/chromium/third_party/tlslite/tlslite/x509certchain.py b/chromium/third_party/tlslite/tlslite/x509certchain.py
new file mode 100644
index 00000000000..2a592b6d863
--- /dev/null
+++ b/chromium/third_party/tlslite/tlslite/x509certchain.py
@@ -0,0 +1,91 @@
+# Author: Trevor Perrin
+# See the LICENSE file for legal information regarding use of this file.
+
+"""Class representing an X.509 certificate chain."""
+
+from .utils import cryptomath
+from .utils.tackwrapper import *
+from .utils.pem import *
+from .x509 import X509
+
+class X509CertChain(object):
+    """This class represents a chain of X.509 certificates.
+
+    @type x509List: list
+    @ivar x509List: A list of L{tlslite.x509.X509} instances,
+    starting with the end-entity certificate and with every
+    subsequent certificate certifying the previous.
+    """
+
+    def __init__(self, x509List=None):
+        """Create a new X509CertChain.
+
+        @type x509List: list
+        @param x509List: A list of L{tlslite.x509.X509} instances,
+        starting with the end-entity certificate and with every
+        subsequent certificate certifying the previous.
+        """
+        if x509List:
+            self.x509List = x509List
+        else:
+            self.x509List = []
+
+    def parsePemList(self, s):
+        """Parse a string containing a sequence of PEM certs.
+
+        Raise a SyntaxError if input is malformed.
+        """
+        x509List = []
+        bList = dePemList(s, "CERTIFICATE")
+        for b in bList:
+            x509 = X509()
+            x509.parseBinary(b)
+            x509List.append(x509)
+        self.x509List = x509List
+
+    def getNumCerts(self):
+        """Get the number of certificates in this chain.
+
+        @rtype: int
+        """
+        return len(self.x509List)
+
+    def getEndEntityPublicKey(self):
+        """Get the public key from the end-entity certificate.
+
+        @rtype: L{tlslite.utils.rsakey.RSAKey}
+        """
+        if self.getNumCerts() == 0:
+            raise AssertionError()
+        return self.x509List[0].publicKey
+
+    def getFingerprint(self):
+        """Get the hex-encoded fingerprint of the end-entity certificate.
+
+        @rtype: str
+        @return: A hex-encoded fingerprint.
+        """
+        if self.getNumCerts() == 0:
+            raise AssertionError()
+        return self.x509List[0].getFingerprint()
+        
+    def checkTack(self, tack):
+        if self.x509List:
+            tlsCert = TlsCertificate(self.x509List[0].bytes)
+            if tlsCert.matches(tack):
+                return True
+        return False
+        
+    def getTackExt(self):
+        """Get the TACK and/or Break Sigs from a TACK Cert in the chain."""
+        tackExt = None
+        # Search list in backwards order
+        for x509 in self.x509List[::-1]:
+            tlsCert = TlsCertificate(x509.bytes)
+            if tlsCert.tackExt:
+                if tackExt:
+                    raise SyntaxError("Multiple TACK Extensions")
+                else:
+                    tackExt = tlsCert.tackExt
+        return tackExt
+