def stringToDN(string, tag=None): """Takes a string representing a distinguished name or directory name and returns a Name for use by pyasn1. See the documentation for the issuer and subject fields for more details. Takes an optional implicit tag in cases where the Name needs to be tagged differently.""" if '/' not in string: string = '/CN=%s' % string rdns = rfc2459.RDNSequence() pos = 0 pattern = '/(C|ST|L|O|OU|CN|emailAddress)=' split = re.split(pattern, string) # split should now be [[encoding], <type>, <value>, <type>, <value>, ...] if split[0]: encoding = split[0] else: encoding = 'utf8String' for (nameType, value) in zip(split[1::2], split[2::2]): ava = rfc2459.AttributeTypeAndValue() if nameType == 'C': ava.setComponentByName('type', rfc2459.id_at_countryName) nameComponent = rfc2459.X520countryName(value) elif nameType == 'ST': ava.setComponentByName('type', rfc2459.id_at_stateOrProvinceName) nameComponent = rfc2459.X520StateOrProvinceName() elif nameType == 'L': ava.setComponentByName('type', rfc2459.id_at_localityName) nameComponent = rfc2459.X520LocalityName() elif nameType == 'O': ava.setComponentByName('type', rfc2459.id_at_organizationName) nameComponent = rfc2459.X520OrganizationName() elif nameType == 'OU': ava.setComponentByName('type', rfc2459.id_at_organizationalUnitName) nameComponent = rfc2459.X520OrganizationalUnitName() elif nameType == 'CN': ava.setComponentByName('type', rfc2459.id_at_commonName) nameComponent = rfc2459.X520CommonName() elif nameType == 'emailAddress': ava.setComponentByName('type', rfc2459.emailAddress) nameComponent = rfc2459.Pkcs9email(value) else: raise UnknownDNTypeError(nameType) if not nameType == 'C' and not nameType == 'emailAddress': # The value may have things like '\0' (i.e. a slash followed by # the number zero) that have to be decoded into the resulting # '\x00' (i.e. a byte with value zero). nameComponent.setComponentByName( encoding, value.decode(encoding='string_escape')) ava.setComponentByName('value', nameComponent) rdn = rfc2459.RelativeDistinguishedName() rdn.setComponentByPosition(0, ava) rdns.setComponentByPosition(pos, rdn) pos = pos + 1 if tag: name = rfc2459.Name().subtype(implicitTag=tag) else: name = rfc2459.Name() name.setComponentByPosition(0, rdns) return name
def stringToDN(string, tag=None): """Takes a string representing a distinguished name or directory name and returns a Name for use by pyasn1. See the documentation for the issuer and subject fields for more details. Takes an optional implicit tag in cases where the Name needs to be tagged differently.""" if string and "/" not in string: string = "/CN=%s" % string rdns = rfc2459.RDNSequence() pattern = "/(C|ST|L|O|OU|CN|emailAddress)=" split = re.split(pattern, string) # split should now be [[encoding], <type>, <value>, <type>, <value>, ...] if split[0]: encoding = split[0] else: encoding = "utf8String" for pos, (nameType, value) in enumerate(zip(split[1::2], split[2::2])): ava = rfc2459.AttributeTypeAndValue() if nameType == "C": ava["type"] = rfc2459.id_at_countryName nameComponent = rfc2459.X520countryName(value) elif nameType == "ST": ava["type"] = rfc2459.id_at_stateOrProvinceName nameComponent = rfc2459.X520StateOrProvinceName() elif nameType == "L": ava["type"] = rfc2459.id_at_localityName nameComponent = rfc2459.X520LocalityName() elif nameType == "O": ava["type"] = rfc2459.id_at_organizationName nameComponent = rfc2459.X520OrganizationName() elif nameType == "OU": ava["type"] = rfc2459.id_at_organizationalUnitName nameComponent = rfc2459.X520OrganizationalUnitName() elif nameType == "CN": ava["type"] = rfc2459.id_at_commonName nameComponent = rfc2459.X520CommonName() elif nameType == "emailAddress": ava["type"] = rfc2459.emailAddress nameComponent = rfc2459.Pkcs9email(value) else: raise UnknownDNTypeError(nameType) if not nameType == "C" and not nameType == "emailAddress": # The value may have things like '\0' (i.e. a slash followed by # the number zero) that have to be decoded into the resulting # '\x00' (i.e. a byte with value zero). nameComponent[encoding] = six.ensure_binary(value).decode( encoding="unicode_escape" ) ava["value"] = nameComponent rdn = rfc2459.RelativeDistinguishedName() rdn.setComponentByPosition(0, ava) rdns.setComponentByPosition(pos, rdn) if tag: name = rfc2459.Name().subtype(implicitTag=tag) else: name = rfc2459.Name() name.setComponentByPosition(0, rdns) return name
def extractPKCS7(self): pe = pefile.PE(self.filename) pkcs_dict = dict() try: totsize = os.path.getsize(self.filename) self.pe.parse_data_directories(directories=[ pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY'] ]) sigoff = 0 siglen = 0 for s in self.pe.__structures__: if s.name == 'IMAGE_DIRECTORY_ENTRY_SECURITY': sigoff = s.VirtualAddress siglen = s.Size if sigoff < totsize: f = open(self.filename, 'rb') f.seek(sigoff) thesig = f.read(siglen) f.close() if 'sign' in str(thesig[8:]).lower() or 'root' in str( thesig[8:]).lower() or 'global' in str( thesig[8:]).lower(): pkcs_dict['dwLength'] = struct.unpack('<L', thesig[0:4])[0] pkcs_dict['wRevision'] = find_wRevision( struct.unpack('<h', thesig[4:6])[0]) pkcs_dict['wCertificateType'] = find_wCertificateType( struct.unpack('<h', thesig[6:8])[0]) pkcs_dict['VirtualAddress'] = hex(sigoff) pkcs_dict['totalsize'] = totsize thesig = hashlib.md5(thesig).hexdigest().upper() pkcs_dict['hash'] = thesig address = pe.OPTIONAL_HEADER.DATA_DIRECTORY[ pefile.DIRECTORY_ENTRY[ 'IMAGE_DIRECTORY_ENTRY_SECURITY']].VirtualAddress derData = pe.write()[address + 8:] (contentInfo, rest) = decode(derData, asn1Spec=rfc2315.ContentInfo()) contentType = contentInfo.getComponentByName('contentType') if contentType == rfc2315.signedData: signedData = decode( contentInfo.getComponentByName('content'), asn1Spec=rfc2315.SignedData()) for sd in signedData: if sd == '': continue try: signerInfos = sd.getComponentByName('signerInfos') except: continue for si in signerInfos: issuerAndSerial = si.getComponentByName( 'issuerAndSerialNumber') issuer = issuerAndSerial.getComponentByName( 'issuer').getComponent() for i in issuer: for r in i: at = r.getComponentByName('type') if rfc2459.id_at_countryName == at: cn = decode( r.getComponentByName('value'), asn1Spec=rfc2459.X520countryName()) pkcs_dict['Country'] = str(cn[0]) elif rfc2459.id_at_organizationName == at: on = decode(r.getComponentByName('value'), asn1Spec=rfc2459. X520OrganizationName()) pkcs_dict['Company name'] = str( on[0].getComponent()) elif rfc2459.id_at_organizationalUnitName == at: ou = decode(r.getComponentByName('value'), asn1Spec=rfc2459. X520OrganizationalUnitName()) pkcs_dict['Company Unit name'] = str( ou[0].getComponent()) elif rfc2459.id_at_commonName == at: cn = decode( r.getComponentByName('value'), asn1Spec=rfc2459.X520CommonName()) pkcs_dict['Issuer name'] = str( cn[0].getComponent()) else: print(at) except: return pkcs_dict return pkcs_dict