def search_certificate( crl_der: bytes, serial: int, dictionary: Tuple[datetime, datetime, bytes, Tuple[int, int, int], Dict[int, Tuple[int, int, int]]], ) -> None: """Print the header fields and the dictionary""" a, b, c, d, serials_idx = dictionary print("*** Some information about the CRL") print("crl_not_valid_before: ", a) print("crl_not_valid_after: ", b) print("crl_signature: ", c.hex()[:30], "... ", len(c), " Bytes") ixs, ixf, ixl = d print("crl_signed_content: ", d, ixl + 1 - ixs, "Bytes") # print(dump_asn1(asn1_get_all(crl_der, d))) print() print("*** The CRL lists", len(serials_idx), "certificates.") if len(serials_idx) <= 10: for s, p in serials_idx.items(): print("serial: ", s, " position:", p) print() print("*** Search in CRL for serial no:", serial) print() if serial in serials_idx: print("*** SERIAL FOUND IN LIST!:") print("** Revoked certificate data") print("- Certificate serial no: ", serial) # Now use the pointers to print the certificate entries. print("- Decoded ASN1 data:") p = serials_idx[serial] print(dump_asn1(asn1_get_all(crl_der, p))) print()
if len(serials_idx) <= 10 : for c,p in serials_idx.items() : print 'serial: ',c,' position:',p print print '*** Search in CRL for serial no:', serial print if serial in serials_idx: print '*** SERIAL FOUND IN LIST!:' print '** Revoked certificat data' print '- Certificat serial no: ', serial # Now use the pointers to print the certificate entries. print '- Decoded ASN1 data:' p = serials_idx[serial] print dump_asn1(asn1_get_all(crl_der,p)) print ### Main program crl_filename = 'www.sk.ee-crl.crl' search_serial = 1018438612 print "****** INDEXING CRL:", crl_filename print crl_der = open(crl_filename).read() dictionary = extract_crl_info(crl_der) search_certificate(crl_der,search_serial,dictionary) #print crl_der.encode("hex")
def parseBinary(self, b): # call tlslite method first tlslite.X509.parseBinary(self, b) der = str(b) root = asn1_node_root(der) cert = asn1_node_first_child(der, root) # data for signature self.data = asn1_get_all(der, cert) # optional version field if asn1_get_value(der, cert)[0] == chr(0xa0): version = asn1_node_first_child(der, cert) serial_number = asn1_node_next(der, version) else: serial_number = asn1_node_first_child(der, cert) self.serial_number = bytestr_to_int( asn1_get_value_of_type(der, serial_number, 'INTEGER')) # signature algorithm sig_algo = asn1_node_next(der, serial_number) ii = asn1_node_first_child(der, sig_algo) self.sig_algo = decode_OID( asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) # issuer issuer = asn1_node_next(der, sig_algo) self.issuer = asn1_get_dict(der, issuer) # validity validity = asn1_node_next(der, issuer) ii = asn1_node_first_child(der, validity) self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime') ii = asn1_node_next(der, ii) self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime') # subject subject = asn1_node_next(der, validity) self.subject = asn1_get_dict(der, subject) subject_pki = asn1_node_next(der, subject) # extensions self.CA = False self.AKI = None self.SKI = None i = subject_pki while i[2] < cert[2]: i = asn1_node_next(der, i) d = asn1_get_dict(der, i) for oid, value in d.items(): if oid == '2.5.29.19': # Basic Constraints self.CA = bool(value) elif oid == '2.5.29.14': # Subject Key Identifier r = asn1_node_root(value) value = asn1_get_value_of_type(value, r, 'OCTET STRING') self.SKI = value.encode('hex') elif oid == '2.5.29.35': # Authority Key Identifier self.AKI = asn1_get_sequence(value)[0].encode('hex') else: pass # cert signature cert_sig_algo = asn1_node_next(der, cert) ii = asn1_node_first_child(der, cert_sig_algo) self.cert_sig_algo = decode_OID( asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) cert_sig = asn1_node_next(der, cert_sig_algo) self.signature = asn1_get_value(der, cert_sig)[1:]
def parseBinary(self, b): # call tlslite method first tlslite.X509.parseBinary(self, b) der = str(b) root = asn1_node_root(der) cert = asn1_node_first_child(der, root) # data for signature self.data = asn1_get_all(der, cert) # optional version field if asn1_get_value(der, cert)[0] == chr(0xa0): version = asn1_node_first_child(der, cert) serial_number = asn1_node_next(der, version) else: serial_number = asn1_node_first_child(der, cert) self.serial_number = bytestr_to_int(asn1_get_value_of_type(der, serial_number, 'INTEGER')) # signature algorithm sig_algo = asn1_node_next(der, serial_number) ii = asn1_node_first_child(der, sig_algo) self.sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) # issuer issuer = asn1_node_next(der, sig_algo) self.issuer = asn1_get_dict(der, issuer) # validity validity = asn1_node_next(der, issuer) ii = asn1_node_first_child(der, validity) self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime') ii = asn1_node_next(der,ii) self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime') # subject subject = asn1_node_next(der, validity) self.subject = asn1_get_dict(der, subject) subject_pki = asn1_node_next(der, subject) # extensions self.CA = False self.AKI = None self.SKI = None i = subject_pki while i[2] < cert[2]: i = asn1_node_next(der, i) d = asn1_get_dict(der, i) for oid, value in d.items(): if oid == '2.5.29.19': # Basic Constraints self.CA = bool(value) elif oid == '2.5.29.14': # Subject Key Identifier r = asn1_node_root(value) value = asn1_get_value_of_type(value, r, 'OCTET STRING') self.SKI = value.encode('hex') elif oid == '2.5.29.35': # Authority Key Identifier self.AKI = asn1_get_sequence(value)[0].encode('hex') else: pass # cert signature cert_sig_algo = asn1_node_next(der, cert) ii = asn1_node_first_child(der, cert_sig_algo) self.cert_sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) cert_sig = asn1_node_next(der, cert_sig_algo) self.signature = asn1_get_value(der, cert_sig)[1:]
if len(serials_idx) <= 10 : for c,p in serials_idx.items() : print 'serial: ',c,' position:',p print print '*** Search in CRL for serial no:', serial print if serial in serials_idx: print '*** SERIAL FOUND IN LIST!:' print '** Revoked certificat data' print '- Certificat serial no: ', serial # Now use the pointers to print the certificate entries. print '- Decoded ASN1 data:' p = serials_idx[serial] print dump_asn1(asn1_get_all(crl_der,p)) print ### Main program crl_filename = 'www.sk.ee-crl.crl' search_serial = 1018438612 print "****** INDEXING CRL:", crl_filename print crl_der = open(crl_filename).read() dictionary = extract_crl_info(crl_der) search_certificate(crl_der,search_serial,dictionary) #print crl_der.encode("hex")