def _extract_extensions(self, cert): extensions = cert.getComponentByName( 'tbsCertificate').getComponentByName('extensions') is_ca = False ocsp_urls = [] nocheck = False for e in extensions: oid = e.getComponentByName('extnID') if oid == rfc2459.id_ce_basicConstraints: constraints = der_decoder.decode( e.getComponentByName('extnValue'), asn1Spec=rfc2459.BasicConstraints())[0] is_ca = constraints.getComponentByPosition(0) elif oid == rfc2459.id_pe_authorityInfoAccess: auth_info = der_decoder.decode( e.getComponentByName('extnValue'), asn1Spec=rfc2459.AuthorityInfoAccessSyntax())[0] for a in auth_info: if a.getComponentByName('accessMethod') == \ rfc2560.id_pkix_ocsp: url = nat_encoder( a.getComponentByName( 'accessLocation').getComponentByName( 'uniformResourceIdentifier')) ocsp_urls.append(url) elif oid == rfc2560.id_pkix_ocsp_nocheck: nocheck = True return nocheck, is_ca, ocsp_urls
def get_san_from_cert(CERT_FILE): cert = _load_certificate(CERT_FILE) e = cert.get_extension(2) for i in range(cert.get_extension_count()): logging.debug(cert.get_extension(i).get_short_name()) if cert.get_extension(i).get_short_name().decode() == "subjectAltName": e = cert.get_extension(i) break raw_alt_names = e.get_data() decoded_alt_names, _ = asn1_decoder(raw_alt_names, asn1Spec=SubjectAltName()) py_alt_names = nat_encoder(decoded_alt_names) logging.debug(py_alt_names) ip_sub_alt_name = [] dns_sub_alt_name = [] for element in py_alt_names: if element.keys() == OrderedDict([('iPAddress', '_')]).keys(): ip_sub_alt_name.append( str(ipaddress.IPv4Address(element['iPAddress']))) elif element.keys() == OrderedDict([('dNSName', '_')]).keys(): dns_sub_alt_name.append(element['dNSName'].decode("utf-8")) else: logging.error("Bad AltName Key") logging.debug(ip_sub_alt_name) logging.debug(dns_sub_alt_name) san = {"dns": dns_sub_alt_name, "ip": ip_sub_alt_name} logging.debug(san) return san
def extract_certificate_chain(self, connection): """ Gets certificate chain and extract the key info from OpenSSL connection """ cert_map = OrderedDict() logger.debug("# of certificates: %s", len(connection.get_peer_cert_chain())) for cert_openssl in connection.get_peer_cert_chain(): cert_der = dump_certificate(FILETYPE_ASN1, cert_openssl) cert = der_decoder.decode(cert_der, asn1Spec=rfc2459.Certificate())[0] subject_sha256 = self._get_subject_hash(cert) logger.debug(u'subject: %s, issuer: %s', nat_encoder(self._get_subject(cert)), nat_encoder(self._get_issuer(cert))) cert_map[subject_sha256] = cert return self.create_pair_issuer_subject(cert_map)
def subject_name(self, cert): return nat_encoder(self._get_subject(cert))