def parseBinary(self, bytes):
"""Parse a DER-encoded X.509 certificate.
@type bytes: str or L{array.array} of unsigned bytes
@param bytes: A DER-encoded X.509 certificate.
"""
if isinstance(bytes, type("")):
bytes = stringToBytes(bytes)
self.bytes = bytes
p = ASN1Parser(bytes)
#Get the tbsCertificate
tbsCertificateP = p.getChild(0)
#Is the optional version field present?
#This determines which index the key is at.
if tbsCertificateP.value[0] == 0xA0:
subjectPublicKeyInfoIndex = 6
else:
subjectPublicKeyInfoIndex = 5
#Get the subject
self.subject = tbsCertificateP.getChildBytes(\
subjectPublicKeyInfoIndex - 1)
#Get the subjectPublicKeyInfo
subjectPublicKeyInfoP = tbsCertificateP.getChild(\
subjectPublicKeyInfoIndex)
#Get the algorithm
algorithmP = subjectPublicKeyInfoP.getChild(0)
rsaOID = algorithmP.value
if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]:
raise SyntaxError("Unrecognized AlgorithmIdentifier")
#Get the subjectPublicKey
subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1)
#Adjust for BIT STRING encapsulation
if (subjectPublicKeyP.value[0] != 0):
raise SyntaxError()
subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:])
#Get the modulus and exponent
modulusP = subjectPublicKeyP.getChild(0)
publicExponentP = subjectPublicKeyP.getChild(1)
#Decode them into numbers
n = bytesToNumber(modulusP.value)
e = bytesToNumber(publicExponentP.value)
#Create a public key instance
self.publicKey = _createPublicRSAKey(n, e)
return self
def parseBinary(self, bytes):
"""Parse a DER-encoded X.509 certificate.
@type bytes: str or L{array.array} of unsigned bytes
@param bytes: A DER-encoded X.509 certificate.
"""
if isinstance(bytes, type("")):
bytes = stringToBytes(bytes)
self.bytes = bytes
p = ASN1Parser(bytes)
#Get the tbsCertificate
tbsCertificateP = p.getChild(0)
#Is the optional version field present?
#This determines which index the key is at.
if tbsCertificateP.value[0]==0xA0:
subjectPublicKeyInfoIndex = 6
else:
subjectPublicKeyInfoIndex = 5
#Get the subject
self.subject = tbsCertificateP.getChildBytes(\
subjectPublicKeyInfoIndex - 1)
#Get the subjectPublicKeyInfo
subjectPublicKeyInfoP = tbsCertificateP.getChild(\
subjectPublicKeyInfoIndex)
#Get the algorithm
algorithmP = subjectPublicKeyInfoP.getChild(0)
rsaOID = algorithmP.value
if list(rsaOID) != [6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0]:
raise SyntaxError("Unrecognized AlgorithmIdentifier")
#Get the subjectPublicKey
subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1)
#Adjust for BIT STRING encapsulation
if (subjectPublicKeyP.value[0] !=0):
raise SyntaxError()
subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:])
#Get the modulus and exponent
modulusP = subjectPublicKeyP.getChild(0)
publicExponentP = subjectPublicKeyP.getChild(1)
#Decode them into numbers
n = bytesToNumber(modulusP.value)
e = bytesToNumber(publicExponentP.value)
#Create a public key instance
self.publicKey = _createPublicRSAKey(n, e)
return self
def parseBinary(self, bytes):
"""Parse a DER-encoded X.509 certificate.
@type bytes: str or L{bytearray} of unsigned bytes
@param bytes: A DER-encoded X.509 certificate.
"""
self.bytes = bytearray(bytes)
p = ASN1Parser(bytes)
#Get the tbsCertificate
tbsCertificateP = p.getChild(0)
#Is the optional version field present?
#This determines which index the key is at.
if tbsCertificateP.value[0]==0xA0:
subjectPublicKeyInfoIndex = 6
else:
subjectPublicKeyInfoIndex = 5
# serial number of certificate
self.serial_number = ASN1Parser(tbsCertificateP.getChildBytes(1))
#print "[+] Serial number: 0x"+b2a_hex(self.serial_number.value)
#TODO signature algorithm, not workign yet
sign_algo = ASN1Parser(ASN1Parser(tbsCertificateP.getChildBytes(2)).getChildBytes(0))
oid = self.ObjectIdentifierDecoder(sign_algo.value, sign_algo.length)
oid_str = get_oid_str(oid)
signature_algorithm = oid_str
for key,value in OIDMap.oid_map.iteritems():
if key == oid_str:
self.signature_algorithm = (oid_str, value)
#print "[+] Signature ALgorithm: ", value
#get the issuer
issuer = tbsCertificateP.getChildBytes(3)
counter = 0
while 1:
try:
field3 = ASN1Parser(issuer).getChild(counter).getChild(0).getChild(0)
oid = self.ObjectIdentifierDecoder(field3.value, field3.length)
oid_str = get_oid_str(oid)
for key,value in OIDMap.oid_map.iteritems():
if key == oid_str:
self.issuer[value] = ASN1Parser(issuer).getChild(counter).getChild(0).getChild(1).value
counter +=1
except:
break
#get the validity
self.validFrom = ASN1Parser(tbsCertificateP.getChildBytes(4)).getChild(0)
self.validFrom = datetime.datetime.strptime(str(self.validFrom.value[:6]),"%y%m%d")
self.validUntil = ASN1Parser(tbsCertificateP.getChildBytes(4)).getChild(1)
self.validUntil = datetime.datetime.strptime(str(self.validUntil.value[:6]), "%y%m%d")
#Get the subject
# CANT HANDLE IF ANYTHING CHANGES. HACKING TO PARSE CERT
subject = tbsCertificateP.getChild(subjectPublicKeyInfoIndex - 1)
counter = 0
while 1:
try:
field3 = subject.getChild(counter).getChild(0).getChild(0)
oid = self.ObjectIdentifierDecoder(field3.value, field3.length)
oid_str = get_oid_str(oid)
for key,value in OIDMap.oid_map.iteritems():
if key == oid_str:
self.subject[value] = subject.getChild(counter).getChild(0).getChild(1).value
#print " [+] ",value,":",subject.getChild(counter).getChild(0).getChild(1).value
counter +=1
except Exception:
break
#Get the subjectPublicKeyInfo
# sequence -> sequence -> object_identifier
subjectPublicKeyInfoP = tbsCertificateP.getChild(subjectPublicKeyInfoIndex)
algorithmP = ASN1Parser(subjectPublicKeyInfoP.getChildBytes(0)).getChild(0)
algoOID = self.ObjectIdentifierDecoder(algorithmP.value, algorithmP.length)
algoOID_str = get_oid_str(algoOID)
for key,value in OIDMap.oid_map.iteritems():
if key == algoOID_str:
self.key_algorithm = (algoOID_str, value)
#Get the subjectPublicKey
subjectPublicKeyP = subjectPublicKeyInfoP.getChild(1)
#Adjust for BIT STRING encapsulation
if self.key_algorithm is not None and self.key_algorithm[1] == 'RSA':
if (subjectPublicKeyP.value[0] !=0):
raise SyntaxError()
subjectPublicKeyP = ASN1Parser(subjectPublicKeyP.value[1:])
#Get the modulus and exponent
modulusP = subjectPublicKeyP.getChild(0)
publicExponentP = subjectPublicKeyP.getChild(1)
#Decode them into numbers
# Info: typecasting to long, to debian giving typerror of expecting long, not int
n = long(bytesToNumber(modulusP.value))
e = long(bytesToNumber(publicExponentP.value))
#Create a public key instance
self.publicKey = _createPublicRSAKey(n, e)
self.key_size = len(self.publicKey)
#print "[+] Key Size: ",len(self.publicKey) ,"\n"
#TODO calculate EC KEY SIZE
# helped in solving this issue :https://crypto.stackexchange.com/questions/6843/how-do-i-unpack-the-x-and-y-values-from-the-bitstring-in-a-der-ecdsa-public-key
if self.key_algorithm is not None and self.key_algorithm[1] == 'EC':
if (subjectPublicKeyP.value[0] !=0):
raise SyntaxError()
#uncompressed key, then the following bytes are x and y
if (subjectPublicKeyP.value[1] ==0x04):
key_len_byte = len(subjectPublicKeyP.value[2:])
self.key_size = (key_len_byte/2 ) * 8
# TODO not sure, probably correct implementation: https://stackoverflow.com/questions/16576434/cryptopp-compressed-ec-keys
if (subjectPublicKeyP.value[1] ==0x03) or (subjectPublicKeyP.value[1] ==0x02) :
key_len_byte = len(subjectPublicKeyP.value[2:])
self.key_size = (key_len_byte) * 8
