def parseBinary(self, bytes): """Parse a DER-encoded X.509 certificate. @type bytes: str or L{array.array} of unsigned bytes @param bytes: A DER-encoded X.509 certificate. """ if isinstance(bytes, type("")): bytes = stringToBytes(bytes) self.bytes = bytes p = ASN1Parser(bytes) #Get the tbsCertificate tbsCertificateP = p.getChild(0) #Is the optional version field present? #This determines which index the key is at. if tbsCertificateP.value[0] == 0xA0: subjectPublicKeyInfoIndex = 6 else: subjectPublicKeyInfoIndex = 5 #Get the subject self.subject = tbsCertificateP.getChildBytes(\ subjectPublicKeyInfoIndex - 1) #Get the subjectPublicKeyInfo subjectPublicKeyInfoP = tbsCertificateP.getChild(\ subjectPublicKeyInfoIndex) #Get the algorithm algorithmP = subjectPublicKeyInfoP.getChild(0) rsaOID = algorithmP.value if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]: raise SyntaxError("Unrecognized AlgorithmIdentifier") #Get the subjectPublicKey subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1) #Adjust for BIT STRING encapsulation if (subjectPublicKeyP.value[0] != 0): raise SyntaxError() subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:]) #Get the modulus and exponent modulusP = subjectPublicKeyP.getChild(0) publicExponentP = subjectPublicKeyP.getChild(1) #Decode them into numbers n = bytesToNumber(modulusP.value) e = bytesToNumber(publicExponentP.value) #Create a public key instance self.publicKey = _createPublicRSAKey(n, e) return self
def parseBinary(self, bytes): """Parse a DER-encoded X.509 certificate. @type bytes: str or L{array.array} of unsigned bytes @param bytes: A DER-encoded X.509 certificate. """ if isinstance(bytes, type("")): bytes = stringToBytes(bytes) self.bytes = bytes p = ASN1Parser(bytes) #Get the tbsCertificate tbsCertificateP = p.getChild(0) #Is the optional version field present? #This determines which index the key is at. if tbsCertificateP.value[0]==0xA0: subjectPublicKeyInfoIndex = 6 else: subjectPublicKeyInfoIndex = 5 #Get the subject self.subject = tbsCertificateP.getChildBytes(\ subjectPublicKeyInfoIndex - 1) #Get the subjectPublicKeyInfo subjectPublicKeyInfoP = tbsCertificateP.getChild(\ subjectPublicKeyInfoIndex) #Get the algorithm algorithmP = subjectPublicKeyInfoP.getChild(0) rsaOID = algorithmP.value if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]: raise SyntaxError("Unrecognized AlgorithmIdentifier") #Get the subjectPublicKey subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1) #Adjust for BIT STRING encapsulation if (subjectPublicKeyP.value[0] !=0): raise SyntaxError() subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:]) #Get the modulus and exponent modulusP = subjectPublicKeyP.getChild(0) publicExponentP = subjectPublicKeyP.getChild(1) #Decode them into numbers n = bytesToNumber(modulusP.value) e = bytesToNumber(publicExponentP.value) #Create a public key instance self.publicKey = _createPublicRSAKey(n, e) return self
def parseBinary(self, bytes): """Parse a DER-encoded X.509 certificate. @type bytes: str or L{bytearray} of unsigned bytes @param bytes: A DER-encoded X.509 certificate. """ self.bytes = bytearray(bytes) p = ASN1Parser(bytes) #Get the tbsCertificate tbsCertificateP = p.getChild(0) #Is the optional version field present? #This determines which index the key is at. if tbsCertificateP.value[0]==0xA0: subjectPublicKeyInfoIndex = 6 else: subjectPublicKeyInfoIndex = 5 # serial number of certificate self.serial_number = ASN1Parser(tbsCertificateP.getChildBytes(1)) #print "[+] Serial number: 0x"+b2a_hex(self.serial_number.value) #TODO signature algorithm, not workign yet sign_algo = ASN1Parser(ASN1Parser(tbsCertificateP.getChildBytes(2)).getChildBytes(0)) oid = self.ObjectIdentifierDecoder(sign_algo.value, sign_algo.length) oid_str = get_oid_str(oid) signature_algorithm = oid_str for key,value in OIDMap.oid_map.iteritems(): if key == oid_str: self.signature_algorithm = (oid_str, value) #print "[+] Signature ALgorithm: ", value #get the issuer issuer = tbsCertificateP.getChildBytes(3) counter = 0 while 1: try: field3 = ASN1Parser(issuer).getChild(counter).getChild(0).getChild(0) oid = self.ObjectIdentifierDecoder(field3.value, field3.length) oid_str = get_oid_str(oid) for key,value in OIDMap.oid_map.iteritems(): if key == oid_str: self.issuer[value] = ASN1Parser(issuer).getChild(counter).getChild(0).getChild(1).value counter +=1 except: break #get the validity self.validFrom = ASN1Parser(tbsCertificateP.getChildBytes(4)).getChild(0) self.validFrom = datetime.datetime.strptime(str(self.validFrom.value[:6]),"%y%m%d") self.validUntil = ASN1Parser(tbsCertificateP.getChildBytes(4)).getChild(1) self.validUntil = datetime.datetime.strptime(str(self.validUntil.value[:6]), "%y%m%d") #Get the subject # CANT HANDLE IF ANYTHING CHANGES. HACKING TO PARSE CERT subject = tbsCertificateP.getChild(subjectPublicKeyInfoIndex - 1) counter = 0 while 1: try: field3 = subject.getChild(counter).getChild(0).getChild(0) oid = self.ObjectIdentifierDecoder(field3.value, field3.length) oid_str = get_oid_str(oid) for key,value in OIDMap.oid_map.iteritems(): if key == oid_str: self.subject[value] = subject.getChild(counter).getChild(0).getChild(1).value #print " [+] ",value,":",subject.getChild(counter).getChild(0).getChild(1).value counter +=1 except Exception: break #Get the subjectPublicKeyInfo # sequence -> sequence -> object_identifier subjectPublicKeyInfoP = tbsCertificateP.getChild(subjectPublicKeyInfoIndex) algorithmP = ASN1Parser(subjectPublicKeyInfoP.getChildBytes(0)).getChild(0) algoOID = self.ObjectIdentifierDecoder(algorithmP.value, algorithmP.length) algoOID_str = get_oid_str(algoOID) for key,value in OIDMap.oid_map.iteritems(): if key == algoOID_str: self.key_algorithm = (algoOID_str, value) #Get the subjectPublicKey subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1) #Adjust for BIT STRING encapsulation if self.key_algorithm is not None and self.key_algorithm[1] == 'RSA': if (subjectPublicKeyP.value[0] !=0): raise SyntaxError() subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:]) #Get the modulus and exponent modulusP = subjectPublicKeyP.getChild(0) publicExponentP = subjectPublicKeyP.getChild(1) #Decode them into numbers # Info: typecasting to long, to debian giving typerror of expecting long, not int n = long(bytesToNumber(modulusP.value)) e = long(bytesToNumber(publicExponentP.value)) #Create a public key instance self.publicKey = _createPublicRSAKey(n, e) self.key_size = len(self.publicKey) #print "[+] Key Size: ",len(self.publicKey) ,"\n" #TODO calculate EC KEY SIZE # helped in solving this issue :https://crypto.stackexchange.com/questions/6843/how-do-i-unpack-the-x-and-y-values-from-the-bitstring-in-a-der-ecdsa-public-key if self.key_algorithm is not None and self.key_algorithm[1] == 'EC': if (subjectPublicKeyP.value[0] !=0): raise SyntaxError() #uncompressed key, then the following bytes are x and y if (subjectPublicKeyP.value[1] ==0x04): key_len_byte = len(subjectPublicKeyP.value[2:]) self.key_size = (key_len_byte/2 ) * 8 # TODO not sure, probably correct implementation: https://stackoverflow.com/questions/16576434/cryptopp-compressed-ec-keys if (subjectPublicKeyP.value[1] ==0x03) or (subjectPublicKeyP.value[1] ==0x02) : key_len_byte = len(subjectPublicKeyP.value[2:]) self.key_size = (key_len_byte) * 8