Package nss :: Module nss :: Class SecItem
[hide private]
[frames] | no frames]

type SecItem

object --+
         |
        SecItem

SecItem(data=None, type=siBuffer, ascii=False)

A SecItem is a block of binary data. It contains the data, a count of the number of octets in the data and optionally a type describing the contents of the data. SecItem's are used throughout NSS to pass blocks of binary data back and forth. Because the binary data is often DER (Distinguished Encoding Rule) ASN.1 data the data is often referred to as 'der'.

SecItem's are often returned by NSS functions.

You can create and initialize a SecItem yourself by passing the data to the SecItem constructor. If you do initialize the data you may either pass binary data or text (when ascii == True). When you pass ascii data it will be interpreted as base64 encoded binary data. The base64 text may optionally be wrapped inside PEM delimiters, but PEM format is not required.

Instance Methods [hide private]
 
__eq__(x, y)
x==y
 
__ge__(x, y)
x>=y
 
__getitem__(x, y)
x[y]
 
__getslice__(x, i, j)
x[i:j]
 
__gt__(x, y)
x>y
 
__init__(data=None, type=siBuffer, ascii=False)
x.__init__(...) initializes x; see help(type(x)) for signature
 
__le__(x, y)
x<=y
 
__len__(x)
len(x)
 
__lt__(x, y)
x<y
 
__ne__(x, y)
x!=y
a new object with type S, a subtype of T
__new__(T, S, ...)
 
__str__(x)
str(x)
string or list of strings
der_to_hex(octets_per_line=0, separator=':')
Interpret the SecItem as containing DER encoded data consisting of a <type,length,value> triplet (e.g.
string)
format(level=0, indent=' ')
This is equivalent to: indented_format(obj.format_lines()) on an object providing a format_lines() method.
[(level, string),...]
format_lines(level=0)
Formats the object into a sequence of lines with indent level information.
int or long
get_integer()
If the SecItem contains an ASN.1 integer in DER format return a Python integer (or long)
(obj, ...)
get_oid_sequence(repr_kind=AsString)
Return a tuple of OID's according the representation kind.
string or list of strings
to_base64(chars_per_line=64, pem_type=)
Format the binary data in the SecItem as base64 string(s).
string or list of strings
to_hex(octets_per_line=0, separator=':')
Equivalent to calling data_to_hex(sec_item)
Properties [hide private]
  data
contents of SecItem buffer
  len
number of octets in SecItem buffer
  type
the SecItem type (si* constant)
Method Details [hide private]

__getslice__(x, i, j)
(Slicling operator)

 

x[i:j]

Use of negative indices is not supported.

__init__(data=None, type=siBuffer, ascii=False)
(Constructor)

 
x.__init__(...) initializes x; see help(type(x)) for signature
Parameters:
  • data (any read buffer compatible object (e.g. buffer or string)) - raw data to initialize from
  • type (int) - SECItemType constant (e.g. si*)
  • ascii (bool) - If true then data is interpretted as base64 encoded. A PEM header and footer is permissible, if present the base64 data will be found inside the PEM delimiters.
Overrides: object.__init__

__new__(T, S, ...)

 
Returns: a new object with type S, a subtype of T
Overrides: object.__new__

__str__(x)
(Informal representation operator)

 
str(x)
Overrides: object.__str__

der_to_hex(octets_per_line=0, separator=':')

 
Interpret the SecItem as containing DER encoded data consisting of a <type,length,value> triplet (e.g. TLV). This function skips the type and length components and returns the value component as a hexadecimal string or a list of hexidecimal strings with a maximum of octets_per_line in each list element. See data_to_hex() for a more detailed explanation.
Parameters:
  • octets_per_line (integer) - Number of octets formatted on one line, if 0 then return a single string instead of an array of lines
  • separator (string) - String used to seperate each octet If None it will be as if the empty string had been passed and no separator will be used.
Returns: string or list of strings

format(level=0, indent=' ')

 
This is equivalent to: indented_format(obj.format_lines()) on an object providing a format_lines() method.
Parameters:
  • level (integer) - Initial indentation level, all subsequent indents are relative to this starting level.
  • indent (string) - string replicated once for each indent level then prepended to output line
Returns: string)

format_lines(level=0)

 

Formats the object into a sequence of lines with indent level information. The return value is a list where each list item is a tuple. The first item in the tuple is an integer representing the indentation level for that line. Any remaining items in the tuple are strings to be output on that line.

The output of this function can be formatted into a single string by calling nss.nss.indented\_format(), e.g.:

print indented_format(obj.format_lines())

The reason this function returns a tuple as opposed to an single indented string is to support other text formatting systems such as GUI's with indentation controls. See nss.nss.indented\_format() for a complete explanation.

Parameters:
  • level (integer) - Initial indentation level, all subsequent indents are relative to this starting level.
Returns: [(level, string),...]

get_oid_sequence(repr_kind=AsString)

 
Return a tuple of OID's according the representation kind.
Parameters:
  • repr_kind (RepresentationKind constant) - Specifies what the contents of the returned tuple will be. May be one of:

    AsObject
    Each extended key usage will be a SecItem object embedding the OID in DER format.
    AsString
    Each extended key usage will be a descriptive string. (e.g. "TLS Web Server Authentication Certificate")
    AsDottedDecimal
    Each extended key usage will be OID rendered as a dotted decimal string. (e.g. "OID.1.3.6.1.5.5.7.3.1")
    AsEnum
    Each extended key usage will be OID tag enumeration constant (int). (e.g. nss.SEC_OID_EXT_KEY_USAGE_SERVER_AUTH)
Returns: (obj, ...)

to_base64(chars_per_line=64, pem_type=)

 

Format the binary data in the SecItem as base64 string(s). Either a list of strings is returned or a single string.

If chars_per_line is greater than zero then a list of strings will be returned where each string contains chars_per_line number of characters (except for the last string in the list which will contain the remainder of the characters). Returning a list of "lines" makes it convenient for a caller to format a block of base64 data with line wrapping. If chars_per_line is greater than zero indicating a list result is desired a list is always returned even if the number of characters would produce only a single line.

If chars_per_line is zero then a single string is returned, (no line splitting is performed).

Examples:

If data is:

c8:94:00:9f:c2:8d:a2:5a:61:92:f2:cd:39:75:73:f4

data.to_hex(0) will return the single string:

'yJQAn8KNolphkvLNOXVz9A=='

data.to_hex(5) will return a list of strings where each string has a length of 5 (except the last string which may be shorter):

[
     'yJQAn',
     '8KNol',
     'phkvL',
     'NOXVz',
     '9A=='
]

If you specify the pem_type optional parameter the return value will be a list of strings whose first and last strings will be a PEM header and footer. For example if pem_type='CERTIFICATE' then the return value will be like this:

[
    '-----BEGIN CERTIFICATE-----',
    'yJQAn8KNolphkvLNOXVz9A=='
    '-----END CERTIFICATE-----'
]

When a list of strings is returned it is easy to form a single text block using the line ending of your choice, for example:

'\n'.join(data.to_base64())

Thus a PEM block can be formed like this:

'\n'.join(data.to_base64(pem_type='CERTIFICATE'))
Parameters:
  • chars_per_line (integer) - Number of characters formatted on one line, if 0 then return a single string instead of an array of lines
  • pem_type (string) - If supplied the base64 encoded data will be wrapped with a PEM header and footer whose type is the string.
Returns: string or list of strings

to_hex(octets_per_line=0, separator=':')

 
Equivalent to calling data_to_hex(sec_item)
Parameters:
  • octets_per_line (integer) - Number of octets formatted on one line, if 0 then return a single string instead of an array of lines
  • separator (string) - String used to seperate each octet If None it will be as if the empty string had been passed and no separator will be used.
Returns: string or list of strings