1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
# $Id$
import POW.pkix, rpki.x509, glob, rpki.resource_set
parse_extensions = True
list_extensions = False
show_attributes = False
show_algorithm = False
do_verify = True
show_signature = True
def hexify(thing):
return ":".join(["%02X" % ord(i) for i in thing])
for name in glob.glob("resource-cert-samples/*.req") + glob.glob("biz-certs/*.req"):
pkcs10 = rpki.x509.PKCS10_Request(Auto_file = name).get_POWpkix()
print "[", name, "]"
if show_algorithm:
print pkcs10.signatureAlgorithm
print
print pkcs10.signatureAlgorithm.get()
print
if show_signature:
print pkcs10.signatureValue, hexify(pkcs10.signatureValue.get())
print
if show_attributes:
print pkcs10.certificationRequestInfo.attributes.oid, pkcs10.certificationRequestInfo.attributes.oid.get()
print
print pkcs10.certificationRequestInfo.attributes.val, pkcs10.certificationRequestInfo.attributes.val.get()
print
print pkcs10.certificationRequestInfo.attributes.val.choice, pkcs10.certificationRequestInfo.attributes.val.choices
print
print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]
print
print len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice])
print
if len(pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice]) > 0:
print pkcs10.certificationRequestInfo.attributes.val.choices[pkcs10.certificationRequestInfo.attributes.val.choice][0]
print
if False:
extc = pkcs10.certificationRequestInfo.attributes.val
exts = extc.choices[extc.choice][0]
assert exts is pkcs10.getExtensions()
else:
exts = pkcs10.getExtensions()
#print len(exts), exts[0].extnValue
if list_extensions and exts is not None:
for x in exts:
oid = x.extnID.get()
name = POW.pkix.oid2obj(oid)
crit = x.critical.get()
value = x.extnValue.get()
assert isinstance(value, str)
print [ name, oid, crit, hexify(value) ]
if parse_extensions and exts is not None:
as, v4, v6 = rpki.resource_set.parse_extensions(exts.get())
if as: print "ASN =", as
if v4: print "IPv4 =", v4
if v6: print "IPv6 =", v6
for oid, crit, val in exts.get():
if oid in ((1, 3, 6, 1, 5, 5, 7, 1, 7), (1, 3, 6, 1, 5, 5, 7, 1, 8)):
continue
if isinstance(val, str):
val = hexify(val)
print POW.pkix.oid2obj(oid), oid, "=", val
if do_verify:
print
print "Signature verification: %s" % pkcs10.verify()
print
|
