summaryrefslogtreecommitdiff
path: root/python/pyasn1-modules/tools
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /python/pyasn1-modules/tools
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloaduxp-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
Add m-esr52 at 52.6.0
Diffstat (limited to 'python/pyasn1-modules/tools')
-rwxr-xr-xpython/pyasn1-modules/tools/cmpdump.py28
-rwxr-xr-xpython/pyasn1-modules/tools/crldump.py38
-rwxr-xr-xpython/pyasn1-modules/tools/crmfdump.py25
-rwxr-xr-xpython/pyasn1-modules/tools/ocspclient.py145
-rwxr-xr-xpython/pyasn1-modules/tools/ocspreqdump.py27
-rwxr-xr-xpython/pyasn1-modules/tools/ocsprspdump.py27
-rwxr-xr-xpython/pyasn1-modules/tools/ocspserver.py143
-rwxr-xr-xpython/pyasn1-modules/tools/pkcs10dump.py39
-rwxr-xr-xpython/pyasn1-modules/tools/pkcs1dump.py42
-rwxr-xr-xpython/pyasn1-modules/tools/pkcs7dump.py47
-rwxr-xr-xpython/pyasn1-modules/tools/pkcs8dump.py41
-rwxr-xr-xpython/pyasn1-modules/tools/snmpget.py37
-rwxr-xr-xpython/pyasn1-modules/tools/x509dump.py40
13 files changed, 679 insertions, 0 deletions
diff --git a/python/pyasn1-modules/tools/cmpdump.py b/python/pyasn1-modules/tools/cmpdump.py
new file mode 100755
index 0000000000..74c4f77a4e
--- /dev/null
+++ b/python/pyasn1-modules/tools/cmpdump.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+# Read ASN.1/PEM CMP message on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc4210, pem
+from pyasn1 import debug
+import sys
+
+if len(sys.argv) == 2 and sys.argv[1] == '-d':
+ debug.setLogger(debug.Debug('all'))
+elif len(sys.argv) != 1:
+ print("""Usage:
+$ cat cmp.pem | %s [-d]""" % sys.argv[0])
+ sys.exit(-1)
+
+pkiMessage = rfc4210.PKIMessage()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+ sys.exit(0)
+
+pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage)
+
+print(pkiMsg.prettyPrint())
+
+assert encoder.encode(pkiMsg, defMode=False) == substrate or \
+ encoder.encode(pkiMsg, defMode=True) == substrate, \
+ 'CMP message recode fails'
diff --git a/python/pyasn1-modules/tools/crldump.py b/python/pyasn1-modules/tools/crldump.py
new file mode 100755
index 0000000000..d4b0a547c6
--- /dev/null
+++ b/python/pyasn1-modules/tools/crldump.py
@@ -0,0 +1,38 @@
+#!/usr/bin/python
+#
+# Read X.509 CRL on stdin, print them pretty and encode back into
+# original wire format.
+# CRL can be generated with "openssl openssl ca -gencrl ..." commands.
+#
+from pyasn1_modules import rfc2459, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat crl.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+asn1Spec = rfc2459.CertificateList()
+
+cnt = 0
+
+while 1:
+ idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----'))
+ if not substrate:
+ break
+
+
+ key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+ if rest: substrate = substrate[:-len(rest)]
+
+ print(key.prettyPrint())
+
+ assert encoder.encode(key, defMode=False) == substrate or \
+ encoder.encode(key, defMode=True) == substrate, \
+ 'pkcs8 recode fails'
+
+ cnt = cnt + 1
+
+print('*** %s CRL(s) re/serialized' % cnt)
diff --git a/python/pyasn1-modules/tools/crmfdump.py b/python/pyasn1-modules/tools/crmfdump.py
new file mode 100755
index 0000000000..22bfc9d950
--- /dev/null
+++ b/python/pyasn1-modules/tools/crmfdump.py
@@ -0,0 +1,25 @@
+#!/usr/bin/python
+# Read ASN.1/PEM X.509 CRMF request on stdin, parse into
+# plain text, then build substrate from it
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2511, pem
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat crmf.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+certReq = rfc2511.CertReqMessages()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+ sys.exit(0)
+
+cr, rest = decoder.decode(substrate, asn1Spec=certReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+ encoder.encode(cr, defMode=True) == substrate, \
+ 'crmf recode fails'
diff --git a/python/pyasn1-modules/tools/ocspclient.py b/python/pyasn1-modules/tools/ocspclient.py
new file mode 100755
index 0000000000..b2d1dfc54f
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspclient.py
@@ -0,0 +1,145 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+ import urllib2
+except ImportError:
+ import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+ # These methods just do not encode tag and length fields of TLV
+ def encodeTag(self, *args): return ''
+ def encodeLength(self, *args): return ''
+ def encodeValue(*args):
+ substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args)
+ # OCSP-specific hack follows: cut off the "unused bit count"
+ # encoded bit-string value.
+ return substrate[1:], isConstructed
+
+ def __call__(self, bitStringValue):
+ return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+ issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+ issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+
+ userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+ userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+ assert issuerSubject == userIssuer, '%s\n%s' % (
+ issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+ )
+
+ userIssuerHash = hashlib.sha1(
+ encoder.encode(userIssuer)
+ ).digest()
+
+ issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+
+ issuerKeyHash = hashlib.sha1(
+ valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+ ).digest()
+
+ userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+ # Build request object
+
+ request = rfc2560.Request()
+
+ reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert')
+
+ hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+ hashAlgorithm.setComponentByName('algorithm', sha1oid)
+
+ reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+ reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+ reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+ ocspRequest = rfc2560.OCSPRequest()
+
+ tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+ tbsRequest.setComponentByName('version', 'v1')
+
+ requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+ requestList.setComponentByPosition(0, request)
+
+ return ocspRequest
+
+def parseOcspResponse(ocspResponse):
+ responseStatus = ocspResponse.getComponentByName('responseStatus')
+ assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint()
+ responseBytes = ocspResponse.getComponentByName('responseBytes')
+ responseType = responseBytes.getComponentByName('responseType')
+ assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+
+ response = responseBytes.getComponentByName('response')
+
+ basicOCSPResponse, _ = decoder.decode(
+ response, asn1Spec=rfc2560.BasicOCSPResponse()
+ )
+
+ tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+ response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+
+ return (
+ tbsResponseData.getComponentByName('producedAt'),
+ response0.getComponentByName('certID'),
+ response0.getComponentByName('certStatus').getName(),
+ response0.getComponentByName('thisUpdate')
+ )
+
+if len(sys.argv) != 2:
+ print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0])
+ sys.exit(-1)
+else:
+ ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+ pem.readPemBlocksFromFile(
+ sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----')
+ )[1],
+ asn1Spec=rfc2459.Certificate()
+ )
+userCert, _ = decoder.decode(
+ pem.readPemBlocksFromFile(
+ sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----')
+ )[1],
+ asn1Spec=rfc2459.Certificate()
+ )
+
+# Build OCSP request
+
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+ ocspUrl,
+ encoder.encode(ocspReq),
+ { 'Content-Type': 'application/ocsp-request' }
+ )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+ certId.getComponentByName('serialNumber'),
+ certStatus,
+ producedAt,
+ thisUpdate))
diff --git a/python/pyasn1-modules/tools/ocspreqdump.py b/python/pyasn1-modules/tools/ocspreqdump.py
new file mode 100755
index 0000000000..3a03115ea4
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspreqdump.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 CRMF request on stdin, parse into
+# plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, pem
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat ocsp-request.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+ocspReq = rfc2560.OCSPRequest()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+ sys.exit(0)
+
+cr, rest = decoder.decode(substrate, asn1Spec=ocspReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+ encoder.encode(cr, defMode=True) == substrate, \
+ 'OCSP request recode fails'
diff --git a/python/pyasn1-modules/tools/ocsprspdump.py b/python/pyasn1-modules/tools/ocsprspdump.py
new file mode 100755
index 0000000000..9e49ce038d
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocsprspdump.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM OCSP response on stdin, parse into
+# plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, pem
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat ocsp-response.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+ocspReq = rfc2560.OCSPResponse()
+
+substrate = pem.readBase64FromFile(sys.stdin)
+if not substrate:
+ sys.exit(0)
+
+cr, rest = decoder.decode(substrate, asn1Spec=ocspReq)
+
+print(cr.prettyPrint())
+
+assert encoder.encode(cr, defMode=False) == substrate or \
+ encoder.encode(cr, defMode=True) == substrate, \
+ 'OCSP request recode fails'
diff --git a/python/pyasn1-modules/tools/ocspserver.py b/python/pyasn1-modules/tools/ocspserver.py
new file mode 100755
index 0000000000..2d12d53998
--- /dev/null
+++ b/python/pyasn1-modules/tools/ocspserver.py
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2560, rfc2459, pem
+from pyasn1.type import univ
+import sys, hashlib
+try:
+ import urllib2
+except ImportError:
+ import urllib.request as urllib2
+
+sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26))
+
+class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder):
+ # These methods just do not encode tag and length fields of TLV
+ def encodeTag(self, *args): return ''
+ def encodeLength(self, *args): return ''
+ def encodeValue(*args):
+ substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args)
+ # OCSP-specific hack follows: cut off the "unused bit count"
+ # encoded bit-string value.
+ return substrate[1:], isConstructed
+
+ def __call__(self, bitStringValue):
+ return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0)
+
+valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder()
+
+def mkOcspRequest(issuerCert, userCert):
+ issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate')
+ issuerSubject = issuerTbsCertificate.getComponentByName('subject')
+
+ userTbsCertificate = userCert.getComponentByName('tbsCertificate')
+ userIssuer = userTbsCertificate.getComponentByName('issuer')
+
+ assert issuerSubject == userIssuer, '%s\n%s' % (
+ issuerSubject.prettyPrint(), userIssuer.prettyPrint()
+ )
+
+ userIssuerHash = hashlib.sha1(
+ encoder.encode(userIssuer)
+ ).digest()
+
+ issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey')
+
+ issuerKeyHash = hashlib.sha1(
+ valueOnlyBitStringEncoder(issuerSubjectPublicKey)
+ ).digest()
+
+ userSerialNumber = userTbsCertificate.getComponentByName('serialNumber')
+
+ # Build request object
+
+ request = rfc2560.Request()
+
+ reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert')
+
+ hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm')
+ hashAlgorithm.setComponentByName('algorithm', sha1oid)
+
+ reqCert.setComponentByName('issuerNameHash', userIssuerHash)
+ reqCert.setComponentByName('issuerKeyHash', issuerKeyHash)
+ reqCert.setComponentByName('serialNumber', userSerialNumber)
+
+ ocspRequest = rfc2560.OCSPRequest()
+
+ tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest')
+ tbsRequest.setComponentByName('version', 'v1')
+
+ requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList')
+ requestList.setComponentByPosition(0, request)
+
+ return ocspRequest
+
+def parseOcspRequest(ocspRequest):
+ tbsRequest = ocspRequest['responseStatus']
+
+ assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint()
+ responseBytes = ocspResponse.getComponentByName('responseBytes')
+ responseType = responseBytes.getComponentByName('responseType')
+ assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint()
+
+ response = responseBytes.getComponentByName('response')
+
+ basicOCSPResponse, _ = decoder.decode(
+ response, asn1Spec=rfc2560.BasicOCSPResponse()
+ )
+
+ tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData')
+
+ response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0)
+
+ return (
+ tbsResponseData.getComponentByName('producedAt'),
+ response0.getComponentByName('certID'),
+ response0.getComponentByName('certStatus').getName(),
+ response0.getComponentByName('thisUpdate')
+ )
+
+if len(sys.argv) != 2:
+ print("""Usage:
+$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0])
+ sys.exit(-1)
+else:
+ ocspUrl = sys.argv[1]
+
+# Parse CA and user certificates
+
+issuerCert, _ = decoder.decode(
+ pem.readPemFromFile(sys.stdin)[1],
+ asn1Spec=rfc2459.Certificate()
+ )
+userCert, _ = decoder.decode(
+ pem.readPemFromFile(sys.stdin)[1],
+ asn1Spec=rfc2459.Certificate()
+ )
+
+# Build OCSP request
+
+ocspReq = mkOcspRequest(issuerCert, userCert)
+
+# Use HTTP POST to get response (see Appendix A of RFC 2560)
+# In case you need proxies, set the http_proxy env variable
+
+httpReq = urllib2.Request(
+ ocspUrl,
+ encoder.encode(ocspReq),
+ { 'Content-Type': 'application/ocsp-request' }
+ )
+httpRsp = urllib2.urlopen(httpReq).read()
+
+# Process OCSP response
+
+ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse())
+
+producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp)
+
+print('Certificate ID %s is %s at %s till %s\n' % (
+ certId.getComponentByName('serialNumber'),
+ certStatus,
+ producedAt,
+ thisUpdate
+ ))
diff --git a/python/pyasn1-modules/tools/pkcs10dump.py b/python/pyasn1-modules/tools/pkcs10dump.py
new file mode 100755
index 0000000000..ea979c0cf5
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs10dump.py
@@ -0,0 +1,39 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 certificate requests (PKCS#10 format) on stdin,
+# parse each into plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2314, pem
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat certificateRequest.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+certType = rfc2314.CertificationRequest()
+
+certCnt = 0
+
+while 1:
+ idx, substrate = pem.readPemBlocksFromFile(
+ sys.stdin, ('-----BEGIN CERTIFICATE REQUEST-----',
+ '-----END CERTIFICATE REQUEST-----')
+ )
+ if not substrate:
+ break
+
+ cert, rest = decoder.decode(substrate, asn1Spec=certType)
+
+ if rest: substrate = substrate[:-len(rest)]
+
+ print(cert.prettyPrint())
+
+ assert encoder.encode(cert, defMode=False) == substrate or \
+ encoder.encode(cert, defMode=True) == substrate, \
+ 'cert recode fails'
+
+ certCnt = certCnt + 1
+
+print('*** %s PEM certificate request(s) de/serialized' % certCnt)
diff --git a/python/pyasn1-modules/tools/pkcs1dump.py b/python/pyasn1-modules/tools/pkcs1dump.py
new file mode 100755
index 0000000000..d0da82b2fb
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs1dump.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python
+#
+# Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on
+# stdin, print them pretty and encode back into original wire format.
+# Private keys can be generated with "openssl genrsa|gendsa" commands.
+#
+from pyasn1_modules import rfc2459, rfc2437, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat rsakey.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+cnt = 0
+
+while 1:
+ idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') )
+ if not substrate:
+ break
+
+ if idx == 0:
+ asn1Spec = rfc2437.RSAPrivateKey()
+ elif idx == 1:
+ asn1Spec = rfc2459.DSAPrivateKey()
+ else:
+ break
+
+ key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+ if rest: substrate = substrate[:-len(rest)]
+
+ print(key.prettyPrint())
+
+ assert encoder.encode(key, defMode=False) == substrate or \
+ encoder.encode(key, defMode=True) == substrate, \
+ 'pkcs8 recode fails'
+
+ cnt = cnt + 1
+
+print('*** %s key(s) re/serialized' % cnt)
diff --git a/python/pyasn1-modules/tools/pkcs7dump.py b/python/pyasn1-modules/tools/pkcs7dump.py
new file mode 100755
index 0000000000..7794871620
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs7dump.py
@@ -0,0 +1,47 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM PKCS#7 on stdin, parse it into plain text,
+# then build substrate from it
+#
+from pyasn1_modules import rfc2315, pem
+from pyasn1.codec.der import encoder, decoder
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat pkcs7Certificate.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+idx, substrate = pem.readPemBlocksFromFile(
+ sys.stdin, ('-----BEGIN PKCS7-----', '-----END PKCS7-----')
+ )
+
+assert substrate, 'bad PKCS7 data on input'
+
+contentInfo, rest = decoder.decode(substrate, asn1Spec=rfc2315.ContentInfo())
+
+if rest: substrate = substrate[:-len(rest)]
+
+print(contentInfo.prettyPrint())
+
+assert encoder.encode(contentInfo, defMode=False) == substrate or \
+ encoder.encode(contentInfo, defMode=True) == substrate, \
+ 're-encode fails'
+
+contentType = contentInfo.getComponentByName('contentType')
+
+contentInfoMap = {
+ (1, 2, 840, 113549, 1, 7, 1): rfc2315.Data(),
+ (1, 2, 840, 113549, 1, 7, 2): rfc2315.SignedData(),
+ (1, 2, 840, 113549, 1, 7, 3): rfc2315.EnvelopedData(),
+ (1, 2, 840, 113549, 1, 7, 4): rfc2315.SignedAndEnvelopedData(),
+ (1, 2, 840, 113549, 1, 7, 5): rfc2315.DigestedData(),
+ (1, 2, 840, 113549, 1, 7, 6): rfc2315.EncryptedData()
+ }
+
+content, _ = decoder.decode(
+ contentInfo.getComponentByName('content'),
+ asn1Spec=contentInfoMap[contentType]
+ )
+
+print(content.prettyPrint())
diff --git a/python/pyasn1-modules/tools/pkcs8dump.py b/python/pyasn1-modules/tools/pkcs8dump.py
new file mode 100755
index 0000000000..d1d125f8cc
--- /dev/null
+++ b/python/pyasn1-modules/tools/pkcs8dump.py
@@ -0,0 +1,41 @@
+#!/usr/bin/python
+#
+# Read bunch of ASN.1/PEM plain/encrypted private keys in PKCS#8
+# format on stdin, parse each into plain text, then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc5208, pem
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat pkcs8key.pem | %s""" % sys.argv[0])
+ sys.exit(-1)
+
+cnt = 0
+
+while 1:
+ idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'), ('-----BEGIN ENCRYPTED PRIVATE KEY-----', '-----END ENCRYPTED PRIVATE KEY-----') )
+ if not substrate:
+ break
+
+ if idx == 0:
+ asn1Spec = rfc5208.PrivateKeyInfo()
+ elif idx == 1:
+ asn1Spec = rfc5208.EncryptedPrivateKeyInfo()
+ else:
+ break
+
+ key, rest = decoder.decode(substrate, asn1Spec=asn1Spec)
+
+ if rest: substrate = substrate[:-len(rest)]
+
+ print(key.prettyPrint())
+
+ assert encoder.encode(key, defMode=False) == substrate or \
+ encoder.encode(key, defMode=True) == substrate, \
+ 'pkcs8 recode fails'
+
+ cnt = cnt + 1
+
+print('*** %s PKCS#8 key(s) de/serialized' % cnt)
diff --git a/python/pyasn1-modules/tools/snmpget.py b/python/pyasn1-modules/tools/snmpget.py
new file mode 100755
index 0000000000..372510329b
--- /dev/null
+++ b/python/pyasn1-modules/tools/snmpget.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+#
+# Generate SNMPGET request, parse response
+#
+from pyasn1.codec.ber import encoder, decoder
+from pyasn1_modules import rfc1157
+import sys, socket
+
+if len(sys.argv) != 4:
+ print("""Usage:
+$ %s <community> <host> <OID>""" % sys.argv[0])
+ sys.exit(-1)
+
+msg = rfc1157.Message()
+msg.setComponentByPosition(0)
+msg.setComponentByPosition(1, sys.argv[1])
+# pdu
+pdus = msg.setComponentByPosition(2).getComponentByPosition(2)
+pdu = pdus.setComponentByPosition(0).getComponentByPosition(0)
+pdu.setComponentByPosition(0, 123)
+pdu.setComponentByPosition(1, 0)
+pdu.setComponentByPosition(2, 0)
+vbl = pdu.setComponentByPosition(3).getComponentByPosition(3)
+vb = vbl.setComponentByPosition(0).getComponentByPosition(0)
+vb.setComponentByPosition(0, sys.argv[3])
+v = vb.setComponentByPosition(1).getComponentByPosition(1).setComponentByPosition(0).getComponentByPosition(0).setComponentByPosition(3).getComponentByPosition(3)
+
+print('sending: %s' % msg.prettyPrint())
+
+sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+sock.sendto(encoder.encode(msg), (sys.argv[2], 161))
+
+substrate, _ = sock.recvfrom(2048)
+
+rMsg, _ = decoder.decode(substrate, asn1Spec=msg)
+
+print('received: %s' % rMsg.prettyPrint())
diff --git a/python/pyasn1-modules/tools/x509dump.py b/python/pyasn1-modules/tools/x509dump.py
new file mode 100755
index 0000000000..64cba7e305
--- /dev/null
+++ b/python/pyasn1-modules/tools/x509dump.py
@@ -0,0 +1,40 @@
+#!/usr/bin/python
+#
+# Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text,
+# then build substrate from it
+#
+from pyasn1.codec.der import decoder, encoder
+from pyasn1_modules import rfc2459, pem
+import sys
+
+if len(sys.argv) != 1:
+ print("""Usage:
+$ cat CACertificate.pem | %s
+$ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0]))
+ sys.exit(-1)
+
+certType = rfc2459.Certificate()
+
+certCnt = 0
+
+while 1:
+ idx, substrate = pem.readPemBlocksFromFile(
+ sys.stdin, ('-----BEGIN CERTIFICATE-----',
+ '-----END CERTIFICATE-----')
+ )
+ if not substrate:
+ break
+
+ cert, rest = decoder.decode(substrate, asn1Spec=certType)
+
+ if rest: substrate = substrate[:-len(rest)]
+
+ print(cert.prettyPrint())
+
+ assert encoder.encode(cert, defMode=False) == substrate or \
+ encoder.encode(cert, defMode=True) == substrate, \
+ 'cert recode fails'
+
+ certCnt = certCnt + 1
+
+print('*** %s PEM cert(s) de/serialized' % certCnt)