class RevRepContent(univ.Sequence): """ RevRepContent ::= SEQUENCE { status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL """ componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatusInfo()), namedtype.OptionalNamedType('revCerts', univ.SequenceOf( componentType=rfc2511.CertId() ).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0) ) ), namedtype.OptionalNamedType('crls', univ.SequenceOf( componentType=rfc2459.CertificateList() ).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1) ) ) )
class RevRepContent(univ.Sequence): componentType = namedtype.NamedTypes( namedtype.NamedType('status', PKIStatusInfo()), namedtype.OptionalNamedType( 'revCerts', univ.SequenceOf(componentType=rfc2511.CertId()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))), namedtype.OptionalNamedType( 'crls', univ.SequenceOf(componentType=rfc2459.CertificateList()).subtype( subtypeSpec=constraint.ValueSizeConstraint(1, MAX), explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))))
class CRLAnnContent(univ.SequenceOf): componentType = rfc2459.CertificateList()
def setUp(self): self.asn1Spec = rfc2459.CertificateList()
#!/usr/bin/env python # -*- coding: utf-8 -*- # # Analyze CRLs stored in a directory and dump a JSON # # Software is free software released under the GNU General Public License version 3 and later # # Copyright (c) 2014 Alexandre Dulaunoy - [email protected] import argparse import sys import os from pyasn1_modules import rfc2459 crlspec = rfc2459.CertificateList() from pyasn1.codec.der import decoder import OpenSSL import json import binascii import datetime argParser = argparse.ArgumentParser( description='Analyze CRLs stored in a directory') argParser.add_argument('-v', action='store_true', help='Verbose output') argParser.add_argument('-d', help='Path where CRLs are stored') argParser.add_argument('-j', action='store_false', default=True, help='Toggle JSON output (default)') args = argParser.parse_args()
# CRL can be generated with "openssl openssl ca -gencrl ..." commands. # import sys from pyasn1.codec.der import decoder from pyasn1.codec.der import encoder from pyasn1_modules import pem from pyasn1_modules import rfc2459 if len(sys.argv) != 1: print("""Usage: $ cat crl.pem | %s""" % sys.argv[0]) sys.exit(-1) asn1Spec = rfc2459.CertificateList() cnt = 0 while True: idx, substrate = pem.readPemBlocksFromFile( sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----')) if not substrate: break key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) if rest: substrate = substrate[:-len(rest)] print(key.prettyPrint())