def _decode_alt_names(self, alt_names):
"""Load SubjectAltName from a ASN.1 GeneralNames value.
:Values:
- `alt_names`: the SubjectAltNama extension value
:Types:
- `alt_name`: `GeneralNames`
"""
for alt_name in alt_names:
tname = alt_name.getName()
comp = alt_name.getComponent()
if tname == "dNSName":
key = "DNS"
value = _decode_asn1_string(comp)
elif tname == "uniformResourceIdentifier":
key = "URI"
value = _decode_asn1_string(comp)
elif tname == "otherName":
oid = comp.getComponentByName("type-id")
value = comp.getComponentByName("value")
if oid == XMPPADDR_OID:
key = "XmppAddr"
value = der_decoder.decode(value, asn1Spec=UTF8String())[0]
value = _decode_asn1_string(value)
elif oid == SRVNAME_OID:
key = "SRVName"
value = der_decoder.decode(value, asn1Spec=IA5String())[0]
value = _decode_asn1_string(value)
else:
logger.debug("Unknown other name: {0}".format(oid))
continue
else:
logger.debug("Unsupported general name: {0}".format(tname))
continue
self.alt_names[key].append(value)
def extract_names(raw_cert):
results = {
'CN': set(),
'DNS': set(),
'SRV': set(),
'URI': set(),
'XMPPAddr': set()
}
cert = decoder.decode(raw_cert, asn1Spec=Certificate())[0]
tbs = cert.getComponentByName('tbsCertificate')
subject = tbs.getComponentByName('subject')
extensions = tbs.getComponentByName('extensions') or []
# Extract the CommonName(s) from the cert.
for rdnss in subject:
for rdns in rdnss:
for name in rdns:
oid = name.getComponentByName('type')
value = name.getComponentByName('value')
if oid != COMMON_NAME:
continue
value = decoder.decode(value, asn1Spec=DirectoryString())[0]
value = decode_str(value.getComponent())
results['CN'].add(value)
# Extract the Subject Alternate Names (DNS, SRV, URI, XMPPAddr)
for extension in extensions:
oid = extension.getComponentByName('extnID')
if oid != SUBJECT_ALT_NAME:
continue
value = decoder.decode(extension.getComponentByName('extnValue'),
asn1Spec=OctetString())[0]
sa_names = decoder.decode(value, asn1Spec=SubjectAltName())[0]
for name in sa_names:
name_type = name.getName()
if name_type == 'dNSName':
results['DNS'].add(decode_str(name.getComponent()))
if name_type == 'uniformResourceIdentifier':
value = decode_str(name.getComponent())
if value.startswith('xmpp:'):
results['URI'].add(value[5:])
elif name_type == 'otherName':
name = name.getComponent()
oid = name.getComponentByName('type-id')
value = name.getComponentByName('value')
if oid == XMPP_ADDR:
value = decoder.decode(value, asn1Spec=UTF8String())[0]
results['XMPPAddr'].add(decode_str(value))
elif oid == SRV_NAME:
value = decoder.decode(value, asn1Spec=IA5String())[0]
results['SRV'].add(decode_str(value))
return results
class KeyDataSequence(PrettySequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('text', UTF8String()),
namedtype.NamedType('algo', univ.OctetString()),
namedtype.NamedType('open_key', OpenKey()),
namedtype.NamedType('cryptosystem_p', CryptosystemParams()),
namedtype.NamedType('curve_p', CurveParams()),
namedtype.NamedType('dots_p', DotsParams()),
namedtype.NamedType('q', univ.Integer()))
class FileMetaSequence(PrettySequence):
componentType = namedtype.NamedTypes(
namedtype.NamedType('filesize', univ.Integer()),
namedtype.NamedType('filename', UTF8String()))
def encode(text):
asn1 = UTF8String(text)
derdata = pyasn1.codec.der.encoder.encode(asn1)
return derdata