def _extract_extensions(self, cert):
extensions = cert.getComponentByName(
'tbsCertificate').getComponentByName('extensions')
is_ca = False
ocsp_urls = []
nocheck = False
for e in extensions:
oid = e.getComponentByName('extnID')
if oid == rfc2459.id_ce_basicConstraints:
constraints = der_decoder.decode(
e.getComponentByName('extnValue'),
asn1Spec=rfc2459.BasicConstraints())[0]
is_ca = constraints.getComponentByPosition(0)
elif oid == rfc2459.id_pe_authorityInfoAccess:
auth_info = der_decoder.decode(
e.getComponentByName('extnValue'),
asn1Spec=rfc2459.AuthorityInfoAccessSyntax())[0]
for a in auth_info:
if a.getComponentByName('accessMethod') == \
rfc2560.id_pkix_ocsp:
url = nat_encoder(
a.getComponentByName(
'accessLocation').getComponentByName(
'uniformResourceIdentifier'))
ocsp_urls.append(url)
elif oid == rfc2560.id_pkix_ocsp_nocheck:
nocheck = True
return nocheck, is_ca, ocsp_urls
def get_san_from_cert(CERT_FILE):
cert = _load_certificate(CERT_FILE)
e = cert.get_extension(2)
for i in range(cert.get_extension_count()):
logging.debug(cert.get_extension(i).get_short_name())
if cert.get_extension(i).get_short_name().decode() == "subjectAltName":
e = cert.get_extension(i)
break
raw_alt_names = e.get_data()
decoded_alt_names, _ = asn1_decoder(raw_alt_names,
asn1Spec=SubjectAltName())
py_alt_names = nat_encoder(decoded_alt_names)
logging.debug(py_alt_names)
ip_sub_alt_name = []
dns_sub_alt_name = []
for element in py_alt_names:
if element.keys() == OrderedDict([('iPAddress', '_')]).keys():
ip_sub_alt_name.append(
str(ipaddress.IPv4Address(element['iPAddress'])))
elif element.keys() == OrderedDict([('dNSName', '_')]).keys():
dns_sub_alt_name.append(element['dNSName'].decode("utf-8"))
else:
logging.error("Bad AltName Key")
logging.debug(ip_sub_alt_name)
logging.debug(dns_sub_alt_name)
san = {"dns": dns_sub_alt_name, "ip": ip_sub_alt_name}
logging.debug(san)
return san
def extract_certificate_chain(self, connection):
"""
Gets certificate chain and extract the key info from OpenSSL connection
"""
cert_map = OrderedDict()
logger.debug("# of certificates: %s",
len(connection.get_peer_cert_chain()))
for cert_openssl in connection.get_peer_cert_chain():
cert_der = dump_certificate(FILETYPE_ASN1, cert_openssl)
cert = der_decoder.decode(cert_der,
asn1Spec=rfc2459.Certificate())[0]
subject_sha256 = self._get_subject_hash(cert)
logger.debug(u'subject: %s, issuer: %s',
nat_encoder(self._get_subject(cert)),
nat_encoder(self._get_issuer(cert)))
cert_map[subject_sha256] = cert
return self.create_pair_issuer_subject(cert_map)
def subject_name(self, cert):
return nat_encoder(self._get_subject(cert))