def search_certificate(
crl_der: bytes,
serial: int,
dictionary: Tuple[datetime, datetime, bytes, Tuple[int, int, int],
Dict[int, Tuple[int, int, int]]],
) -> None:
"""Print the header fields and the dictionary"""
a, b, c, d, serials_idx = dictionary
print("*** Some information about the CRL")
print("crl_not_valid_before: ", a)
print("crl_not_valid_after: ", b)
print("crl_signature: ", c.hex()[:30], "... ", len(c), " Bytes")
ixs, ixf, ixl = d
print("crl_signed_content: ", d, ixl + 1 - ixs, "Bytes")
# print(dump_asn1(asn1_get_all(crl_der, d)))
print()
print("*** The CRL lists", len(serials_idx), "certificates.")
if len(serials_idx) <= 10:
for s, p in serials_idx.items():
print("serial: ", s, " position:", p)
print()
print("*** Search in CRL for serial no:", serial)
print()
if serial in serials_idx:
print("*** SERIAL FOUND IN LIST!:")
print("** Revoked certificate data")
print("- Certificate serial no: ", serial)
# Now use the pointers to print the certificate entries.
print("- Decoded ASN1 data:")
p = serials_idx[serial]
print(dump_asn1(asn1_get_all(crl_der, p)))
print()
if len(serials_idx) <= 10 :
for c,p in serials_idx.items() :
print 'serial: ',c,' position:',p
print
print '*** Search in CRL for serial no:', serial
print
if serial in serials_idx:
print '*** SERIAL FOUND IN LIST!:'
print '** Revoked certificat data'
print '- Certificat serial no: ', serial
# Now use the pointers to print the certificate entries.
print '- Decoded ASN1 data:'
p = serials_idx[serial]
print dump_asn1(asn1_get_all(crl_der,p))
print
### Main program
crl_filename = 'www.sk.ee-crl.crl'
search_serial = 1018438612
print "****** INDEXING CRL:", crl_filename
print
crl_der = open(crl_filename).read()
dictionary = extract_crl_info(crl_der)
search_certificate(crl_der,search_serial,dictionary)
#print crl_der.encode("hex")
def parseBinary(self, b):
# call tlslite method first
tlslite.X509.parseBinary(self, b)
der = str(b)
root = asn1_node_root(der)
cert = asn1_node_first_child(der, root)
# data for signature
self.data = asn1_get_all(der, cert)
# optional version field
if asn1_get_value(der, cert)[0] == chr(0xa0):
version = asn1_node_first_child(der, cert)
serial_number = asn1_node_next(der, version)
else:
serial_number = asn1_node_first_child(der, cert)
self.serial_number = bytestr_to_int(
asn1_get_value_of_type(der, serial_number, 'INTEGER'))
# signature algorithm
sig_algo = asn1_node_next(der, serial_number)
ii = asn1_node_first_child(der, sig_algo)
self.sig_algo = decode_OID(
asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))
# issuer
issuer = asn1_node_next(der, sig_algo)
self.issuer = asn1_get_dict(der, issuer)
# validity
validity = asn1_node_next(der, issuer)
ii = asn1_node_first_child(der, validity)
self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime')
ii = asn1_node_next(der, ii)
self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime')
# subject
subject = asn1_node_next(der, validity)
self.subject = asn1_get_dict(der, subject)
subject_pki = asn1_node_next(der, subject)
# extensions
self.CA = False
self.AKI = None
self.SKI = None
i = subject_pki
while i[2] < cert[2]:
i = asn1_node_next(der, i)
d = asn1_get_dict(der, i)
for oid, value in d.items():
if oid == '2.5.29.19':
# Basic Constraints
self.CA = bool(value)
elif oid == '2.5.29.14':
# Subject Key Identifier
r = asn1_node_root(value)
value = asn1_get_value_of_type(value, r, 'OCTET STRING')
self.SKI = value.encode('hex')
elif oid == '2.5.29.35':
# Authority Key Identifier
self.AKI = asn1_get_sequence(value)[0].encode('hex')
else:
pass
# cert signature
cert_sig_algo = asn1_node_next(der, cert)
ii = asn1_node_first_child(der, cert_sig_algo)
self.cert_sig_algo = decode_OID(
asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))
cert_sig = asn1_node_next(der, cert_sig_algo)
self.signature = asn1_get_value(der, cert_sig)[1:]
def parseBinary(self, b):
# call tlslite method first
tlslite.X509.parseBinary(self, b)
der = str(b)
root = asn1_node_root(der)
cert = asn1_node_first_child(der, root)
# data for signature
self.data = asn1_get_all(der, cert)
# optional version field
if asn1_get_value(der, cert)[0] == chr(0xa0):
version = asn1_node_first_child(der, cert)
serial_number = asn1_node_next(der, version)
else:
serial_number = asn1_node_first_child(der, cert)
self.serial_number = bytestr_to_int(asn1_get_value_of_type(der, serial_number, 'INTEGER'))
# signature algorithm
sig_algo = asn1_node_next(der, serial_number)
ii = asn1_node_first_child(der, sig_algo)
self.sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))
# issuer
issuer = asn1_node_next(der, sig_algo)
self.issuer = asn1_get_dict(der, issuer)
# validity
validity = asn1_node_next(der, issuer)
ii = asn1_node_first_child(der, validity)
self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime')
ii = asn1_node_next(der,ii)
self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime')
# subject
subject = asn1_node_next(der, validity)
self.subject = asn1_get_dict(der, subject)
subject_pki = asn1_node_next(der, subject)
# extensions
self.CA = False
self.AKI = None
self.SKI = None
i = subject_pki
while i[2] < cert[2]:
i = asn1_node_next(der, i)
d = asn1_get_dict(der, i)
for oid, value in d.items():
if oid == '2.5.29.19':
# Basic Constraints
self.CA = bool(value)
elif oid == '2.5.29.14':
# Subject Key Identifier
r = asn1_node_root(value)
value = asn1_get_value_of_type(value, r, 'OCTET STRING')
self.SKI = value.encode('hex')
elif oid == '2.5.29.35':
# Authority Key Identifier
self.AKI = asn1_get_sequence(value)[0].encode('hex')
else:
pass
# cert signature
cert_sig_algo = asn1_node_next(der, cert)
ii = asn1_node_first_child(der, cert_sig_algo)
self.cert_sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))
cert_sig = asn1_node_next(der, cert_sig_algo)
self.signature = asn1_get_value(der, cert_sig)[1:]
if len(serials_idx) <= 10 :
for c,p in serials_idx.items() :
print 'serial: ',c,' position:',p
print
print '*** Search in CRL for serial no:', serial
print
if serial in serials_idx:
print '*** SERIAL FOUND IN LIST!:'
print '** Revoked certificat data'
print '- Certificat serial no: ', serial
# Now use the pointers to print the certificate entries.
print '- Decoded ASN1 data:'
p = serials_idx[serial]
print dump_asn1(asn1_get_all(crl_der,p))
print
### Main program
crl_filename = 'www.sk.ee-crl.crl'
search_serial = 1018438612
print "****** INDEXING CRL:", crl_filename
print
crl_der = open(crl_filename).read()
dictionary = extract_crl_info(crl_der)
search_certificate(crl_der,search_serial,dictionary)
#print crl_der.encode("hex")
