def asn1_get_dict(der, i): p = {} for ii in asn1_get_children(der, i): for iii in asn1_get_children(der, ii): iiii = asn1_node_first_child(der, iii) oid = decode_OID(asn1_get_value_of_type(der, iiii, 'OBJECT IDENTIFIER')) iiii = asn1_node_next(der, iiii) value = asn1_get_value(der, iiii) p[oid] = value return p
def asn1_get_sequence(s): return map(lambda j: asn1_get_value(s, j), asn1_get_children(s, asn1_node_root(s)))
def parseBinary(self, b): # call tlslite method first tlslite.X509.parseBinary(self, b) der = str(b) root = asn1_node_root(der) cert = asn1_node_first_child(der, root) # data for signature self.data = asn1_get_all(der, cert) # optional version field if asn1_get_value(der, cert)[0] == chr(0xa0): version = asn1_node_first_child(der, cert) serial_number = asn1_node_next(der, version) else: serial_number = asn1_node_first_child(der, cert) self.serial_number = bytestr_to_int( asn1_get_value_of_type(der, serial_number, 'INTEGER')) # signature algorithm sig_algo = asn1_node_next(der, serial_number) ii = asn1_node_first_child(der, sig_algo) self.sig_algo = decode_OID( asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) # issuer issuer = asn1_node_next(der, sig_algo) self.issuer = asn1_get_dict(der, issuer) # validity validity = asn1_node_next(der, issuer) ii = asn1_node_first_child(der, validity) self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime') ii = asn1_node_next(der, ii) self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime') # subject subject = asn1_node_next(der, validity) self.subject = asn1_get_dict(der, subject) subject_pki = asn1_node_next(der, subject) # extensions self.CA = False self.AKI = None self.SKI = None i = subject_pki while i[2] < cert[2]: i = asn1_node_next(der, i) d = asn1_get_dict(der, i) for oid, value in d.items(): if oid == '2.5.29.19': # Basic Constraints self.CA = bool(value) elif oid == '2.5.29.14': # Subject Key Identifier r = asn1_node_root(value) value = asn1_get_value_of_type(value, r, 'OCTET STRING') self.SKI = value.encode('hex') elif oid == '2.5.29.35': # Authority Key Identifier self.AKI = asn1_get_sequence(value)[0].encode('hex') else: pass # cert signature cert_sig_algo = asn1_node_next(der, cert) ii = asn1_node_first_child(der, cert_sig_algo) self.cert_sig_algo = decode_OID( asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) cert_sig = asn1_node_next(der, cert_sig_algo) self.signature = asn1_get_value(der, cert_sig)[1:]
def parseBinary(self, b): # call tlslite method first tlslite.X509.parseBinary(self, b) der = str(b) root = asn1_node_root(der) cert = asn1_node_first_child(der, root) # data for signature self.data = asn1_get_all(der, cert) # optional version field if asn1_get_value(der, cert)[0] == chr(0xa0): version = asn1_node_first_child(der, cert) serial_number = asn1_node_next(der, version) else: serial_number = asn1_node_first_child(der, cert) self.serial_number = bytestr_to_int(asn1_get_value_of_type(der, serial_number, 'INTEGER')) # signature algorithm sig_algo = asn1_node_next(der, serial_number) ii = asn1_node_first_child(der, sig_algo) self.sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) # issuer issuer = asn1_node_next(der, sig_algo) self.issuer = asn1_get_dict(der, issuer) # validity validity = asn1_node_next(der, issuer) ii = asn1_node_first_child(der, validity) self.notBefore = asn1_get_value_of_type(der, ii, 'UTCTime') ii = asn1_node_next(der,ii) self.notAfter = asn1_get_value_of_type(der, ii, 'UTCTime') # subject subject = asn1_node_next(der, validity) self.subject = asn1_get_dict(der, subject) subject_pki = asn1_node_next(der, subject) # extensions self.CA = False self.AKI = None self.SKI = None i = subject_pki while i[2] < cert[2]: i = asn1_node_next(der, i) d = asn1_get_dict(der, i) for oid, value in d.items(): if oid == '2.5.29.19': # Basic Constraints self.CA = bool(value) elif oid == '2.5.29.14': # Subject Key Identifier r = asn1_node_root(value) value = asn1_get_value_of_type(value, r, 'OCTET STRING') self.SKI = value.encode('hex') elif oid == '2.5.29.35': # Authority Key Identifier self.AKI = asn1_get_sequence(value)[0].encode('hex') else: pass # cert signature cert_sig_algo = asn1_node_next(der, cert) ii = asn1_node_first_child(der, cert_sig_algo) self.cert_sig_algo = decode_OID(asn1_get_value_of_type(der, ii, 'OBJECT IDENTIFIER')) cert_sig = asn1_node_next(der, cert_sig_algo) self.signature = asn1_get_value(der, cert_sig)[1:]