|
Packit |
ef9df4 |
#!/usr/bin/perl
|
|
Packit |
ef9df4 |
# $Id: x509decode,v 1.1 2002/02/10 16:41:28 gbarr Exp $
|
|
Packit |
ef9df4 |
# (c) 2001-2002 Norbert Klasen, DAASI International GmbH. All rights reserved.
|
|
Packit |
ef9df4 |
# This package is free software; you can redistribute it and/or
|
|
Packit |
ef9df4 |
# modify it under the same terms as Perl itself.
|
|
Packit |
ef9df4 |
#
|
|
Packit |
ef9df4 |
# decode X.509 certificates
|
|
Packit |
ef9df4 |
#
|
|
Packit |
ef9df4 |
# varable naming
|
|
Packit |
ef9df4 |
# Convert::ASN1 objects are prefixed with asn_
|
|
Packit |
ef9df4 |
# variables holding binary DER content are prefixed with der_
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
use strict;
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
use Data::Dumper;
|
|
Packit |
ef9df4 |
$Data::Dumper::Indent=1;
|
|
Packit |
ef9df4 |
$Data::Dumper::Quotekeys=1;
|
|
Packit |
ef9df4 |
$Data::Dumper::Useqq=1;
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
use Convert::ASN1 qw(:io :debug);
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
# parse ASN.1 desciptions
|
|
Packit |
ef9df4 |
my $asn = Convert::ASN1->new;
|
|
Packit |
ef9df4 |
$asn->prepare(<<ASN1) or die "prepare: ", $asn->error;
|
|
Packit |
ef9df4 |
-- ASN.1 from RFC2459 and X.509(2001)
|
|
Packit |
ef9df4 |
-- Adapted for use with Convert::ASN1
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- attribute data types --
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Attribute ::= SEQUENCE {
|
|
Packit |
ef9df4 |
type AttributeType,
|
|
Packit |
ef9df4 |
values SET OF AttributeValue
|
|
Packit |
ef9df4 |
-- at least one value is required --
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
AttributeType ::= OBJECT IDENTIFIER
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
AttributeValue ::= DirectoryString --ANY
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
AttributeTypeAndValue ::= SEQUENCE {
|
|
Packit |
ef9df4 |
type AttributeType,
|
|
Packit |
ef9df4 |
value AttributeValue
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- naming data types --
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Name ::= CHOICE { -- only one possibility for now
|
|
Packit |
ef9df4 |
rdnSequence RDNSequence
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
DistinguishedName ::= RDNSequence
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
RelativeDistinguishedName ::=
|
|
Packit |
ef9df4 |
SET OF AttributeTypeAndValue --SET SIZE (1 .. MAX) OF
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- Directory string type --
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
DirectoryString ::= CHOICE {
|
|
Packit |
ef9df4 |
teletexString TeletexString, --(SIZE (1..MAX)),
|
|
Packit |
ef9df4 |
printableString PrintableString, --(SIZE (1..MAX)),
|
|
Packit |
ef9df4 |
bmpString BMPString, --(SIZE (1..MAX)),
|
|
Packit |
ef9df4 |
universalString UniversalString, --(SIZE (1..MAX)),
|
|
Packit |
ef9df4 |
utf8String UTF8String, --(SIZE (1..MAX)),
|
|
Packit |
ef9df4 |
ia5String IA5String --added for EmailAddress
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- certificate and CRL specific structures begin here
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Certificate ::= SEQUENCE {
|
|
Packit |
ef9df4 |
tbsCertificate TBSCertificate,
|
|
Packit |
ef9df4 |
signatureAlgorithm AlgorithmIdentifier,
|
|
Packit |
ef9df4 |
signature BIT STRING
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
TBSCertificate ::= SEQUENCE {
|
|
Packit |
ef9df4 |
version [0] EXPLICIT Version OPTIONAL, --DEFAULT v1
|
|
Packit |
ef9df4 |
serialNumber CertificateSerialNumber,
|
|
Packit |
ef9df4 |
signature AlgorithmIdentifier,
|
|
Packit |
ef9df4 |
issuer Name,
|
|
Packit |
ef9df4 |
validity Validity,
|
|
Packit |
ef9df4 |
subject Name,
|
|
Packit |
ef9df4 |
subjectPublicKeyInfo SubjectPublicKeyInfo,
|
|
Packit |
ef9df4 |
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit |
ef9df4 |
-- If present, version shall be v2 or v3
|
|
Packit |
ef9df4 |
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
|
|
Packit |
ef9df4 |
-- If present, version shall be v2 or v3
|
|
Packit |
ef9df4 |
extensions [3] EXPLICIT Extensions OPTIONAL
|
|
Packit |
ef9df4 |
-- If present, version shall be v3
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Version ::= INTEGER --{ v1(0), v2(1), v3(2) }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
CertificateSerialNumber ::= INTEGER
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Validity ::= SEQUENCE {
|
|
Packit |
ef9df4 |
notBefore Time,
|
|
Packit |
ef9df4 |
notAfter Time
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Time ::= CHOICE {
|
|
Packit |
ef9df4 |
utcTime UTCTime,
|
|
Packit |
ef9df4 |
generalTime GeneralizedTime
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
UniqueIdentifier ::= BIT STRING
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
SubjectPublicKeyInfo ::= SEQUENCE {
|
|
Packit |
ef9df4 |
algorithm AlgorithmIdentifier,
|
|
Packit |
ef9df4 |
subjectPublicKey BIT STRING
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Extensions ::= SEQUENCE OF Extension --SIZE (1..MAX) OF Extension
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
Extension ::= SEQUENCE {
|
|
Packit |
ef9df4 |
extnID OBJECT IDENTIFIER,
|
|
Packit |
ef9df4 |
critical BOOLEAN OPTIONAL, --DEFAULT FALSE,
|
|
Packit |
ef9df4 |
extnValue OCTET STRING
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
AlgorithmIdentifier ::= SEQUENCE {
|
|
Packit |
ef9df4 |
algorithm OBJECT IDENTIFIER,
|
|
Packit |
ef9df4 |
parameters ANY
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
--extensions
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
AuthorityKeyIdentifier ::= SEQUENCE {
|
|
Packit |
ef9df4 |
keyIdentifier [0] KeyIdentifier OPTIONAL,
|
|
Packit |
ef9df4 |
authorityCertIssuer [1] GeneralNames OPTIONAL,
|
|
Packit |
ef9df4 |
authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
|
Packit |
ef9df4 |
-- authorityCertIssuer and authorityCertSerialNumber shall both
|
|
Packit |
ef9df4 |
-- be present or both be absent
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
KeyIdentifier ::= OCTET STRING
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
SubjectKeyIdentifier ::= KeyIdentifier
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- key usage extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
KeyUsage ::= BIT STRING --{
|
|
Packit |
ef9df4 |
-- digitalSignature (0),
|
|
Packit |
ef9df4 |
-- nonRepudiation (1),
|
|
Packit |
ef9df4 |
-- keyEncipherment (2),
|
|
Packit |
ef9df4 |
-- dataEncipherment (3),
|
|
Packit |
ef9df4 |
-- keyAgreement (4),
|
|
Packit |
ef9df4 |
-- keyCertSign (5),
|
|
Packit |
ef9df4 |
-- cRLSign (6),
|
|
Packit |
ef9df4 |
-- encipherOnly (7),
|
|
Packit |
ef9df4 |
-- decipherOnly (8) }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- private key usage period extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
PrivateKeyUsagePeriod ::= SEQUENCE {
|
|
Packit |
ef9df4 |
notBefore [0] GeneralizedTime OPTIONAL,
|
|
Packit |
ef9df4 |
notAfter [1] GeneralizedTime OPTIONAL }
|
|
Packit |
ef9df4 |
-- either notBefore or notAfter shall be present
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- certificate policies extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
CertificatePolicies ::= SEQUENCE OF PolicyInformation
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
PolicyInformation ::= SEQUENCE {
|
|
Packit |
ef9df4 |
policyIdentifier CertPolicyId,
|
|
Packit |
ef9df4 |
policyQualifiers SEQUENCE OF
|
|
Packit |
ef9df4 |
PolicyQualifierInfo } --OPTIONAL }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
CertPolicyId ::= OBJECT IDENTIFIER
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
PolicyQualifierInfo ::= SEQUENCE {
|
|
Packit |
ef9df4 |
policyQualifierId PolicyQualifierId,
|
|
Packit |
ef9df4 |
qualifier ANY } --DEFINED BY policyQualifierId }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- Implementations that recognize additional policy qualifiers shall
|
|
Packit |
ef9df4 |
-- augment the following definition for PolicyQualifierId
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
PolicyQualifierId ::=
|
|
Packit |
ef9df4 |
OBJECT IDENTIFIER --( id-qt-cps | id-qt-unotice )
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- CPS pointer qualifier
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
CPSuri ::= IA5String
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- user notice qualifier
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
UserNotice ::= SEQUENCE {
|
|
Packit |
ef9df4 |
noticeRef NoticeReference OPTIONAL,
|
|
Packit |
ef9df4 |
explicitText DisplayText OPTIONAL}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
NoticeReference ::= SEQUENCE {
|
|
Packit |
ef9df4 |
organization DisplayText,
|
|
Packit |
ef9df4 |
noticeNumbers SEQUENCE OF INTEGER }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
DisplayText ::= CHOICE {
|
|
Packit |
ef9df4 |
visibleString VisibleString ,
|
|
Packit |
ef9df4 |
bmpString BMPString ,
|
|
Packit |
ef9df4 |
utf8String UTF8String }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- policy mapping extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
PolicyMappings ::= SEQUENCE OF SEQUENCE {
|
|
Packit |
ef9df4 |
issuerDomainPolicy CertPolicyId,
|
|
Packit |
ef9df4 |
subjectDomainPolicy CertPolicyId }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- subject alternative name extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
SubjectAltName ::= GeneralNames
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
GeneralNames ::= SEQUENCE OF GeneralName
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
GeneralName ::= CHOICE {
|
|
Packit |
ef9df4 |
otherName [0] AnotherName,
|
|
Packit |
ef9df4 |
rfc822Name [1] IA5String,
|
|
Packit |
ef9df4 |
dNSName [2] IA5String,
|
|
Packit |
ef9df4 |
x400Address [3] ANY, --ORAddress,
|
|
Packit |
ef9df4 |
directoryName [4] Name,
|
|
Packit |
ef9df4 |
ediPartyName [5] EDIPartyName,
|
|
Packit |
ef9df4 |
uniformResourceIdentifier [6] IA5String,
|
|
Packit |
ef9df4 |
iPAddress [7] OCTET STRING,
|
|
Packit |
ef9df4 |
registeredID [8] OBJECT IDENTIFIER }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
|
|
Packit |
ef9df4 |
-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
AnotherName ::= SEQUENCE {
|
|
Packit |
ef9df4 |
type OBJECT IDENTIFIER,
|
|
Packit |
ef9df4 |
value [0] EXPLICIT ANY } --DEFINED BY type-id }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
EDIPartyName ::= SEQUENCE {
|
|
Packit |
ef9df4 |
nameAssigner [0] DirectoryString OPTIONAL,
|
|
Packit |
ef9df4 |
partyName [1] DirectoryString }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- issuer alternative name extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
IssuerAltName ::= GeneralNames
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
SubjectDirectoryAttributes ::= SEQUENCE OF Attribute
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- basic constraints extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
BasicConstraints ::= SEQUENCE {
|
|
Packit |
ef9df4 |
cA BOOLEAN OPTIONAL, --DEFAULT FALSE,
|
|
Packit |
ef9df4 |
pathLenConstraint INTEGER OPTIONAL }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- name constraints extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
NameConstraints ::= SEQUENCE {
|
|
Packit |
ef9df4 |
permittedSubtrees [0] GeneralSubtrees OPTIONAL,
|
|
Packit |
ef9df4 |
excludedSubtrees [1] GeneralSubtrees OPTIONAL }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
GeneralSubtrees ::= SEQUENCE OF GeneralSubtree
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
GeneralSubtree ::= SEQUENCE {
|
|
Packit |
ef9df4 |
base GeneralName,
|
|
Packit |
ef9df4 |
minimum [0] BaseDistance OPTIONAL, --DEFAULT 0,
|
|
Packit |
ef9df4 |
maximum [1] BaseDistance OPTIONAL }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
BaseDistance ::= INTEGER
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- policy constraints extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
PolicyConstraints ::= SEQUENCE {
|
|
Packit |
ef9df4 |
requireExplicitPolicy [0] SkipCerts OPTIONAL,
|
|
Packit |
ef9df4 |
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
SkipCerts ::= INTEGER
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- CRL distribution points extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
cRLDistributionPoints ::= SEQUENCE OF DistributionPoint
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
DistributionPoint ::= SEQUENCE {
|
|
Packit |
ef9df4 |
distributionPoint [0] DistributionPointName OPTIONAL,
|
|
Packit |
ef9df4 |
reasons [1] ReasonFlags OPTIONAL,
|
|
Packit |
ef9df4 |
cRLIssuer [2] GeneralNames OPTIONAL }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
DistributionPointName ::= CHOICE {
|
|
Packit |
ef9df4 |
fullName [0] GeneralNames,
|
|
Packit |
ef9df4 |
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
ReasonFlags ::= BIT STRING --{
|
|
Packit |
ef9df4 |
-- unused (0),
|
|
Packit |
ef9df4 |
-- keyCompromise (1),
|
|
Packit |
ef9df4 |
-- cACompromise (2),
|
|
Packit |
ef9df4 |
-- affiliationChanged (3),
|
|
Packit |
ef9df4 |
-- superseded (4),
|
|
Packit |
ef9df4 |
-- cessationOfOperation (5),
|
|
Packit |
ef9df4 |
-- certificateHold (6),
|
|
Packit |
ef9df4 |
-- privilegeWithdrawn (7),
|
|
Packit |
ef9df4 |
-- aACompromise (8) }
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- extended key usage extension OID and syntax
|
|
Packit |
ef9df4 |
-- id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
ExtKeyUsageSyntax ::= SEQUENCE OF KeyPurposeId
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
KeyPurposeId ::= OBJECT IDENTIFIER
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
-- extended key purpose OIDs
|
|
Packit |
ef9df4 |
-- id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
|
|
Packit |
ef9df4 |
-- id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
|
|
Packit |
ef9df4 |
-- id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
|
|
Packit |
ef9df4 |
-- id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
|
|
Packit |
ef9df4 |
-- id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
|
|
Packit |
ef9df4 |
-- id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
|
|
Packit |
ef9df4 |
-- id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
|
|
Packit |
ef9df4 |
-- id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
|
|
Packit |
ef9df4 |
ASN1
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
# decoders for basic types
|
|
Packit |
ef9df4 |
my $asn_BitString = Convert::ASN1->new();
|
|
Packit |
ef9df4 |
$asn_BitString->prepare("bitString BIT STRING");
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
my $asn_OctetString = Convert::ASN1->new();
|
|
Packit |
ef9df4 |
$asn_OctetString->prepare("octetString OCTET STRING");
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
# decoders for extensions
|
|
Packit |
ef9df4 |
my %extnoid2asn = (
|
|
Packit |
ef9df4 |
'2.5.29.9' => $asn->find('SubjectDirectoryAttributes'),
|
|
Packit |
ef9df4 |
'2.5.29.14' => $asn_OctetString, #'SubjectKeyIdentifier',
|
|
Packit |
ef9df4 |
'2.5.29.15' => $asn_BitString, #'keyUsage',
|
|
Packit |
ef9df4 |
'2.5.29.16' => $asn->find('PrivateKeyUsagePeriod'),
|
|
Packit |
ef9df4 |
'2.5.29.17' => $asn->find('SubjectAltName'),
|
|
Packit |
ef9df4 |
'2.5.29.18' => $asn->find('IssuerAltName'),
|
|
Packit |
ef9df4 |
'2.5.29.19' => $asn->find('BasicConstraints'),
|
|
Packit |
ef9df4 |
# '2.5.29.20' => 'cRLNumber',
|
|
Packit |
ef9df4 |
# '2.5.29.21' => 'cRLReasons',
|
|
Packit |
ef9df4 |
# '2.5.29.23' => 'holdInstructionCode',
|
|
Packit |
ef9df4 |
# '2.5.29.24' => 'invalidityDate',
|
|
Packit |
ef9df4 |
# '2.5.29.27' => 'deltaCRLIndicator',
|
|
Packit |
ef9df4 |
# '2.5.29.28' => 'issuingDistributionPoint',
|
|
Packit |
ef9df4 |
# '2.5.29.29' => 'certificateIssuer',
|
|
Packit |
ef9df4 |
'2.5.29.30' => $asn->find('NameConstraints'),
|
|
Packit |
ef9df4 |
'2.5.29.31' => $asn->find('cRLDistributionPoints'),
|
|
Packit |
ef9df4 |
'2.5.29.32' => $asn->find('CertificatePolicies'),
|
|
Packit |
ef9df4 |
'2.5.29.33' => $asn->find('PolicyMappings'),
|
|
Packit |
ef9df4 |
'2.5.29.35' => $asn->find('AuthorityKeyIdentifier'),
|
|
Packit |
ef9df4 |
'2.5.29.36' => $asn->find('PolicyConstraints'),
|
|
Packit |
ef9df4 |
'2.5.29.37' => $asn->find('ExtKeyUsageSyntax'),
|
|
Packit |
ef9df4 |
# '2.5.29.40' => 'cRLStreamIdentifier',
|
|
Packit |
ef9df4 |
# '2.5.29.44' => 'cRLScope',
|
|
Packit |
ef9df4 |
# '2.5.29.45' => 'statusReferrals',
|
|
Packit |
ef9df4 |
# '2.5.29.46' => 'freshestCRL',
|
|
Packit |
ef9df4 |
# '2.5.29.47' => 'orderedList',
|
|
Packit |
ef9df4 |
# '2.5.29.51' => 'baseUpdateTime',
|
|
Packit |
ef9df4 |
# '2.5.29.53' => 'deltaInfo',
|
|
Packit |
ef9df4 |
# '2.5.29.54' => 'inhibitAnyPolicy',
|
|
Packit |
ef9df4 |
# netscape-cert-extensions
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.1' => $asn_BitString, # netscape-cert-type
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.2' => $asn->find('DirectoryString'), # netscape-base-url
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.3' => $asn->find('DirectoryString'), # netscape-revocation-url
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.4' => $asn->find('DirectoryString'), # netscape-ca-revocation-url
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.7' => $asn->find('DirectoryString'), # netscape-cert-renewal-url
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.8' => $asn->find('DirectoryString'), # netscape-ca-policy-url
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.12' => $asn->find('DirectoryString'), # netscape-ssl-server-name
|
|
Packit |
ef9df4 |
'2.16.840.1.113730.1.13' => $asn->find('DirectoryString'), # netscape-comment
|
|
Packit |
ef9df4 |
);
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
my $asn_cert = $asn->find('Certificate');
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
while ( my $filename = shift ) {
|
|
Packit |
ef9df4 |
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
|
|
Packit |
ef9df4 |
$atime,$mtime,$ctime,$blksize,$blocks) = stat $filename;
|
|
Packit |
ef9df4 |
open FILE, "<$filename" or die "no such file";
|
|
Packit |
ef9df4 |
binmode FILE;
|
|
Packit |
ef9df4 |
my $der_cert;
|
|
Packit |
ef9df4 |
read FILE, $der_cert, $size;
|
|
Packit |
ef9df4 |
close FILE;
|
|
Packit |
ef9df4 |
decodeCert( $der_cert );
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
sub decodeCert() {
|
|
Packit |
ef9df4 |
my $der_cert = shift;
|
|
Packit |
ef9df4 |
#asn_dump( $der_cert );
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
my $cert = $asn_cert->decode($der_cert) or die $asn_cert->error;
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
#extensions
|
|
Packit |
ef9df4 |
foreach my $extension ( @{$cert->{'tbsCertificate'}->{'extensions'}} ) {
|
|
Packit |
ef9df4 |
#print "extension: ", $oid2extension{$extension->{'extnID'}}, "\n";
|
|
Packit |
ef9df4 |
if ( exists $extnoid2asn{$extension->{'extnID'}} ) {
|
|
Packit |
ef9df4 |
$extension->{'extnValue'} = ($extnoid2asn{$extension->{'extnID'}})->decode( $extension->{'extnValue'} );
|
|
Packit |
ef9df4 |
} else {
|
|
Packit |
ef9df4 |
print STDERR "unknown ", $extension->{'critical'} ? "critical " : "", "extension: ", $extension->{'extnID'}, "\n";
|
|
Packit |
ef9df4 |
asn_dump( $extension->{'extnValue'} );
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
}
|
|
Packit |
ef9df4 |
|
|
Packit |
ef9df4 |
print Dumper( $cert );
|
|
Packit |
ef9df4 |
}
|