コード例 #1
0
def extract_crl_info(crl_der):
	# unpack sequence
	i = asn1_node_root(crl_der)
	# unpack sequence
	i = asn1_node_first_child(crl_der,i)
	crl_signed_content= i
	
	# get 1. item inside (version)
	i = asn1_node_first_child(crl_der,i)
	# advance 1 item (Algoidentifier)
	i = asn1_node_next(crl_der,i)
	# advance 1 item (email, CN etc.)
	i = asn1_node_next(crl_der,i)
	# advance 1 item
	i = asn1_node_next(crl_der,i)
	bytestr = asn1_get_value_of_type(crl_der,i,'UTCTime')
	crl_not_valid_before = datetime.datetime.strptime(bytestr,'%y%m%d%H%M%SZ')
	# advance 1 item
	i = asn1_node_next(crl_der,i)
	bytestr = asn1_get_value_of_type(crl_der,i,'UTCTime')
	crl_not_valid_after = datetime.datetime.strptime(bytestr,'%y%m%d%H%M%SZ')

	# advance 1 item (the list)
	i = asn1_node_next(crl_der,i) 

	# Stores for every certificate entry the serial number and and 
	# 3 pointers indication the position of the certificate entry.
	# Returns a dictionary.
	# key = certificate serial number
	# value = 3 pointers to certificate entry in CRL
	
	#open and read 1. item
	j = asn1_node_first_child(crl_der,i)
	serials_idx = {}

	while asn1_node_is_child_of(i,j):
		#read 1. interger inside item
		k = asn1_node_first_child(crl_der,j)
		serial = bytestr_to_int(
			asn1_get_value_of_type(crl_der,k,'INTEGER'))
		#store serial and the asn1 container position
		serials_idx[serial] = j

		# point on next item in the list
		j = asn1_node_next(crl_der,j)

	# advance 1 item 
	i = asn1_node_next(crl_der,i)
	# advance 1 item (obj. identifier)
	i = asn1_node_next(crl_der,i)
	# advance 1 item (signature)
	i = asn1_node_next(crl_der,i)
	# content is crl_signature
	crl_signature =	bitstr_to_bytestr(
		asn1_get_value_of_type(crl_der,i,'BIT STRING')) 

	return crl_not_valid_before, crl_not_valid_after, \
			crl_signature, \
			crl_signed_content,serials_idx
コード例 #2
0
def extract_crl_info(crl_der):
	# unpack sequence
	i = asn1_node_root(crl_der)
	# unpack sequence
	i = asn1_node_first_child(crl_der,i)
	crl_signed_content= i
	
	# get 1. item inside (version)
	i = asn1_node_first_child(crl_der,i)
	# advance 1 item (Algoidentifier)
	i = asn1_node_next(crl_der,i)
	# advance 1 item (email, CN etc.)
	i = asn1_node_next(crl_der,i)
	# advance 1 item
	i = asn1_node_next(crl_der,i)
	bytestr = asn1_get_value_of_type(crl_der,i,'UTCTime')
	crl_not_valid_before = datetime.datetime.strptime(bytestr,'%y%m%d%H%M%SZ')
	# advance 1 item
	i = asn1_node_next(crl_der,i)
	bytestr = asn1_get_value_of_type(crl_der,i,'UTCTime')
	crl_not_valid_after = datetime.datetime.strptime(bytestr,'%y%m%d%H%M%SZ')

	# advance 1 item (the list)
	i = asn1_node_next(crl_der,i) 

	# Stores for every certificate entry the serial number and and 
	# 3 pointers indication the position of the certificate entry.
	# Returns a dictionary.
	# key = certificate serial number
	# value = 3 pointers to certificate entry in CRL
	
	#open and read 1. item
	j = asn1_node_first_child(crl_der,i)
	serials_idx = {}

	while asn1_node_is_child_of(i,j):
		#read 1. interger inside item
		k = asn1_node_first_child(crl_der,j)
		serial = bytestr_to_int(
			asn1_get_value_of_type(crl_der,k,'INTEGER'))
		#store serial and the asn1 container position
		serials_idx[serial] = j

		# point on next item in the list
		j = asn1_node_next(crl_der,j)

	# advance 1 item 
	i = asn1_node_next(crl_der,i)
	# advance 1 item (obj. identifier)
	i = asn1_node_next(crl_der,i)
	# advance 1 item (signature)
	i = asn1_node_next(crl_der,i)
	# content is crl_signature
	crl_signature =	bitstr_to_bytestr(
		asn1_get_value_of_type(crl_der,i,'BIT STRING')) 

	return crl_not_valid_before, crl_not_valid_after, \
			crl_signature, \
			crl_signed_content,serials_idx
コード例 #3
0
def asn1_get_children(der, i):
    nodes = []
    ii = asn1_node_first_child(der, i)
    nodes.append(ii)
    while ii[2] < i[2]:
        ii = asn1_node_next(der, ii)
        nodes.append(ii)
    return nodes
コード例 #4
0
ファイル: x509.py プロジェクト: LiteBit/electrum
def asn1_get_children(der, i):
    nodes = []
    ii = asn1_node_first_child(der,i)
    nodes.append(ii)
    while ii[2]<i[2]:
        ii = asn1_node_next(der,ii)
        nodes.append(ii)
    return nodes
コード例 #5
0
ファイル: x509.py プロジェクト: LiteBit/electrum
def asn1_get_dict(der, i):
    p = {}
    for ii in asn1_get_children(der, i):
        for iii in asn1_get_children(der, ii):
            iiii = asn1_node_first_child(der, iii)
            oid = decode_OID(asn1_get_value_of_type(der, iiii, 'OBJECT IDENTIFIER'))
            iiii = asn1_node_next(der, iiii)
            value = asn1_get_value(der, iiii)
            p[oid] = value
    return p
コード例 #6
0
ファイル: x509.py プロジェクト: Kausheel/electrum
def asn1_get_dict(der, i):
    p = {}
    for ii in asn1_get_children(der, i):
        for iii in asn1_get_children(der, ii):
            iiii = asn1_node_first_child(der, iii)
            oid = decode_OID(asn1_get_value_of_type(der, iiii, 'OBJECT IDENTIFIER'))
            iiii = asn1_node_next(der, iiii)
            value = asn1_get_value(der, iiii)
            p[oid] = value
    return p
コード例 #7
0
    def parseBinary(self, b):

        # call tlslite method first
        tlslite.X509.parseBinary(self, b)

        der = str(b)
        root = asn1_node_root(der)
        cert = asn1_node_first_child(der, root)
        # data for signature
        self.data = asn1_get_all(der, cert)

        # optional version field
        if asn1_get_value(der, cert)[0] == chr(0xa0):
            version = asn1_node_first_child(der, cert)
            serial_number = asn1_node_next(der, version)
        else:
            serial_number = asn1_node_first_child(der, cert)
        self.serial_number = bytestr_to_int(
            asn1_get_value_of_type(der, serial_number, 'INTEGER'))

        # signature algorithm
        sig_algo = asn1_node_next(der, serial_number)
        ii = asn1_node_first_child(der, sig_algo)
        self.sig_algo = decode_OID(
            asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))

        # issuer
        issuer = asn1_node_next(der, sig_algo)
        self.issuer = asn1_get_dict(der, issuer)

        # validity
        validity = asn1_node_next(der, issuer)
        ii = asn1_node_first_child(der, validity)
        self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime')
        ii = asn1_node_next(der, ii)
        self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime')

        # subject
        subject = asn1_node_next(der, validity)
        self.subject = asn1_get_dict(der, subject)
        subject_pki = asn1_node_next(der, subject)

        # extensions
        self.CA = False
        self.AKI = None
        self.SKI = None
        i = subject_pki
        while i[2] < cert[2]:
            i = asn1_node_next(der, i)
            d = asn1_get_dict(der, i)
            for oid, value in d.items():
                if oid == '2.5.29.19':
                    # Basic Constraints
                    self.CA = bool(value)
                elif oid == '2.5.29.14':
                    # Subject Key Identifier
                    r = asn1_node_root(value)
                    value = asn1_get_value_of_type(value, r, 'OCTET STRING')
                    self.SKI = value.encode('hex')
                elif oid == '2.5.29.35':
                    # Authority Key Identifier
                    self.AKI = asn1_get_sequence(value)[0].encode('hex')
                else:
                    pass

        # cert signature
        cert_sig_algo = asn1_node_next(der, cert)
        ii = asn1_node_first_child(der, cert_sig_algo)
        self.cert_sig_algo = decode_OID(
            asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))
        cert_sig = asn1_node_next(der, cert_sig_algo)
        self.signature = asn1_get_value(der, cert_sig)[1:]
コード例 #8
0
ファイル: x509.py プロジェクト: LiteBit/electrum
    def parseBinary(self, b):

        # call tlslite method first
        tlslite.X509.parseBinary(self, b)

        der = str(b)
        root = asn1_node_root(der)
        cert = asn1_node_first_child(der, root)
        # data for signature
        self.data = asn1_get_all(der, cert)

        # optional version field
        if asn1_get_value(der, cert)[0] == chr(0xa0):
            version = asn1_node_first_child(der, cert)
            serial_number = asn1_node_next(der, version)
        else:
            serial_number = asn1_node_first_child(der, cert)
        self.serial_number = bytestr_to_int(asn1_get_value_of_type(der, serial_number, 'INTEGER'))

        # signature algorithm
        sig_algo = asn1_node_next(der, serial_number)
        ii = asn1_node_first_child(der, sig_algo)
        self.sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))

        # issuer
        issuer = asn1_node_next(der, sig_algo)
        self.issuer = asn1_get_dict(der, issuer)

        # validity
        validity = asn1_node_next(der, issuer)
        ii = asn1_node_first_child(der, validity)
        self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime')
        ii = asn1_node_next(der,ii)
        self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime')

        # subject
        subject = asn1_node_next(der, validity)
        self.subject = asn1_get_dict(der, subject)
        subject_pki = asn1_node_next(der, subject)

        # extensions
        self.CA = False
        self.AKI = None
        self.SKI = None
        i = subject_pki
        while i[2] < cert[2]:
            i = asn1_node_next(der, i)
            d = asn1_get_dict(der, i)
            for oid, value in d.items():
                if oid == '2.5.29.19':
                    # Basic Constraints
                    self.CA = bool(value)
                elif oid == '2.5.29.14':
                    # Subject Key Identifier
                    r = asn1_node_root(value)
                    value = asn1_get_value_of_type(value, r, 'OCTET STRING')
                    self.SKI = value.encode('hex')
                elif oid == '2.5.29.35':
                    # Authority Key Identifier
                    self.AKI = asn1_get_sequence(value)[0].encode('hex')
                else:
                    pass

        # cert signature
        cert_sig_algo = asn1_node_next(der, cert)
        ii = asn1_node_first_child(der, cert_sig_algo)
        self.cert_sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER'))
        cert_sig = asn1_node_next(der, cert_sig_algo)
        self.signature = asn1_get_value(der, cert_sig)[1:]
コード例 #9
0
def extract_crl_info(
    crl_der: bytes
) -> Tuple[datetime, datetime, bytes, Tuple[int, int, int], Dict[int, Tuple[
        int, int, int]]]:
    """
    This function extracts some header fields of the CRL list
    and stores pointers to the list entries in a dictionary
    """
    # unpack sequence
    i = asn1_node_root(crl_der)
    # unpack sequence
    i = asn1_node_first_child(crl_der, i)
    crl_signed_content = i

    # get 1. item inside (version)
    i = asn1_node_first_child(crl_der, i)
    # advance 1 item (Algoidentifier)
    i = asn1_node_next(crl_der, i)
    # advance 1 item (email, CN etc.)
    i = asn1_node_next(crl_der, i)
    # advance 1 item
    i = asn1_node_next(crl_der, i)
    bytestr = asn1_get_value_of_type(crl_der, i, "UTCTime")
    crl_not_valid_before = datetime.strptime(bytestr.decode("utf8"),
                                             "%y%m%d%H%M%SZ")
    # advance 1 item
    i = asn1_node_next(crl_der, i)
    bytestr = asn1_get_value_of_type(crl_der, i, "UTCTime")
    crl_not_valid_after = datetime.strptime(bytestr.decode("utf8"),
                                            "%y%m%d%H%M%SZ")

    # advance 1 item (the list)
    i = asn1_node_next(crl_der, i)

    # Stores for every certificate entry the serial number and and
    # 3 pointers indication the position of the certificate entry.
    # Returns a dictionary.
    # key = certificate serial number
    # value = 3 pointers to certificate entry in CRL

    # open and read 1. item
    j = asn1_node_first_child(crl_der, i)
    serials_idx = {}

    while asn1_node_is_child_of(i, j):
        # read 1. interger inside item
        k = asn1_node_first_child(crl_der, j)
        serial = bytestr_to_int(asn1_get_value_of_type(crl_der, k, "INTEGER"))
        # store serial and the asn1 container position
        serials_idx[serial] = j

        # point on next item in the list
        j = asn1_node_next(crl_der, j)

    # advance 1 item
    i = asn1_node_next(crl_der, i)
    # advance 1 item (obj. identifier)
    i = asn1_node_next(crl_der, i)
    # advance 1 item (signature)
    i = asn1_node_next(crl_der, i)
    # content is crl_signature
    crl_signature = asn1_get_value_of_type(crl_der, i, "BIT STRING")
    if crl_signature[0] != 0x00:
        raise ValueError(
            "Error: CRL signature should start with 0x00 padding!")
    crl_signature = crl_signature[1:]

    return (
        crl_not_valid_before,
        crl_not_valid_after,
        crl_signature,
        crl_signed_content,
        serials_idx,
    )