Example #1
0
def get_DSA_pub_key_material(subjectPublicKeyAsn1, parametersAsn1):
    '''
    Extracts DSA parameters p, q, g from
    ASN1 bitstring component subjectPublicKey and parametersAsn1 from
    'parameters' field of AlgorithmIdentifier.
    '''
    pubkey = subjectPublicKeyAsn1.toOctets()

    key = decode(pubkey, asn1Spec=DsaPubKey())[0]
    parameters = decode(parametersAsn1, asn1Spec=DssParams())[0]
    paramDict = {"pub": int(key)}

    for param in ['p', 'q', 'g']:
        paramDict[param] = parameters.getComponentByName(param)._value

    return paramDict
Example #2
0
def x509_parse(derData):
	"""Decodes certificate.
	@param derData: DER-encoded certificate string
	@returns: pkcs7_models.X509Certificate
	"""
	cert = decode(derData, asn1Spec=Certificate())[0]
	x509cert = X509Certificate(cert)
	return x509cert
Example #3
0
def x509_parse(derData):
    """Decodes certificate.
	@param derData: DER-encoded certificate string
	@returns: pkcs7_models.X509Certificate
	"""
    cert = decode(derData, asn1Spec=Certificate())[0]
    x509cert = X509Certificate(cert)
    return x509cert
Example #4
0
def parse_certificate(derData):
    cert = decode(derData, asn1Spec=Certificate())[0]
    x509cert = X509Certificate(cert)
    tbs = x509cert.tbsCertificate

    algType = tbs.pub_key_info.algType
    algParams = tbs.pub_key_info.key

    if (algType != PublicKeyInfo.RSA):
        print 'Certificate algType is not RSA'
        raise Exception()

    return RSA.construct((long(hexlify(algParams["mod"]), 16), long(algParams["exp"])))
Example #5
0
def parse_certificate(derData):
    cert = decode(derData, asn1Spec=Certificate())[0]
    x509cert = X509Certificate(cert)
    tbs = x509cert.tbsCertificate

    algType = tbs.pub_key_info.algType
    algParams = tbs.pub_key_info.key

    if (algType != PublicKeyInfo.RSA):
        print 'Certificate algType is not RSA'
        raise Exception()

    return RSA.construct((long(hexlify(algParams["mod"]), 16), long(algParams["exp"])))
Example #6
0
    def on_certificate(self, cert):
        cert, _ = decode(cert.der_data(), Certificate())
        #        tbs = cert.getComponentByName('tbsCertificate')
        #extensions = tbs.getComponentByName('extensions')

        #for ext in extensions:
        #if ext.getComponentByPosition(0) == univ.ObjectIdentifier((2,5,29,17)):
        #aux = decoder.decode(ext.getComponentByPosition(2),asn1Spec=rfc2459.GeneralNames())
        certi = X509Certificate(cert)
        tbs = certi.tbsCertificate

        if tbs.subjAltNameExt:
            san = tbs.subjAltNameExt.value
            print "\n".join(san.names)
Example #7
0
    def on_certificate(self, cert):
        cert, _ = decode(cert.der_data(), Certificate())
        #        tbs = cert.getComponentByName('tbsCertificate')
        # extensions = tbs.getComponentByName('extensions')

        # for ext in extensions:
        # if ext.getComponentByPosition(0) == univ.ObjectIdentifier((2,5,29,17)):
        # aux = decoder.decode(ext.getComponentByPosition(2),asn1Spec=rfc2459.GeneralNames())
        certi = X509Certificate(cert)
        tbs = certi.tbsCertificate

        if tbs.subjAltNameExt:
            san = tbs.subjAltNameExt.value
            print "\n".join(san.names)
Example #8
0
def get_RSA_pub_key_material(subjectPublicKeyAsn1):
    '''
    Extracts modulus and public exponent from 
    ASN1 bitstring component subjectPublicKey
    '''
    # create template for decoder
    rsa_key = RsaPubKey()
    # convert ASN1 subjectPublicKey component from BITSTRING to octets
    pubkey = subjectPublicKeyAsn1.toOctets()

    key = decode(pubkey, asn1Spec=rsa_key)[0]

    mod = key.getComponentByName("modulus")._value
    exp = key.getComponentByName("exp")._value

    return {'mod': mod, 'exp': exp}
Example #9
0
def process_zipfile(ziptuple):
    global args
    global processLeaf, processIntermediates, processRoot

    zipindx, zipfilename = ziptuple
    if isinstance(zipfilename, file):
        zipfilename = zipfilename.name
    if zipindx >= 0:
        findcerts_extra.zipfilestate[zipindx] = Status.Processing

    z = zipfile.ZipFile(zipfilename, "r")
    findx = 1
    hasError = False
    numcerts = len(z.namelist())
    numMatchingCerts = 0
    for filename in z.namelist():
        lines = z.open(filename, "r").readlines()

        certs = []
        thiscert = ""
        currentstate = State.LookForCert
        for l in lines:
            if currentstate == State.LookForCert and \
               ("-----BEGIN CERTIFICATE-----" in l or "-----BEGIN PRECERTIFICATE-----" in l):
                thiscert = ""
                currentstate = State.AppendCert
            elif currentstate == State.LookForCert and "-----BEGIN" in l:
                print "[?] Got an unexpected begin line:", l
            elif currentstate == State.AppendCert and "-----END" in l:
                certs.append(base64.b64decode(thiscert))
                currentstate = State.LookForCert
            elif currentstate == State.AppendCert:
                thiscert += l
            elif currentstate == State.LookForCert and "Timestamp:" in l:
                pass
            elif currentstate == State.LookForCert and "Leafhash:" in l:
                pass
            elif currentstate == State.LookForCert and not l.strip():
                pass
            else:
                print "[!] What the heck? State machine error."

        cindx = 1
        for c in certs:
            if cindx == len(certs) and not processRoot:
                continue
            elif cindx == 1 and not processLeaf:
                continue
            elif cindx not in [1, len(certs)] and not processIntermediates:
                continue

            fingerprint = hashlib.sha1(c).hexdigest()
            try:
                cert = decode(c, asn1Spec=Certificate())[0]
                cert = X509Certificate(cert)
            
                certMatchType = certificate_interesting(cert)
            
                if certMatchType:
                    numMatchingCerts += 1
                    outputname = fingerprint + "_" + str(cindx) + "_" + str(random.random())[2:]
                    outputpath = os.path.join(args.out, certMatchType, fingerprint[0:2], fingerprint[2])
                    if not os.path.exists(outputpath):
                        try:
                            os.makedirs(outputpath)
                        except:
                            pass
                    outputfile = open(os.path.join(outputpath,  outputname), 'w')
                    outputfile.write("-----BEGIN CERTIFICATE-----\n")
                    outputfile.write(base64.b64encode(c) + "\n")
                    outputfile.write("-----END CERTIFICATE-----\n")
                    outputfile.write(zipfilename + " " + filename)
                    outputfile.close()
            except Exception, e:
                exc_info = sys.exc_info()
                try:
                    outputname = fingerprint + "_" + str(cindx) + "_" + str(random.random())[2:]
                    outputpath = os.path.join(args.err, fingerprint[0:2], fingerprint[2])
                    if not os.path.exists(outputpath):
                        try:
                            os.makedirs(outputpath)
                        except:
                            pass
                    outputfile = open(os.path.join(outputpath,  outputname), 'w')
                    outputfile.write("-----BEGIN CERTIFICATE-----\n")
                    outputfile.write(base64.b64encode(c) + "\n")
                    outputfile.write("-----END CERTIFICATE-----\n")
                    outputfile.write(zipfilename + " " + filename + "\n")
                    outputfile.write(str(exc_info) + "\n")
                    outputfile.write(str(e) + "\n")
                    outputfile.close()
                except:
                    hasError = True
            cindx += 1
        findx += 1
Example #10
0
def process_zipfile(ziptuple):
    global args
    global processLeaf, processIntermediates, processRoot

    zipindx, zipfilename = ziptuple
    if isinstance(zipfilename, file):
        zipfilename = zipfilename.name
    if zipindx >= 0:
        findcerts_extra.zipfilestate[zipindx] = Status.Processing

    z = zipfile.ZipFile(zipfilename, "r")
    findx = 1
    hasError = False
    numcerts = len(z.namelist())
    numMatchingCerts = 0
    for filename in z.namelist():
        lines = z.open(filename, "r").readlines()

        certs = []
        thiscert = ""
        currentstate = State.LookForCert
        for l in lines:
            if currentstate == State.LookForCert and \
               ("-----BEGIN CERTIFICATE-----" in l or "-----BEGIN PRECERTIFICATE-----" in l):
                thiscert = ""
                currentstate = State.AppendCert
            elif currentstate == State.LookForCert and "-----BEGIN" in l:
                print "[?] Got an unexpected begin line:", l
            elif currentstate == State.AppendCert and "-----END" in l:
                certs.append(base64.b64decode(thiscert))
                currentstate = State.LookForCert
            elif currentstate == State.AppendCert:
                thiscert += l
            elif currentstate == State.LookForCert and "Timestamp:" in l:
                pass
            elif currentstate == State.LookForCert and "Leafhash:" in l:
                pass
            elif currentstate == State.LookForCert and not l.strip():
                pass
            else:
                print "[!] What the heck? State machine error."

        cindx = 1
        for c in certs:
            if cindx == len(certs) and not processRoot:
                continue
            elif cindx == 1 and not processLeaf:
                continue
            elif cindx not in [1, len(certs)] and not processIntermediates:
                continue

            fingerprint = hashlib.sha1(c).hexdigest()
            try:
                cert = decode(c, asn1Spec=Certificate())[0]
                cert = X509Certificate(cert)

                certMatchType = certificate_interesting(cert)

                if certMatchType:
                    numMatchingCerts += 1
                    outputname = fingerprint + "_" + str(cindx) + "_" + str(
                        random.random())[2:]
                    outputpath = os.path.join(args.out, certMatchType,
                                              fingerprint[0:2], fingerprint[2])
                    if not os.path.exists(outputpath):
                        try:
                            os.makedirs(outputpath)
                        except:
                            pass
                    outputfile = open(os.path.join(outputpath, outputname),
                                      'w')
                    outputfile.write("-----BEGIN CERTIFICATE-----\n")
                    outputfile.write(base64.b64encode(c) + "\n")
                    outputfile.write("-----END CERTIFICATE-----\n")
                    outputfile.write(zipfilename + " " + filename)
                    outputfile.close()
            except Exception, e:
                exc_info = sys.exc_info()
                try:
                    outputname = fingerprint + "_" + str(cindx) + "_" + str(
                        random.random())[2:]
                    outputpath = os.path.join(args.err, fingerprint[0:2],
                                              fingerprint[2])
                    if not os.path.exists(outputpath):
                        try:
                            os.makedirs(outputpath)
                        except:
                            pass
                    outputfile = open(os.path.join(outputpath, outputname),
                                      'w')
                    outputfile.write("-----BEGIN CERTIFICATE-----\n")
                    outputfile.write(base64.b64encode(c) + "\n")
                    outputfile.write("-----END CERTIFICATE-----\n")
                    outputfile.write(zipfilename + " " + filename + "\n")
                    outputfile.write(str(exc_info) + "\n")
                    outputfile.write(str(e) + "\n")
                    outputfile.close()
                except:
                    hasError = True
            cindx += 1
        findx += 1