diff options
Diffstat (limited to 'third_party/python/pyasn1-modules/tools')
14 files changed, 712 insertions, 0 deletions
diff --git a/third_party/python/pyasn1-modules/tools/cmcdump.py b/third_party/python/pyasn1-modules/tools/cmcdump.py new file mode 100755 index 0000000000..bce48b1990 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/cmcdump.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python +# +# Read CMC certificate request with wrappers on stdin, parse each into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc5652, rfc6402, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat cmc_request.pem | %s""" % (sys.argv[0],)) + sys.exit(-1) + +reqCnt = 0 + +substrate = pem.readBase64FromFile(sys.stdin) + +_, rest = decoder.decode(substrate, asn1Spec=rfc5652.ContentInfo()) +assert not rest + +next_layer = rfc5652.id_ct_contentInfo +data = substrate +while next_layer: + if next_layer == rfc5652.id_ct_contentInfo: + layer, rest = decoder.decode(data, asn1Spec=rfc5652.ContentInfo()) + assert encoder.encode(layer) == data, 'wrapper recode fails' + assert not rest + + print(" * New layer (wrapper):") + print(layer.prettyPrint()) + + next_layer = layer['contentType'] + data = layer['content'] + + elif next_layer == rfc5652.id_signedData: + layer, rest = decoder.decode(data, asn1Spec=rfc5652.SignedData()) + assert encoder.encode(layer) == data, 'wrapper recode fails' + assert not rest + + print(" * New layer (wrapper):") + print(layer.prettyPrint()) + + next_layer = layer['encapContentInfo']['eContentType'] + data = layer['encapContentInfo']['eContent'] + + elif next_layer == rfc6402.id_cct_PKIData: + layer, rest = decoder.decode(data, asn1Spec=rfc6402.PKIData()) + assert encoder.encode(layer) == data, 'pkidata recode fails' + assert not rest + + print(" * New layer (pkidata):") + print(layer.prettyPrint()) + + next_layer = None + data = None diff --git a/third_party/python/pyasn1-modules/tools/cmpdump.py b/third_party/python/pyasn1-modules/tools/cmpdump.py new file mode 100755 index 0000000000..c89951ac9f --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/cmpdump.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM CMP message on stdin, parse into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc4210, pem +from pyasn1 import debug +import sys + +if len(sys.argv) == 2 and sys.argv[1] == '-d': + debug.setLogger(debug.Debug('all')) +elif len(sys.argv) != 1: + print("""Usage: +$ cat cmp.pem | %s [-d]""" % sys.argv[0]) + sys.exit(-1) + +pkiMessage = rfc4210.PKIMessage() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage) + +print(pkiMsg.prettyPrint()) + +assert encoder.encode(pkiMsg) == substrate, 'CMP message recode fails' diff --git a/third_party/python/pyasn1-modules/tools/crldump.py b/third_party/python/pyasn1-modules/tools/crldump.py new file mode 100755 index 0000000000..b871ddd962 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/crldump.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read X.509 CRL on stdin, print them pretty and encode back into +# original wire format. +# CRL can be generated with "openssl openssl ca -gencrl ..." commands. +# +from pyasn1_modules import rfc2459, pem +from pyasn1.codec.der import encoder, decoder +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat crl.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +asn1Spec = rfc2459.CertificateList() + +cnt = 0 + +while True: + idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----')) + if not substrate: + break + + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: + substrate = substrate[:-len(rest)] + + print(key.prettyPrint()) + + assert encoder.encode(key) == substrate, 'pkcs8 recode fails' + + cnt += 1 + +print('*** %s CRL(s) re/serialized' % cnt) diff --git a/third_party/python/pyasn1-modules/tools/crmfdump.py b/third_party/python/pyasn1-modules/tools/crmfdump.py new file mode 100755 index 0000000000..efb0ffc0e4 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/crmfdump.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM X.509 CRMF request on stdin, parse into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2511, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat crmf.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +certReq = rfc2511.CertReqMessages() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +cr, rest = decoder.decode(substrate, asn1Spec=certReq) + +print(cr.prettyPrint()) + +assert encoder.encode(cr) == substrate, 'crmf recode fails' diff --git a/third_party/python/pyasn1-modules/tools/ocspclient.py b/third_party/python/pyasn1-modules/tools/ocspclient.py new file mode 100755 index 0000000000..07ff5ada68 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/ocspclient.py @@ -0,0 +1,165 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +import hashlib +import sys + +try: + import urllib2 +except ImportError: + import urllib.request as urllib2 + +from pyasn1.codec.der import decoder, encoder +from pyasn1.type import univ + +from pyasn1_modules import rfc2560, rfc2459, pem + +sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26)) + + +# noinspection PyClassHasNoInit +class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder): + # These methods just do not encode tag and length fields of TLV + def encodeTag(self, *args): + return '' + + def encodeLength(self, *args): + return '' + + def encodeValue(*args): + substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args) + # OCSP-specific hack follows: cut off the "unused bit count" + # encoded bit-string value. + return substrate[1:], isConstructed + + def __call__(self, bitStringValue): + return self.encode(None, bitStringValue, defMode=True, maxChunkSize=0) + + +valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder() + + +# noinspection PyShadowingNames +def mkOcspRequest(issuerCert, userCert): + issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate') + issuerSubject = issuerTbsCertificate.getComponentByName('subject') + + userTbsCertificate = userCert.getComponentByName('tbsCertificate') + userIssuer = userTbsCertificate.getComponentByName('issuer') + + assert issuerSubject == userIssuer, '%s\n%s' % ( + issuerSubject.prettyPrint(), userIssuer.prettyPrint() + ) + + userIssuerHash = hashlib.sha1( + encoder.encode(userIssuer) + ).digest() + + issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName( + 'subjectPublicKey') + + issuerKeyHash = hashlib.sha1( + valueOnlyBitStringEncoder(issuerSubjectPublicKey) + ).digest() + + userSerialNumber = userTbsCertificate.getComponentByName('serialNumber') + + # Build request object + + request = rfc2560.Request() + + reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert') + + hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm') + hashAlgorithm.setComponentByName('algorithm', sha1oid) + + reqCert.setComponentByName('issuerNameHash', userIssuerHash) + reqCert.setComponentByName('issuerKeyHash', issuerKeyHash) + reqCert.setComponentByName('serialNumber', userSerialNumber) + + ocspRequest = rfc2560.OCSPRequest() + + tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest') + tbsRequest.setComponentByName('version', 'v1') + + requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList') + requestList.setComponentByPosition(0, request) + + return ocspRequest + + +def parseOcspResponse(ocspResponse): + responseStatus = ocspResponse.getComponentByName('responseStatus') + assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint() + responseBytes = ocspResponse.getComponentByName('responseBytes') + responseType = responseBytes.getComponentByName('responseType') + assert responseType == rfc2560.id_pkix_ocsp_basic, responseType.prettyPrint() + + response = responseBytes.getComponentByName('response') + + basicOCSPResponse, _ = decoder.decode( + response, asn1Spec=rfc2560.BasicOCSPResponse() + ) + + tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') + + response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0) + + return ( + tbsResponseData.getComponentByName('producedAt'), + response0.getComponentByName('certID'), + response0.getComponentByName('certStatus').getName(), + response0.getComponentByName('thisUpdate') + ) + + +if len(sys.argv) != 2: + print("""Usage: +$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0]) + sys.exit(-1) +else: + ocspUrl = sys.argv[1] + +# Parse CA and user certificates + +issuerCert, _ = decoder.decode( + pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') + )[1], + asn1Spec=rfc2459.Certificate() +) +# noinspection PyRedeclaration +userCert, _ = decoder.decode( + pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') + )[1], + asn1Spec=rfc2459.Certificate() +) + +# Build OCSP request + +ocspReq = mkOcspRequest(issuerCert, userCert) + +# Use HTTP POST to get response (see Appendix A of RFC 2560) +# In case you need proxies, set the http_proxy env variable + +httpReq = urllib2.Request( + ocspUrl, + encoder.encode(ocspReq), + {'Content-Type': 'application/ocsp-request'} +) +httpRsp = urllib2.urlopen(httpReq).read() + +# Process OCSP response + +# noinspection PyRedeclaration +ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse()) + +producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp) + +print('Certificate ID %s is %s at %s till %s\n' % (certId.getComponentByName('serialNumber'), + certStatus, producedAt, thisUpdate)) diff --git a/third_party/python/pyasn1-modules/tools/ocspreqdump.py b/third_party/python/pyasn1-modules/tools/ocspreqdump.py new file mode 100755 index 0000000000..40c088a130 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/ocspreqdump.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM X.509 CRMF request on stdin, parse into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat ocsp-request.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +ocspReq = rfc2560.OCSPRequest() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +cr, rest = decoder.decode(substrate, asn1Spec=ocspReq) + +print(cr.prettyPrint()) + +assert encoder.encode(cr) == substrate, 'OCSP request recode fails' diff --git a/third_party/python/pyasn1-modules/tools/ocsprspdump.py b/third_party/python/pyasn1-modules/tools/ocsprspdump.py new file mode 100755 index 0000000000..ca52f64bd7 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/ocsprspdump.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM OCSP response on stdin, parse into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat ocsp-response.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +ocspReq = rfc2560.OCSPResponse() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +cr, rest = decoder.decode(substrate, asn1Spec=ocspReq) + +print(cr.prettyPrint()) + +assert encoder.encode(cr) == substrate, 'OCSP request recode fails' diff --git a/third_party/python/pyasn1-modules/tools/pkcs10dump.py b/third_party/python/pyasn1-modules/tools/pkcs10dump.py new file mode 100755 index 0000000000..56417ae483 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/pkcs10dump.py @@ -0,0 +1,43 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM X.509 certificate requests (PKCS#10 format) on stdin, +# parse each into plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2314, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat certificateRequest.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +certType = rfc2314.CertificationRequest() + +certCnt = 0 + +while True: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE REQUEST-----', + '-----END CERTIFICATE REQUEST-----') + ) + if not substrate: + break + + cert, rest = decoder.decode(substrate, asn1Spec=certType) + + if rest: + substrate = substrate[:-len(rest)] + + print(cert.prettyPrint()) + + assert encoder.encode(cert) == substrate, 'cert recode fails' + + certCnt += 1 + +print('*** %s PEM certificate request(s) de/serialized' % certCnt) diff --git a/third_party/python/pyasn1-modules/tools/pkcs1dump.py b/third_party/python/pyasn1-modules/tools/pkcs1dump.py new file mode 100755 index 0000000000..f205d779cc --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/pkcs1dump.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on +# stdin, print them pretty and encode back into original wire format. +# Private keys can be generated with "openssl genrsa|gendsa" commands. +# +from pyasn1_modules import rfc2459, rfc2437, pem +from pyasn1.codec.der import encoder, decoder +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat rsakey.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +cnt = 0 + +while True: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, + ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), + ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') + ) + if not substrate: + break + + if idx == 0: + asn1Spec = rfc2437.RSAPrivateKey() + elif idx == 1: + asn1Spec = rfc2459.DSAPrivateKey() + else: + break + + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: + substrate = substrate[:-len(rest)] + + print(key.prettyPrint()) + + assert encoder.encode(key) == substrate, 'pkcs8 recode fails' + + cnt += 1 + +print('*** %s key(s) re/serialized' % cnt) diff --git a/third_party/python/pyasn1-modules/tools/pkcs7dump.py b/third_party/python/pyasn1-modules/tools/pkcs7dump.py new file mode 100755 index 0000000000..72fe70d7b3 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/pkcs7dump.py @@ -0,0 +1,51 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM PKCS#7 on stdin, parse it into plain text, +# then build substrate from it +# +from pyasn1_modules import rfc2315, pem +from pyasn1.codec.der import encoder, decoder +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat pkcs7Certificate.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN PKCS7-----', '-----END PKCS7-----') +) + +assert substrate, 'bad PKCS7 data on input' + +contentInfo, rest = decoder.decode(substrate, asn1Spec=rfc2315.ContentInfo()) + +if rest: + substrate = substrate[:-len(rest)] + +print(contentInfo.prettyPrint()) + +assert encoder.encode(contentInfo) == substrate, 're-encode fails' + +contentType = contentInfo.getComponentByName('contentType') + +contentInfoMap = { + (1, 2, 840, 113549, 1, 7, 1): rfc2315.Data(), + (1, 2, 840, 113549, 1, 7, 2): rfc2315.SignedData(), + (1, 2, 840, 113549, 1, 7, 3): rfc2315.EnvelopedData(), + (1, 2, 840, 113549, 1, 7, 4): rfc2315.SignedAndEnvelopedData(), + (1, 2, 840, 113549, 1, 7, 5): rfc2315.DigestedData(), + (1, 2, 840, 113549, 1, 7, 6): rfc2315.EncryptedData() +} + +content, _ = decoder.decode( + contentInfo.getComponentByName('content'), + asn1Spec=contentInfoMap[contentType] +) + +print(content.prettyPrint()) diff --git a/third_party/python/pyasn1-modules/tools/pkcs8dump.py b/third_party/python/pyasn1-modules/tools/pkcs8dump.py new file mode 100755 index 0000000000..2bb83884a8 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/pkcs8dump.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read bunch of ASN.1/PEM plain/encrypted private keys in PKCS#8 +# format on stdin, parse each into plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc5208, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat pkcs8key.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +cnt = 0 + +while True: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, + ('-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'), + ('-----BEGIN ENCRYPTED PRIVATE KEY-----', '-----END ENCRYPTED PRIVATE KEY-----') + ) + if not substrate: + break + + if idx == 0: + asn1Spec = rfc5208.PrivateKeyInfo() + elif idx == 1: + asn1Spec = rfc5208.EncryptedPrivateKeyInfo() + else: + break + + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: + substrate = substrate[:-len(rest)] + + print(key.prettyPrint()) + + assert encoder.encode(key) == substrate, 'pkcs8 recode fails' + + cnt += 1 + +print('*** %s PKCS#8 key(s) de/serialized' % cnt) diff --git a/third_party/python/pyasn1-modules/tools/snmpget.py b/third_party/python/pyasn1-modules/tools/snmpget.py new file mode 100755 index 0000000000..cd9fec21a2 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/snmpget.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Generate SNMPGET request, parse response +# +from pyasn1.codec.ber import encoder, decoder +from pyasn1_modules import rfc1157 +import sys +import socket + +if len(sys.argv) != 4: + print("""Usage: +$ %s <community> <host> <OID>""" % sys.argv[0]) + sys.exit(-1) + +msg = rfc1157.Message() +msg.setComponentByPosition(0) +msg.setComponentByPosition(1, sys.argv[1]) +# pdu +pdus = msg.setComponentByPosition(2).getComponentByPosition(2) +pdu = pdus.setComponentByPosition(0).getComponentByPosition(0) +pdu.setComponentByPosition(0, 123) +pdu.setComponentByPosition(1, 0) +pdu.setComponentByPosition(2, 0) +vbl = pdu.setComponentByPosition(3).getComponentByPosition(3) +vb = vbl.setComponentByPosition(0).getComponentByPosition(0) +vb.setComponentByPosition(0, sys.argv[3]) +v = vb.setComponentByPosition(1).getComponentByPosition(1).setComponentByPosition(0).getComponentByPosition(0).setComponentByPosition(3).getComponentByPosition(3) + +print('sending: %s' % msg.prettyPrint()) + +sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +sock.sendto(encoder.encode(msg), (sys.argv[2], 161)) + +substrate, _ = sock.recvfrom(2048) + +# noinspection PyRedeclaration +rMsg, _ = decoder.decode(substrate, asn1Spec=msg) + +print('received: %s' % rMsg.prettyPrint()) diff --git a/third_party/python/pyasn1-modules/tools/x509dump-rfc5280.py b/third_party/python/pyasn1-modules/tools/x509dump-rfc5280.py new file mode 100755 index 0000000000..482df7e5bf --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/x509dump-rfc5280.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python +# coding: utf-8 +# +# This file is part of pyasn1-modules software. +# +# Created by Stanisław Pitucha with asn1ate tool. +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text, +# then build substrate from it (using RFC5280) +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc5280, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat CACertificate.pem | %s +$ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0])) + sys.exit(-1) + +certType = rfc5280.Certificate() + +certCnt = 0 + +while 1: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', + '-----END CERTIFICATE-----') + ) + if not substrate: + break + + cert, rest = decoder.decode(substrate, asn1Spec=certType) + + if rest: + substrate = substrate[:-len(rest)] + + print(cert.prettyPrint()) + + assert encoder.encode(cert) == substrate, 'cert recode fails' + + certCnt += 1 + +print('*** %s PEM cert(s) de/serialized' % certCnt) diff --git a/third_party/python/pyasn1-modules/tools/x509dump.py b/third_party/python/pyasn1-modules/tools/x509dump.py new file mode 100755 index 0000000000..2c51c6a516 --- /dev/null +++ b/third_party/python/pyasn1-modules/tools/x509dump.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python +# +# This file is part of pyasn1-modules software. +# +# Copyright (c) 2005-2017, Ilya Etingof <etingof@gmail.com> +# License: http://pyasn1.sf.net/license.html +# +# Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text, +# then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2459, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat CACertificate.pem | %s +$ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0])) + sys.exit(-1) + +certType = rfc2459.Certificate() + +certCnt = 0 + +while True: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', + '-----END CERTIFICATE-----') + ) + if not substrate: + break + + cert, rest = decoder.decode(substrate, asn1Spec=certType) + + if rest: + substrate = substrate[:-len(rest)] + + print(cert.prettyPrint()) + + assert encoder.encode(cert) == substrate, 'cert recode fails' + + certCnt += 1 + +print('*** %s PEM cert(s) de/serialized' % certCnt) |