From 405f90f77a8ca2a8fc5a0837b2eaf91a4cd0255f Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 28 Sep 2007 20:06:35 +0000
Subject: Tighten up PKCS#10 attribute decoding

svn path=/pow/POW-0.7/lib/pkix.py; revision=1046
---
 scripts/pkcs10.py | 45 ++++++++++++++++++++++++++++++---------------
 1 file changed, 30 insertions(+), 15 deletions(-)

(limited to 'scripts/pkcs10.py')

diff --git a/scripts/pkcs10.py b/scripts/pkcs10.py
index 557d987f..8163cf9b 100644
--- a/scripts/pkcs10.py
+++ b/scripts/pkcs10.py
@@ -2,37 +2,48 @@
 
 import POW.pkix, rpki.x509, glob, rpki.resource_set
 
-parse_extensions = True
-list_extensions = True
-show_attributes = True
+parse_extensions        = True
+list_extensions         = True
+show_attributes         = True
+show_algorithm          = False
+do_verify               = True
 
-for name in glob.glob("resource-cert-samples/*.req"):
+for name in glob.glob("resource-cert-samples/*.req") + glob.glob("biz-certs/*.req"):
   pkcs10 = rpki.x509.PKCS10_Request(Auto_file = name).get_POWpkix()
 
   print "[", name, "]"
 
-  if show_attributes:
-    print pkcs10.certificationRequestInfo.attributes.val
+  if show_algorithm:
+    print pkcs10.signatureAlgorithm
+    print
+    print pkcs10.signatureAlgorithm.get()
     print
-    print pkcs10.certificationRequestInfo.attributes.val.get()
+
+  if show_attributes:
+    print pkcs10.certificationRequestInfo.attributes.oid, pkcs10.certificationRequestInfo.attributes.oid.get()
     print
-    print pkcs10.certificationRequestInfo.attributes.val.choice
+    print pkcs10.certificationRequestInfo.attributes.val, pkcs10.certificationRequestInfo.attributes.val.get()
     print
-    print pkcs10.certificationRequestInfo.attributes.val.choices
+    print pkcs10.certificationRequestInfo.attributes.val.choice, pkcs10.certificationRequestInfo.attributes.val.choices
     print
     print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]
     print
     print len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice])
     print
-    print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice][0]
-    print
+    if len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]) > 0:
+      print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice][0]
+      print
 
-  extc = pkcs10.certificationRequestInfo.attributes.val
-  exts = extc.choices[extc.choice][0]
+  if False:
+    extc = pkcs10.certificationRequestInfo.attributes.val
+    exts = extc.choices[extc.choice][0]
+    assert exts is pkcs10.getExtensions()
+  else:
+    exts = pkcs10.getExtensions()
 
   #print len(exts), exts[0].extnValue
 
-  if list_extensions:
+  if list_extensions and exts is not None:
     for x in exts:
       oid = x.extnID.get()
       name = POW.pkix.oid2obj(oid)
@@ -42,7 +53,7 @@ for name in glob.glob("resource-cert-samples/*.req"):
       value = ":".join(["%02X" % ord(i) for i in value])
       print [ name, oid, crit, value ]
 
-  if parse_extensions:
+  if parse_extensions and exts is not None:
 
     as, v4, v6 = rpki.resource_set.parse_extensions(exts.get())
     if as: print "ASN  =", as
@@ -58,4 +69,8 @@ for name in glob.glob("resource-cert-samples/*.req"):
         val = ":".join(["%02X" % ord(i) for i in val])
       print POW.pkix.oid2obj(oid), oid, "=", val
 
+  if do_verify:
+    print
+    print "Signature verification: %s" % pkcs10.verify()
+
   print
-- 
cgit v1.2.3