Reputation: 6581
Python Usable X509 ASN.1 File for asn1tools
I'd like to print all x509 information from a certificate. Here's what have been done:
Following the official python doc for ssl, I created a socket client for IPv4/6 dual stack. And added the certificate bundle from www.python.org. The certchain is downloaded and saved to separate files using instructions from another SO about local issuer error message This client works. I added the code "
context.load_verify_locations('path/to/cabundle.pem')" to the sample. Thus the certificates are correct and valid.Based on the answer from the SO for printing x509, the code snippet is: "
import asn1tools; foo = asn1tools.compile_files("x509.asn"); output = foo.decode("Certificate", cert)". This needs an asn file.The another SO about ASN.1 for X.509 suggested to download an asn from rfc, or from the ITU page for "ITU-T X.509 (08/1997) Recommendations". I've downloaded the zip and extracted three files:
AlgorithmObjectIdentifiers.asn,AuthenticationFramework.asn,CertificateExtensions.asn. Since the first file imports elements in other files, I guess it is the top-level file, so I give it to the code.foo = asn1tools.compile_files("AlgorithmObjectIdentifiers.asn") output = foo.decode("Certificate", cert) print("Cert output: ", output)
It's spiting out an error:
File ".../test-print-ssl.py", line 47, in cert_print_asn1
output = foo.decode("Certificate", cert)
File "...\lib\site-packages\asn1tools\compiler.py", line 161, in decode
"Type '{}' not found in types dictionary.".format(name))
asn1tools.errors.DecodeError: Type 'Certificate' not found in types dictionary.
A few questions:
- Where can you find a valid asn file to be used in this code?
- Is there another way to use the downloaded asn files? Since those are three files, do I need to combine them? How do you combine them?
- How to debug this issue further?
Note that I've used command openssl x509 -in website.com.pem -text to print the same cert from file. That works. I guess I can invoke using os.system() to achieve the same. I'd like to have a solution to decode and print in python.
I've seen the question that failing compilation, but in my case it is failing decoding, that is different.
Upvotes: 0
Views: 786
Answers (1)
Reputation: 10008
You should share your files to allow more specific answers ....
You can just create one file concatenating the types from your files.
Instead of throwing everything in one go, you should only put the type(s) you need and add what is missing.
The content of your asn1 specification should be something like
X509 DEFINITIONS ::=
BEGIN
Type1
Type2
END
You can validate your file on https://asn1.io/asn1playground/
Upvotes: 1
Related Questions
- python create signature X509
- How do I read(open) an ASN.1 file in python
- Searching for certain values in asn1 cert
- Python cryptography -- How to include X509 extensions for "Subject Key Identifier" and "Authority Key Identifier" in a self-signed cert?
- Crypto/X509 certificate parsing libraries for Python
- Extra characters parsed from X.509 v3 extensions
- python asn1tools - failing compilation of asn.1
- Python OpenSSL: How to create an X509Name object
- Invalid files when creating X509 certificates containing extensions with newer versions of PyASN1
- Error while creating an X509 certificate with extensions in PyASN1