Python pyasn1.codec.der.decoder.decode() Examples
The following are 30
code examples of pyasn1.codec.der.decoder.decode().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
pyasn1.codec.der.decoder
, or try the search function
.
.
Example #1
| Source File: cert_parser.py From f5-openstack-agent with Apache License 2.0 | 6 votes |
|
def _split_x509s(xstr):
"""Split the input string into individual x509 text blocks
:param xstr: A large multi x509 certificate blcok
:returns: A list of strings where each string represents an
X509 pem block surrounded by BEGIN CERTIFICATE,
END CERTIFICATE block tags
"""
curr_pem_block = []
inside_x509 = False
if type(xstr) == six.binary_type:
xstr = xstr.decode('utf-8')
for line in xstr.replace("\r", "").split("\n"):
if inside_x509:
curr_pem_block.append(line)
if line == X509_END.decode('utf-8'):
yield six.b("\n".join(curr_pem_block))
curr_pem_block = []
inside_x509 = False
continue
else:
if line == X509_BEG.decode('utf-8'):
curr_pem_block.append(line)
inside_x509 = True
Example #2
| Source File: cert_parser.py From f5-openstack-agent with Apache License 2.0 | 6 votes |
|
def _parse_pkcs7_bundle(pkcs7):
"""Parse a PKCS7 certificate bundle in DER or PEM format
:param pkcs7: A pkcs7 bundle in DER or PEM format
:returns: A list of individual DER-encoded certificates
"""
# Look for PEM encoding
if PKCS7_BEG in pkcs7:
try:
for substrate in _read_pem_blocks(pkcs7):
for cert in _get_certs_from_pkcs7_substrate(substrate):
yield cert
except Exception:
LOG.exception('Unreadable Certificate.')
raise f5_ex.UnreadableCert
# If no PEM encoding, assume this is DER encoded and try to decode
else:
for cert in _get_certs_from_pkcs7_substrate(pkcs7):
yield cert
Example #3
| Source File: parse-aboot.py From aboot-parser with Apache License 2.0 | 6 votes |
|
def parse_cert(raw_bytes):
result = CertInfo()
certType = rfc2459.Certificate();
cert, rest = decoder.decode(raw_bytes, asn1Spec=certType)
subj_pub_key_bytes = frombits(cert.getComponentByName('tbsCertificate').getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey'))
SUBJECT = cert.getComponentByName('tbsCertificate').getComponentByName('subject')
for rdn in SUBJECT[0]:
for nv in rdn:
name = nv.getComponentByName('type')
value = nv.getComponentByName('value')
# could pick up regular OUs too
if name == rfc2459.id_at_organizationalUnitName:
#print 'name: %s' % name
#print 'value: [%s] (%s)' % (str(value).strip(), type(value))
result.control_fields.append(str(value).strip())
rsaType = rfc2437.RSAPublicKey();
rsadata,rsadata_rest = decoder.decode(subj_pub_key_bytes, asn1Spec=rsaType)
mod = rsadata.getComponentByName("modulus")
pub_exp = rsadata.getComponentByName("publicExponent")
result.pub_key = rsa.PublicKey(long(mod), long(pub_exp))
return result
Example #4
| Source File: cert_parser.py From octavia with Apache License 2.0 | 6 votes |
|
def _parse_pkcs7_bundle(pkcs7):
"""Parse a PKCS7 certificate bundle in DER or PEM format
:param pkcs7: A pkcs7 bundle in DER or PEM format
:returns: A list of individual DER-encoded certificates
"""
# Look for PEM encoding
if PKCS7_BEG in pkcs7:
try:
for substrate in _read_pem_blocks(pkcs7):
for cert in _get_certs_from_pkcs7_substrate(substrate):
yield cert
except Exception:
LOG.exception('Unreadable Certificate.')
raise exceptions.UnreadableCert
# If no PEM encoding, assume this is DER encoded and try to decode
else:
for cert in _get_certs_from_pkcs7_substrate(pkcs7):
yield cert
Example #5
| Source File: cert_parser.py From octavia with Apache License 2.0 | 6 votes |
|
def _split_x509s(xstr):
"""Split the input string into individual x509 text blocks
:param xstr: A large multi x509 certificate blcok
:returns: A list of strings where each string represents an
X509 pem block surrounded by BEGIN CERTIFICATE,
END CERTIFICATE block tags
"""
curr_pem_block = []
inside_x509 = False
if isinstance(xstr, bytes):
xstr = xstr.decode('utf-8')
for line in xstr.replace("\r", "").split("\n"):
if inside_x509:
curr_pem_block.append(line)
if line == X509_END.decode('utf-8'):
yield octavia_utils.b("\n".join(curr_pem_block))
curr_pem_block = []
inside_x509 = False
continue
if line == X509_BEG.decode('utf-8'):
curr_pem_block.append(line)
inside_x509 = True
Example #6
| Source File: test_rfc4334.py From pyasn1-modules with BSD 2-Clause "Simplified" License | 5 votes |
|
def testDerCodec(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
Example #7
| Source File: tds.py From cracke-dit with MIT License | 5 votes |
|
def printReplies(self):
for keys in self.replies.keys():
for i, key in enumerate(self.replies[keys]):
if key['TokenType'] == TDS_ERROR_TOKEN:
error = "ERROR(%s): Line %d: %s" % (key['ServerName'].decode('utf-16le'), key['LineNumber'], key['MsgText'].decode('utf-16le'))
self.lastError = SQLErrorException("ERROR: Line %d: %s" % (key['LineNumber'], key['MsgText'].decode('utf-16le')))
LOG.error(error)
elif key['TokenType'] == TDS_INFO_TOKEN:
LOG.info("INFO(%s): Line %d: %s" % (key['ServerName'].decode('utf-16le'), key['LineNumber'], key['MsgText'].decode('utf-16le')))
elif key['TokenType'] == TDS_LOGINACK_TOKEN:
LOG.info("ACK: Result: %s - %s (%d%d %d%d) " % (key['Interface'], key['ProgName'].decode('utf-16le'), key['MajorVer'], key['MinorVer'], key['BuildNumHi'], key['BuildNumLow']))
elif key['TokenType'] == TDS_ENVCHANGE_TOKEN:
if key['Type'] in (TDS_ENVCHANGE_DATABASE, TDS_ENVCHANGE_LANGUAGE, TDS_ENVCHANGE_CHARSET, TDS_ENVCHANGE_PACKETSIZE):
record = TDS_ENVCHANGE_VARCHAR(key['Data'])
if record['OldValue'] == '':
record['OldValue'] = 'None'.encode('utf-16le')
elif record['NewValue'] == '':
record['NewValue'] = 'None'.encode('utf-16le')
if key['Type'] == TDS_ENVCHANGE_DATABASE:
_type = 'DATABASE'
elif key['Type'] == TDS_ENVCHANGE_LANGUAGE:
_type = 'LANGUAGE'
elif key['Type'] == TDS_ENVCHANGE_CHARSET:
_type = 'CHARSET'
elif key['Type'] == TDS_ENVCHANGE_PACKETSIZE:
_type = 'PACKETSIZE'
else:
_type = "%d" % key['Type']
LOG.info("ENVCHANGE(%s): Old Value: %s, New Value: %s" % (_type,record['OldValue'].decode('utf-16le'), record['NewValue'].decode('utf-16le')))
Example #8
| Source File: smb3.py From cracke-dit with MIT License | 5 votes |
|
def listPath(self, shareName, path, password = None):
# ToDo: Handle situations where share is password protected
path = string.replace(path,'/', '\\')
path = ntpath.normpath(path)
if len(path) > 0 and path[0] == '\\':
path = path[1:]
treeId = self.connectTree(shareName)
fileId = None
try:
# ToDo, we're assuming it's a directory, we should check what the file type is
fileId = self.create(treeId, ntpath.dirname(path), FILE_READ_ATTRIBUTES | FILE_READ_DATA ,FILE_SHARE_READ | FILE_SHARE_WRITE |FILE_SHARE_DELETE, FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT, FILE_OPEN, 0)
res = ''
files = []
from impacket import smb
while True:
try:
res = self.queryDirectory( treeId, fileId, ntpath.basename(path), maxBufferSize = 65535, informationClass = FILE_FULL_DIRECTORY_INFORMATION )
nextOffset = 1
while nextOffset != 0:
fileInfo = smb.SMBFindFileFullDirectoryInfo(smb.SMB.FLAGS2_UNICODE)
fileInfo.fromString(res)
files.append(smb.SharedFile(fileInfo['CreationTime'],fileInfo['LastAccessTime'],fileInfo['LastChangeTime'],fileInfo['EndOfFile'],fileInfo['AllocationSize'],fileInfo['ExtFileAttributes'],fileInfo['FileName'].decode('utf-16le'), fileInfo['FileName'].decode('utf-16le')))
nextOffset = fileInfo['NextEntryOffset']
res = res[nextOffset:]
except SessionError, e:
if (e.get_error_code()) != STATUS_NO_MORE_FILES:
raise
break
finally:
if fileId is not None:
self.close(treeId, fileId)
self.disconnectTree(treeId)
return files
Example #9
| Source File: pyopenssl.py From deepWordBug with Apache License 2.0 | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #10
| Source File: test_rfc3161.py From pyasn1-modules with BSD 2-Clause "Simplified" License | 5 votes |
|
def testDerCodec(self):
substrate = pem.readBase64fromText(self.tsp_response_pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
Example #11
| Source File: test_rfc2631.py From pyasn1-modules with BSD 2-Clause "Simplified" License | 5 votes |
|
def testDerCodec(self):
substrate = pem.readBase64fromText(self.pem_text)
asn1Object, rest = der_decoder(substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
hex1 = univ.OctetString(hexValue='00000001')
self.assertEqual(hex1, asn1Object['keyInfo']['counter'])
Example #12
| Source File: test_rfc4334.py From pyasn1-modules with BSD 2-Clause "Simplified" License | 5 votes |
|
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
extn_list = []
for extn in asn1Object['tbsCertificate']['extensions']:
extn_list.append(extn['extnID'])
if extn['extnID'] in rfc5280.certificateExtensionsMap.keys():
extnValue, rest = der_decoder(
extn['extnValue'],
asn1Spec=rfc5280.certificateExtensionsMap[extn['extnID']])
self.assertEqual(extn['extnValue'], der_encoder(extnValue))
if extn['extnID'] == rfc4334.id_pe_wlanSSID:
self.assertIn( str2octs('Example'), extnValue)
if extn['extnID'] == rfc5280.id_ce_extKeyUsage:
self.assertIn(rfc4334.id_kp_eapOverLAN, extnValue)
self.assertIn(rfc4334.id_kp_eapOverPPP, extnValue)
self.assertIn(rfc4334.id_pe_wlanSSID, extn_list)
self.assertIn(rfc5280.id_ce_extKeyUsage, extn_list)
Example #13
| Source File: pyopenssl.py From oss-ftp with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #14
| Source File: test_rfc7585.py From pyasn1-modules with BSD 2-Clause "Simplified" License | 5 votes |
|
def testOpenTypes(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec, decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
nai_realm_oid = rfc7585.id_on_naiRealm
nai_realm_found = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_ce_subjectAltName:
extnValue, rest = der_decoder(
extn['extnValue'], asn1Spec=rfc5280.SubjectAltName(),
decodeOpenTypes=True)
self.assertFalse(rest)
self.assertTrue(extnValue.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(extnValue))
for gn in extnValue:
if gn['otherName'].hasValue():
self.assertEqual(
nai_realm_oid, gn['otherName']['type-id'])
self.assertIn('example', gn['otherName']['value'])
nai_realm_found = True
self.assertTrue(nai_realm_found)
Example #15
| Source File: test_rfc7585.py From pyasn1-modules with BSD 2-Clause "Simplified" License | 5 votes |
|
def testDerCodec(self):
substrate = pem.readBase64fromText(self.cert_pem_text)
asn1Object, rest = der_decoder(
substrate, asn1Spec=self.asn1Spec)
self.assertFalse(rest)
self.assertTrue(asn1Object.prettyPrint())
self.assertEqual(substrate, der_encoder(asn1Object))
nai_realm_oid = rfc7585.id_on_naiRealm
nai_realm_found = False
for extn in asn1Object['tbsCertificate']['extensions']:
if extn['extnID'] == rfc5280.id_ce_subjectAltName:
extnValue, rest = der_decoder(
extn['extnValue'], asn1Spec=rfc5280.SubjectAltName())
self.assertFalse(rest)
self.assertTrue(extnValue.prettyPrint())
self.assertEqual(extn['extnValue'], der_encoder(extnValue))
for gn in extnValue:
if gn['otherName'].hasValue():
self.assertEqual(
nai_realm_oid, gn['otherName']['type-id'])
onValue, rest = der_decoder(
gn['otherName']['value'], asn1Spec=rfc7585.NAIRealm())
self.assertFalse(rest)
self.assertTrue(onValue.prettyPrint())
self.assertEqual(
gn['otherName']['value'], der_encoder(onValue))
self.assertIn('example', onValue)
nai_realm_found = True
self.assertTrue(nai_realm_found)
Example #16
| Source File: blobparser.py From iChainbreaker with GNU General Public License v2.0 | 5 votes |
|
def ParseIt(self, data, tblname, export):
record = {}
#debug.setLogger(debug.Debug('all'))
Decoded, _ = decoder.decode(data)
count = 0
while 1:
try:
seq = Decoded.getComponentByPosition(count)
k = seq.getComponentByPosition(0)
data = '%s' % seq.getComponentByPosition(1)
except:
#print ' [-] Decrypted', count, 'items in', tblname
break
if k == 'atyp':
data = self.GetAuthType(data)
elif k == 'pdmn':
data = self.GetAccessibleName(data)
elif k == 'cdat' or k == 'mdat':
data = self.Getdate(data)
elif k == 'ptcl':
data = self.GetProtoFullName(data)
elif k == 'klbl':
data = data.encode('hex')
if export == 0:
k = self.GetColumnFullName('%s'%k)
record[k] = data
count += 1
return record
Example #17
| Source File: pyopenssl.py From pmatic with GNU General Public License v2.0 | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #18
| Source File: pyopenssl.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != b'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #19
| Source File: pyopenssl.py From crunchy-xml-decoder with GNU General Public License v2.0 | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #20
| Source File: utils.py From oss-ftp with MIT License | 5 votes |
|
def decode_dss_signature(signature):
try:
data, remaining = decoder.decode(signature, asn1Spec=_DSSSigValue())
except PyAsn1Error:
raise ValueError("Invalid signature data. Unable to decode ASN.1")
if remaining:
raise ValueError(
"The signature contains bytes after the end of the ASN.1 sequence."
)
r = int(data.getComponentByName('r'))
s = int(data.getComponentByName('s'))
return (r, s)
Example #21
| Source File: kerberosv5.py From cracke-dit with MIT License | 5 votes |
|
def getKerberosType3(cipher, sessionKey, auth_data):
negTokenResp = SPNEGO_NegTokenResp(auth_data)
# If DCE_STYLE = FALSE
#ap_rep = decoder.decode(negTokenResp['ResponseToken'][16:], asn1Spec=AP_REP())[0]
try:
krbError = KerberosError(packet = decoder.decode(negTokenResp['ResponseToken'][15:], asn1Spec = KRB_ERROR())[0])
except Exception, e:
pass
Example #22
| Source File: pyopenssl.py From oss-ftp with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #23
| Source File: pyopenssl.py From oss-ftp with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #24
| Source File: pyopenssl.py From oss-ftp with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #25
| Source File: pyopenssl.py From oss-ftp with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != 'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #26
| Source File: cert_parser.py From f5-openstack-agent with Apache License 2.0 | 5 votes |
|
def _get_certs_from_pkcs7_substrate(substrate):
"""Extracts DER-encoded X509 certificates from a PKCS7 ASN1 DER substrate
:param substrate: The substrate to be processed
:returns: A list of DER-encoded X509 certificates
"""
try:
contentInfo, _ = der_decoder.decode(substrate,
asn1Spec=rfc2315.ContentInfo())
contentType = contentInfo.getComponentByName('contentType')
except Exception:
LOG.exception('Unreadable Certificate.')
raise f5_ex.UnreadableCert
if contentType != rfc2315.signedData:
LOG.exception('Unreadable Certificate.')
raise f5_ex.UnreadableCert
try:
content, _ = der_decoder.decode(
contentInfo.getComponentByName('content'),
asn1Spec=rfc2315.SignedData())
except Exception:
LOG.exception('Unreadable Certificate.')
raise f5_ex.UnreadableCert
for cert in content.getComponentByName('certificates'):
yield der_encoder.encode(cert)
Example #27
| Source File: cert_parser.py From f5-openstack-agent with Apache License 2.0 | 5 votes |
|
def _read_pem_blocks(data):
"""Parse a series of PEM-encoded blocks
This method is based on pyasn1-modules.pem.readPemBlocksFromFile, but
eliminates the need to operate on a file handle and is a generator.
:param data: A long text string containing one or more PEM-encoded blocks
:param markers: A tuple containing the test strings that indicate the
start and end of the PEM-encoded blocks
:returns: An ASN1 substrate suitable for DER decoding.
"""
stSpam, stHam, stDump = 0, 1, 2
startMarkers = {PKCS7_BEG.decode('utf-8'): 0}
stopMarkers = {PKCS7_END.decode('utf-8'): 0}
idx = -1
state = stSpam
if type(data) == six.binary_type:
data = data.decode('utf-8')
for certLine in data.replace('\r', '').split('\n'):
if not certLine:
continue
certLine = certLine.strip()
if state == stSpam:
if certLine in startMarkers:
certLines = []
idx = startMarkers[certLine]
state = stHam
continue
if state == stHam:
if certLine in stopMarkers and stopMarkers[certLine] == idx:
state = stDump
else:
certLines.append(certLine)
if state == stDump:
yield b''.join([base64.b64decode(x) for x in certLines])
state = stSpam
Example #28
| Source File: certificate.py From controller with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != b'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #29
| Source File: pyopenssl.py From vnpy_crypto with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != b'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
Example #30
| Source File: pyopenssl.py From splunk-aws-project-trumpet with MIT License | 5 votes |
|
def get_subj_alt_name(peer_cert):
# Search through extensions
dns_name = []
if not SUBJ_ALT_NAME_SUPPORT:
return dns_name
general_names = SubjectAltName()
for i in range(peer_cert.get_extension_count()):
ext = peer_cert.get_extension(i)
ext_name = ext.get_short_name()
if ext_name != b'subjectAltName':
continue
# PyOpenSSL returns extension data in ASN.1 encoded form
ext_dat = ext.get_data()
decoded_dat = der_decoder.decode(ext_dat,
asn1Spec=general_names)
for name in decoded_dat:
if not isinstance(name, SubjectAltName):
continue
for entry in range(len(name)):
component = name.getComponentByPosition(entry)
if component.getName() != 'dNSName':
continue
dns_name.append(str(component.getComponent()))
return dns_name
