[6ff0b91] | 1 | # Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text, |
---|
| 2 | # then build substrate from it |
---|
| 3 | import sys, string, base64 |
---|
| 4 | from pyasn1.type import tag,namedtype,namedval,univ,constraint,char,useful |
---|
| 5 | from pyasn1.codec.der import decoder, encoder |
---|
| 6 | from pyasn1 import error |
---|
| 7 | |
---|
| 8 | from M2Crypto import EVP |
---|
| 9 | |
---|
| 10 | # Would be autogenerated from ASN.1 source by a ASN.1 parser |
---|
| 11 | # X.509 spec (rfc2459) |
---|
| 12 | |
---|
| 13 | MAX = 64 # XXX ? |
---|
| 14 | |
---|
| 15 | class DirectoryString(univ.Choice): |
---|
| 16 | componentType = namedtype.NamedTypes( |
---|
| 17 | namedtype.NamedType('teletexString', char.TeletexString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), |
---|
| 18 | namedtype.NamedType('printableString', char.PrintableString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), |
---|
| 19 | namedtype.NamedType('universalString', char.UniversalString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), |
---|
| 20 | namedtype.NamedType('utf8String', char.UTF8String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), |
---|
| 21 | namedtype.NamedType('bmpString', char.BMPString().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))), |
---|
| 22 | namedtype.NamedType('ia5String', char.IA5String().subtype(subtypeSpec=constraint.ValueSizeConstraint(1, MAX))) # hm, this should not be here!? XXX |
---|
| 23 | ) |
---|
| 24 | |
---|
| 25 | class AttributeValue(DirectoryString): pass |
---|
| 26 | |
---|
| 27 | class AttributeType(univ.ObjectIdentifier): pass |
---|
| 28 | |
---|
| 29 | class AttributeTypeAndValue(univ.Sequence): |
---|
| 30 | componentType = namedtype.NamedTypes( |
---|
| 31 | namedtype.NamedType('type', AttributeType()), |
---|
| 32 | namedtype.NamedType('value', AttributeValue()) |
---|
| 33 | ) |
---|
| 34 | |
---|
| 35 | class RelativeDistinguishedName(univ.SetOf): |
---|
| 36 | componentType = AttributeTypeAndValue() |
---|
| 37 | |
---|
| 38 | class RDNSequence(univ.SequenceOf): |
---|
| 39 | componentType = RelativeDistinguishedName() |
---|
| 40 | |
---|
| 41 | class Name(univ.Choice): |
---|
| 42 | componentType = namedtype.NamedTypes( |
---|
| 43 | namedtype.NamedType('', RDNSequence()) |
---|
| 44 | ) |
---|
| 45 | |
---|
| 46 | class AlgorithmIdentifier(univ.Sequence): |
---|
| 47 | componentType = namedtype.NamedTypes( |
---|
| 48 | namedtype.NamedType('algorithm', univ.ObjectIdentifier()), |
---|
| 49 | namedtype.OptionalNamedType('parameters', univ.Null()) |
---|
| 50 | # XXX syntax screwed? |
---|
| 51 | # namedtype.OptionalNamedType('parameters', univ.ObjectIdentifier()) |
---|
| 52 | ) |
---|
| 53 | |
---|
| 54 | class Extension(univ.Sequence): |
---|
| 55 | componentType = namedtype.NamedTypes( |
---|
| 56 | namedtype.NamedType('extnID', univ.ObjectIdentifier()), |
---|
| 57 | namedtype.DefaultedNamedType('critical', univ.Boolean('False')), |
---|
| 58 | namedtype.NamedType('extnValue', univ.OctetString()) |
---|
| 59 | ) |
---|
| 60 | |
---|
| 61 | class Extensions(univ.SequenceOf): |
---|
| 62 | componentType = Extension() |
---|
| 63 | sizeSpec = univ.SequenceOf.sizeSpec + constraint.ValueSizeConstraint(1, MAX) |
---|
| 64 | |
---|
| 65 | class SubjectPublicKeyInfo(univ.Sequence): |
---|
| 66 | componentType = namedtype.NamedTypes( |
---|
| 67 | namedtype.NamedType('algorithm', AlgorithmIdentifier()), |
---|
| 68 | namedtype.NamedType('subjectPublicKey', univ.BitString()) |
---|
| 69 | ) |
---|
| 70 | |
---|
| 71 | class UniqueIdentifier(univ.BitString): pass |
---|
| 72 | |
---|
| 73 | class Time(univ.Choice): |
---|
| 74 | componentType = namedtype.NamedTypes( |
---|
| 75 | namedtype.NamedType('utcTime', useful.UTCTime()), |
---|
| 76 | namedtype.NamedType('generalTime', useful.GeneralizedTime()) |
---|
| 77 | ) |
---|
| 78 | |
---|
| 79 | class Validity(univ.Sequence): |
---|
| 80 | componentType = namedtype.NamedTypes( |
---|
| 81 | namedtype.NamedType('notBefore', Time()), |
---|
| 82 | namedtype.NamedType('notAfter', Time()) |
---|
| 83 | ) |
---|
| 84 | |
---|
| 85 | class CertificateSerialNumber(univ.Integer): pass |
---|
| 86 | |
---|
| 87 | class Version(univ.Integer): |
---|
| 88 | namedValues = namedval.NamedValues( |
---|
| 89 | ('v1', 0), ('v2', 1), ('v3', 2) |
---|
| 90 | ) |
---|
| 91 | |
---|
| 92 | class TBSCertificate(univ.Sequence): |
---|
| 93 | componentType = namedtype.NamedTypes( |
---|
| 94 | namedtype.DefaultedNamedType('version', Version('v1', tagSet=Version.tagSet.tagExplicitly(tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))), |
---|
| 95 | namedtype.NamedType('serialNumber', CertificateSerialNumber()), |
---|
| 96 | namedtype.NamedType('signature', AlgorithmIdentifier()), |
---|
| 97 | namedtype.NamedType('issuer', Name()), |
---|
| 98 | namedtype.NamedType('validity', Validity()), |
---|
| 99 | namedtype.NamedType('subject', Name()), |
---|
| 100 | namedtype.NamedType('subjectPublicKeyInfo', SubjectPublicKeyInfo()), |
---|
| 101 | namedtype.OptionalNamedType('issuerUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))), |
---|
| 102 | namedtype.OptionalNamedType('subjectUniqueID', UniqueIdentifier().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))), |
---|
| 103 | namedtype.OptionalNamedType('extensions', Extensions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))) |
---|
| 104 | ) |
---|
| 105 | |
---|
| 106 | class Certificate(univ.Sequence): |
---|
| 107 | componentType = namedtype.NamedTypes( |
---|
| 108 | namedtype.NamedType('tbsCertificate', TBSCertificate()), |
---|
| 109 | namedtype.NamedType('signatureAlgorithm', AlgorithmIdentifier()), |
---|
| 110 | namedtype.NamedType('signatureValue', univ.BitString()) |
---|
| 111 | ) |
---|
| 112 | |
---|
| 113 | # end of ASN.1 data structures |
---|
| 114 | |
---|
| 115 | |
---|
| 116 | def get_bits(substrate): |
---|
| 117 | certType = Certificate() |
---|
| 118 | cert = decoder.decode(substrate, asn1Spec=certType)[0] |
---|
| 119 | n = cert |
---|
| 120 | for name in ('tbsCertificate', 'subjectPublicKeyInfo', |
---|
| 121 | 'subjectPublicKey'): |
---|
| 122 | n = n.getComponentByName(name) |
---|
| 123 | if n == None: raise RuntimeException("Bad cert") |
---|
| 124 | |
---|
| 125 | b = [] |
---|
| 126 | for i in range(0, len(n), 8): |
---|
| 127 | v = 0 |
---|
| 128 | for j in range(0, 8): |
---|
| 129 | v = (v << 1) + n[i+j] |
---|
| 130 | b.append(v) |
---|
| 131 | |
---|
| 132 | return str().join([chr(x) for x in b]) |
---|
| 133 | |
---|
| 134 | |
---|
| 135 | def get_key_bits_from_file(fname): |
---|
| 136 | stSpam, stHam, stDump = 0, 1, 2 |
---|
| 137 | state = stSpam |
---|
| 138 | |
---|
| 139 | f = open(fname) |
---|
| 140 | |
---|
| 141 | for certLine in f: |
---|
| 142 | certLine = string.strip(certLine) |
---|
| 143 | if state == stSpam: |
---|
| 144 | if certLine == '-----BEGIN CERTIFICATE-----': |
---|
| 145 | substrate = "" |
---|
| 146 | state = stHam |
---|
| 147 | continue |
---|
| 148 | if state == stHam: |
---|
| 149 | if certLine == '-----END CERTIFICATE-----': |
---|
| 150 | state = stDump |
---|
| 151 | else: |
---|
| 152 | substrate = substrate + base64.b64decode(certLine) |
---|
| 153 | if state == stDump: |
---|
| 154 | f.close() |
---|
| 155 | return get_bits(substrate) |
---|
| 156 | |
---|
| 157 | def get_key_bits_from_cert(cert): |
---|
| 158 | return get_bits(cert.as_der()) |
---|