def parse_crls(crls: BinaryIO, store: X509Store) -> None: """ Parse CRLs from the ICAO PKD DSC-CRL ldif """ parser = LDIFRecordList(crls) parser.parse_entry_records() for record in parser.all_records: if "certificateRevocationList;binary" in record[1]: CRL = load_crl(FILETYPE_ASN1, record[1]["certificateRevocationList;binary"][0]) print(f"\t[+] Loaded CRL: {record[1]['cn'][0]}") store.add_crl(CRL)
def parse_csca_certs(master_list: BinaryIO, store: X509Store) -> None: """ Parse CSCA certificates from the ICAO PKD ML ldif """ parser = LDIFRecordList(master_list) parser.parse_entry_records() unique_certs: List[X509] = [] for record in parser.all_records: if "CscaMasterListData" not in record[1]: continue print(f"\t[i] Reading {record[1]['cn'][0]}") cmd = "openssl cms -inform der -noverify -verify" (signed_data, err) = execute(cmd, record[1]["CscaMasterListData"][0]) if err.decode("utf8").strip() != "Verification successful": # print(f"\t[-] [{err.decode('utf8')}]") print("\t[-] Verification of Masterlist data failed\n") continue print("\t[+] MasterList Verification successful") cert_list = extract_certificates(signed_data) print("\t[i] Removing duplicates") unique_certs_from_ml = [x for x in cert_list if unique_hash(x)] print(f"\t[i] Removed {len(cert_list)-len(unique_certs_from_ml)} duplicate certificates\n") unique_certs = unique_certs + unique_certs_from_ml print(f"\t[i] Total unique entries: {len(unique_certs)}\n") for cert in unique_certs: if is_self_signed(cert): print(f"\t[+] Loaded certificate: {cert.get_subject().countryName}") print_valid_time("\t\t", cert) store.add_cert(cert)