def parse_crls(crls: BinaryIO, store: X509Store) -> None:
"""
Parse CRLs from the ICAO PKD DSC-CRL ldif
"""
parser = LDIFRecordList(crls)
parser.parse_entry_records()
for record in parser.all_records:
if "certificateRevocationList;binary" in record[1]:
CRL = load_crl(FILETYPE_ASN1, record[1]["certificateRevocationList;binary"][0])
print(f"\t[+] Loaded CRL: {record[1]['cn'][0]}")
store.add_crl(CRL)
def parse_csca_certs(master_list: BinaryIO, store: X509Store) -> None:
"""
Parse CSCA certificates from the ICAO PKD ML ldif
"""
parser = LDIFRecordList(master_list)
parser.parse_entry_records()
unique_certs: List[X509] = []
for record in parser.all_records:
if "CscaMasterListData" not in record[1]:
continue
print(f"\t[i] Reading {record[1]['cn'][0]}")
cmd = "openssl cms -inform der -noverify -verify"
(signed_data, err) = execute(cmd, record[1]["CscaMasterListData"][0])
if err.decode("utf8").strip() != "Verification successful":
# print(f"\t[-] [{err.decode('utf8')}]")
print("\t[-] Verification of Masterlist data failed\n")
continue
print("\t[+] MasterList Verification successful")
cert_list = extract_certificates(signed_data)
print("\t[i] Removing duplicates")
unique_certs_from_ml = [x for x in cert_list if unique_hash(x)]
print(f"\t[i] Removed {len(cert_list)-len(unique_certs_from_ml)} duplicate certificates\n")
unique_certs = unique_certs + unique_certs_from_ml
print(f"\t[i] Total unique entries: {len(unique_certs)}\n")
for cert in unique_certs:
if is_self_signed(cert):
print(f"\t[+] Loaded certificate: {cert.get_subject().countryName}")
print_valid_time("\t\t", cert)
store.add_cert(cert)
