diff options
Diffstat (limited to 'python/pyasn1-modules/tools')
| -rwxr-xr-x | python/pyasn1-modules/tools/cmpdump.py | 28 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/crldump.py | 38 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/crmfdump.py | 25 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/ocspclient.py | 145 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/ocspreqdump.py | 27 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/ocsprspdump.py | 27 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/ocspserver.py | 143 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/pkcs10dump.py | 39 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/pkcs1dump.py | 42 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/pkcs7dump.py | 47 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/pkcs8dump.py | 41 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/snmpget.py | 37 | ||||
| -rwxr-xr-x | python/pyasn1-modules/tools/x509dump.py | 40 |
13 files changed, 679 insertions, 0 deletions
diff --git a/python/pyasn1-modules/tools/cmpdump.py b/python/pyasn1-modules/tools/cmpdump.py new file mode 100755 index 0000000000..74c4f77a4e --- /dev/null +++ b/python/pyasn1-modules/tools/cmpdump.py @@ -0,0 +1,28 @@ +#!/usr/bin/python +# Read ASN.1/PEM CMP message on stdin, parse into +# plain text, then build substrate from it +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc4210, pem +from pyasn1 import debug +import sys + +if len(sys.argv) == 2 and sys.argv[1] == '-d': + debug.setLogger(debug.Debug('all')) +elif len(sys.argv) != 1: + print("""Usage: +$ cat cmp.pem | %s [-d]""" % sys.argv[0]) + sys.exit(-1) + +pkiMessage = rfc4210.PKIMessage() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +pkiMsg, rest = decoder.decode(substrate, asn1Spec=pkiMessage) + +print(pkiMsg.prettyPrint()) + +assert encoder.encode(pkiMsg, defMode=False) == substrate or \ + encoder.encode(pkiMsg, defMode=True) == substrate, \ + 'CMP message recode fails' diff --git a/python/pyasn1-modules/tools/crldump.py b/python/pyasn1-modules/tools/crldump.py new file mode 100755 index 0000000000..d4b0a547c6 --- /dev/null +++ b/python/pyasn1-modules/tools/crldump.py @@ -0,0 +1,38 @@ +#!/usr/bin/python +# +# Read X.509 CRL on stdin, print them pretty and encode back into +# original wire format. +# CRL can be generated with "openssl openssl ca -gencrl ..." commands. +# +from pyasn1_modules import rfc2459, pem +from pyasn1.codec.der import encoder, decoder +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat crl.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +asn1Spec = rfc2459.CertificateList() + +cnt = 0 + +while 1: + idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----')) + if not substrate: + break + + + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: substrate = substrate[:-len(rest)] + + print(key.prettyPrint()) + + assert encoder.encode(key, defMode=False) == substrate or \ + encoder.encode(key, defMode=True) == substrate, \ + 'pkcs8 recode fails' + + cnt = cnt + 1 + +print('*** %s CRL(s) re/serialized' % cnt) diff --git a/python/pyasn1-modules/tools/crmfdump.py b/python/pyasn1-modules/tools/crmfdump.py new file mode 100755 index 0000000000..22bfc9d950 --- /dev/null +++ b/python/pyasn1-modules/tools/crmfdump.py @@ -0,0 +1,25 @@ +#!/usr/bin/python +# Read ASN.1/PEM X.509 CRMF request on stdin, parse into +# plain text, then build substrate from it +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2511, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat crmf.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +certReq = rfc2511.CertReqMessages() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +cr, rest = decoder.decode(substrate, asn1Spec=certReq) + +print(cr.prettyPrint()) + +assert encoder.encode(cr, defMode=False) == substrate or \ + encoder.encode(cr, defMode=True) == substrate, \ + 'crmf recode fails' diff --git a/python/pyasn1-modules/tools/ocspclient.py b/python/pyasn1-modules/tools/ocspclient.py new file mode 100755 index 0000000000..b2d1dfc54f --- /dev/null +++ b/python/pyasn1-modules/tools/ocspclient.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, rfc2459, pem +from pyasn1.type import univ +import sys, hashlib +try: + import urllib2 +except ImportError: + import urllib.request as urllib2 + +sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26)) + +class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder): + # These methods just do not encode tag and length fields of TLV + def encodeTag(self, *args): return '' + def encodeLength(self, *args): return '' + def encodeValue(*args): + substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args) + # OCSP-specific hack follows: cut off the "unused bit count" + # encoded bit-string value. + return substrate[1:], isConstructed + + def __call__(self, bitStringValue): + return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0) + +valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder() + +def mkOcspRequest(issuerCert, userCert): + issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate') + issuerSubject = issuerTbsCertificate.getComponentByName('subject') + + userTbsCertificate = userCert.getComponentByName('tbsCertificate') + userIssuer = userTbsCertificate.getComponentByName('issuer') + + assert issuerSubject == userIssuer, '%s\n%s' % ( + issuerSubject.prettyPrint(), userIssuer.prettyPrint() + ) + + userIssuerHash = hashlib.sha1( + encoder.encode(userIssuer) + ).digest() + + issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey') + + issuerKeyHash = hashlib.sha1( + valueOnlyBitStringEncoder(issuerSubjectPublicKey) + ).digest() + + userSerialNumber = userTbsCertificate.getComponentByName('serialNumber') + + # Build request object + + request = rfc2560.Request() + + reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert') + + hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm') + hashAlgorithm.setComponentByName('algorithm', sha1oid) + + reqCert.setComponentByName('issuerNameHash', userIssuerHash) + reqCert.setComponentByName('issuerKeyHash', issuerKeyHash) + reqCert.setComponentByName('serialNumber', userSerialNumber) + + ocspRequest = rfc2560.OCSPRequest() + + tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest') + tbsRequest.setComponentByName('version', 'v1') + + requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList') + requestList.setComponentByPosition(0, request) + + return ocspRequest + +def parseOcspResponse(ocspResponse): + responseStatus = ocspResponse.getComponentByName('responseStatus') + assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint() + responseBytes = ocspResponse.getComponentByName('responseBytes') + responseType = responseBytes.getComponentByName('responseType') + assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint() + + response = responseBytes.getComponentByName('response') + + basicOCSPResponse, _ = decoder.decode( + response, asn1Spec=rfc2560.BasicOCSPResponse() + ) + + tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') + + response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0) + + return ( + tbsResponseData.getComponentByName('producedAt'), + response0.getComponentByName('certID'), + response0.getComponentByName('certStatus').getName(), + response0.getComponentByName('thisUpdate') + ) + +if len(sys.argv) != 2: + print("""Usage: +$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0]) + sys.exit(-1) +else: + ocspUrl = sys.argv[1] + +# Parse CA and user certificates + +issuerCert, _ = decoder.decode( + pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') + )[1], + asn1Spec=rfc2459.Certificate() + ) +userCert, _ = decoder.decode( + pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', '-----END CERTIFICATE-----') + )[1], + asn1Spec=rfc2459.Certificate() + ) + +# Build OCSP request + +ocspReq = mkOcspRequest(issuerCert, userCert) + +# Use HTTP POST to get response (see Appendix A of RFC 2560) +# In case you need proxies, set the http_proxy env variable + +httpReq = urllib2.Request( + ocspUrl, + encoder.encode(ocspReq), + { 'Content-Type': 'application/ocsp-request' } + ) +httpRsp = urllib2.urlopen(httpReq).read() + +# Process OCSP response + +ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse()) + +producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp) + +print('Certificate ID %s is %s at %s till %s\n' % ( + certId.getComponentByName('serialNumber'), + certStatus, + producedAt, + thisUpdate)) diff --git a/python/pyasn1-modules/tools/ocspreqdump.py b/python/pyasn1-modules/tools/ocspreqdump.py new file mode 100755 index 0000000000..3a03115ea4 --- /dev/null +++ b/python/pyasn1-modules/tools/ocspreqdump.py @@ -0,0 +1,27 @@ +#!/usr/bin/python +# +# Read ASN.1/PEM X.509 CRMF request on stdin, parse into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat ocsp-request.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +ocspReq = rfc2560.OCSPRequest() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +cr, rest = decoder.decode(substrate, asn1Spec=ocspReq) + +print(cr.prettyPrint()) + +assert encoder.encode(cr, defMode=False) == substrate or \ + encoder.encode(cr, defMode=True) == substrate, \ + 'OCSP request recode fails' diff --git a/python/pyasn1-modules/tools/ocsprspdump.py b/python/pyasn1-modules/tools/ocsprspdump.py new file mode 100755 index 0000000000..9e49ce038d --- /dev/null +++ b/python/pyasn1-modules/tools/ocsprspdump.py @@ -0,0 +1,27 @@ +#!/usr/bin/python +# +# Read ASN.1/PEM OCSP response on stdin, parse into +# plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat ocsp-response.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +ocspReq = rfc2560.OCSPResponse() + +substrate = pem.readBase64FromFile(sys.stdin) +if not substrate: + sys.exit(0) + +cr, rest = decoder.decode(substrate, asn1Spec=ocspReq) + +print(cr.prettyPrint()) + +assert encoder.encode(cr, defMode=False) == substrate or \ + encoder.encode(cr, defMode=True) == substrate, \ + 'OCSP request recode fails' diff --git a/python/pyasn1-modules/tools/ocspserver.py b/python/pyasn1-modules/tools/ocspserver.py new file mode 100755 index 0000000000..2d12d53998 --- /dev/null +++ b/python/pyasn1-modules/tools/ocspserver.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2560, rfc2459, pem +from pyasn1.type import univ +import sys, hashlib +try: + import urllib2 +except ImportError: + import urllib.request as urllib2 + +sha1oid = univ.ObjectIdentifier((1, 3, 14, 3, 2, 26)) + +class ValueOnlyBitStringEncoder(encoder.encoder.BitStringEncoder): + # These methods just do not encode tag and length fields of TLV + def encodeTag(self, *args): return '' + def encodeLength(self, *args): return '' + def encodeValue(*args): + substrate, isConstructed = encoder.encoder.BitStringEncoder.encodeValue(*args) + # OCSP-specific hack follows: cut off the "unused bit count" + # encoded bit-string value. + return substrate[1:], isConstructed + + def __call__(self, bitStringValue): + return self.encode(None, bitStringValue, defMode=1, maxChunkSize=0) + +valueOnlyBitStringEncoder = ValueOnlyBitStringEncoder() + +def mkOcspRequest(issuerCert, userCert): + issuerTbsCertificate = issuerCert.getComponentByName('tbsCertificate') + issuerSubject = issuerTbsCertificate.getComponentByName('subject') + + userTbsCertificate = userCert.getComponentByName('tbsCertificate') + userIssuer = userTbsCertificate.getComponentByName('issuer') + + assert issuerSubject == userIssuer, '%s\n%s' % ( + issuerSubject.prettyPrint(), userIssuer.prettyPrint() + ) + + userIssuerHash = hashlib.sha1( + encoder.encode(userIssuer) + ).digest() + + issuerSubjectPublicKey = issuerTbsCertificate.getComponentByName('subjectPublicKeyInfo').getComponentByName('subjectPublicKey') + + issuerKeyHash = hashlib.sha1( + valueOnlyBitStringEncoder(issuerSubjectPublicKey) + ).digest() + + userSerialNumber = userTbsCertificate.getComponentByName('serialNumber') + + # Build request object + + request = rfc2560.Request() + + reqCert = request.setComponentByName('reqCert').getComponentByName('reqCert') + + hashAlgorithm = reqCert.setComponentByName('hashAlgorithm').getComponentByName('hashAlgorithm') + hashAlgorithm.setComponentByName('algorithm', sha1oid) + + reqCert.setComponentByName('issuerNameHash', userIssuerHash) + reqCert.setComponentByName('issuerKeyHash', issuerKeyHash) + reqCert.setComponentByName('serialNumber', userSerialNumber) + + ocspRequest = rfc2560.OCSPRequest() + + tbsRequest = ocspRequest.setComponentByName('tbsRequest').getComponentByName('tbsRequest') + tbsRequest.setComponentByName('version', 'v1') + + requestList = tbsRequest.setComponentByName('requestList').getComponentByName('requestList') + requestList.setComponentByPosition(0, request) + + return ocspRequest + +def parseOcspRequest(ocspRequest): + tbsRequest = ocspRequest['responseStatus'] + + assert responseStatus == rfc2560.OCSPResponseStatus('successful'), responseStatus.prettyPrint() + responseBytes = ocspResponse.getComponentByName('responseBytes') + responseType = responseBytes.getComponentByName('responseType') + assert responseType == id_pkix_ocsp_basic, responseType.prettyPrint() + + response = responseBytes.getComponentByName('response') + + basicOCSPResponse, _ = decoder.decode( + response, asn1Spec=rfc2560.BasicOCSPResponse() + ) + + tbsResponseData = basicOCSPResponse.getComponentByName('tbsResponseData') + + response0 = tbsResponseData.getComponentByName('responses').getComponentByPosition(0) + + return ( + tbsResponseData.getComponentByName('producedAt'), + response0.getComponentByName('certID'), + response0.getComponentByName('certStatus').getName(), + response0.getComponentByName('thisUpdate') + ) + +if len(sys.argv) != 2: + print("""Usage: +$ cat CACertificate.pem userCertificate.pem | %s <ocsp-responder-url>""" % sys.argv[0]) + sys.exit(-1) +else: + ocspUrl = sys.argv[1] + +# Parse CA and user certificates + +issuerCert, _ = decoder.decode( + pem.readPemFromFile(sys.stdin)[1], + asn1Spec=rfc2459.Certificate() + ) +userCert, _ = decoder.decode( + pem.readPemFromFile(sys.stdin)[1], + asn1Spec=rfc2459.Certificate() + ) + +# Build OCSP request + +ocspReq = mkOcspRequest(issuerCert, userCert) + +# Use HTTP POST to get response (see Appendix A of RFC 2560) +# In case you need proxies, set the http_proxy env variable + +httpReq = urllib2.Request( + ocspUrl, + encoder.encode(ocspReq), + { 'Content-Type': 'application/ocsp-request' } + ) +httpRsp = urllib2.urlopen(httpReq).read() + +# Process OCSP response + +ocspRsp, _ = decoder.decode(httpRsp, asn1Spec=rfc2560.OCSPResponse()) + +producedAt, certId, certStatus, thisUpdate = parseOcspResponse(ocspRsp) + +print('Certificate ID %s is %s at %s till %s\n' % ( + certId.getComponentByName('serialNumber'), + certStatus, + producedAt, + thisUpdate + )) diff --git a/python/pyasn1-modules/tools/pkcs10dump.py b/python/pyasn1-modules/tools/pkcs10dump.py new file mode 100755 index 0000000000..ea979c0cf5 --- /dev/null +++ b/python/pyasn1-modules/tools/pkcs10dump.py @@ -0,0 +1,39 @@ +#!/usr/bin/python +# +# Read ASN.1/PEM X.509 certificate requests (PKCS#10 format) on stdin, +# parse each into plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2314, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat certificateRequest.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +certType = rfc2314.CertificationRequest() + +certCnt = 0 + +while 1: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE REQUEST-----', + '-----END CERTIFICATE REQUEST-----') + ) + if not substrate: + break + + cert, rest = decoder.decode(substrate, asn1Spec=certType) + + if rest: substrate = substrate[:-len(rest)] + + print(cert.prettyPrint()) + + assert encoder.encode(cert, defMode=False) == substrate or \ + encoder.encode(cert, defMode=True) == substrate, \ + 'cert recode fails' + + certCnt = certCnt + 1 + +print('*** %s PEM certificate request(s) de/serialized' % certCnt) diff --git a/python/pyasn1-modules/tools/pkcs1dump.py b/python/pyasn1-modules/tools/pkcs1dump.py new file mode 100755 index 0000000000..d0da82b2fb --- /dev/null +++ b/python/pyasn1-modules/tools/pkcs1dump.py @@ -0,0 +1,42 @@ +#!/usr/bin/python +# +# Read unencrypted PKCS#1/PKIX-compliant, PEM&DER encoded private keys on +# stdin, print them pretty and encode back into original wire format. +# Private keys can be generated with "openssl genrsa|gendsa" commands. +# +from pyasn1_modules import rfc2459, rfc2437, pem +from pyasn1.codec.der import encoder, decoder +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat rsakey.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +cnt = 0 + +while 1: + idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN RSA PRIVATE KEY-----', '-----END RSA PRIVATE KEY-----'), ('-----BEGIN DSA PRIVATE KEY-----', '-----END DSA PRIVATE KEY-----') ) + if not substrate: + break + + if idx == 0: + asn1Spec = rfc2437.RSAPrivateKey() + elif idx == 1: + asn1Spec = rfc2459.DSAPrivateKey() + else: + break + + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: substrate = substrate[:-len(rest)] + + print(key.prettyPrint()) + + assert encoder.encode(key, defMode=False) == substrate or \ + encoder.encode(key, defMode=True) == substrate, \ + 'pkcs8 recode fails' + + cnt = cnt + 1 + +print('*** %s key(s) re/serialized' % cnt) diff --git a/python/pyasn1-modules/tools/pkcs7dump.py b/python/pyasn1-modules/tools/pkcs7dump.py new file mode 100755 index 0000000000..7794871620 --- /dev/null +++ b/python/pyasn1-modules/tools/pkcs7dump.py @@ -0,0 +1,47 @@ +#!/usr/bin/python +# +# Read ASN.1/PEM PKCS#7 on stdin, parse it into plain text, +# then build substrate from it +# +from pyasn1_modules import rfc2315, pem +from pyasn1.codec.der import encoder, decoder +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat pkcs7Certificate.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN PKCS7-----', '-----END PKCS7-----') + ) + +assert substrate, 'bad PKCS7 data on input' + +contentInfo, rest = decoder.decode(substrate, asn1Spec=rfc2315.ContentInfo()) + +if rest: substrate = substrate[:-len(rest)] + +print(contentInfo.prettyPrint()) + +assert encoder.encode(contentInfo, defMode=False) == substrate or \ + encoder.encode(contentInfo, defMode=True) == substrate, \ + 're-encode fails' + +contentType = contentInfo.getComponentByName('contentType') + +contentInfoMap = { + (1, 2, 840, 113549, 1, 7, 1): rfc2315.Data(), + (1, 2, 840, 113549, 1, 7, 2): rfc2315.SignedData(), + (1, 2, 840, 113549, 1, 7, 3): rfc2315.EnvelopedData(), + (1, 2, 840, 113549, 1, 7, 4): rfc2315.SignedAndEnvelopedData(), + (1, 2, 840, 113549, 1, 7, 5): rfc2315.DigestedData(), + (1, 2, 840, 113549, 1, 7, 6): rfc2315.EncryptedData() + } + +content, _ = decoder.decode( + contentInfo.getComponentByName('content'), + asn1Spec=contentInfoMap[contentType] + ) + +print(content.prettyPrint()) diff --git a/python/pyasn1-modules/tools/pkcs8dump.py b/python/pyasn1-modules/tools/pkcs8dump.py new file mode 100755 index 0000000000..d1d125f8cc --- /dev/null +++ b/python/pyasn1-modules/tools/pkcs8dump.py @@ -0,0 +1,41 @@ +#!/usr/bin/python +# +# Read bunch of ASN.1/PEM plain/encrypted private keys in PKCS#8 +# format on stdin, parse each into plain text, then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc5208, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat pkcs8key.pem | %s""" % sys.argv[0]) + sys.exit(-1) + +cnt = 0 + +while 1: + idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN PRIVATE KEY-----', '-----END PRIVATE KEY-----'), ('-----BEGIN ENCRYPTED PRIVATE KEY-----', '-----END ENCRYPTED PRIVATE KEY-----') ) + if not substrate: + break + + if idx == 0: + asn1Spec = rfc5208.PrivateKeyInfo() + elif idx == 1: + asn1Spec = rfc5208.EncryptedPrivateKeyInfo() + else: + break + + key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) + + if rest: substrate = substrate[:-len(rest)] + + print(key.prettyPrint()) + + assert encoder.encode(key, defMode=False) == substrate or \ + encoder.encode(key, defMode=True) == substrate, \ + 'pkcs8 recode fails' + + cnt = cnt + 1 + +print('*** %s PKCS#8 key(s) de/serialized' % cnt) diff --git a/python/pyasn1-modules/tools/snmpget.py b/python/pyasn1-modules/tools/snmpget.py new file mode 100755 index 0000000000..372510329b --- /dev/null +++ b/python/pyasn1-modules/tools/snmpget.py @@ -0,0 +1,37 @@ +#!/usr/bin/python +# +# Generate SNMPGET request, parse response +# +from pyasn1.codec.ber import encoder, decoder +from pyasn1_modules import rfc1157 +import sys, socket + +if len(sys.argv) != 4: + print("""Usage: +$ %s <community> <host> <OID>""" % sys.argv[0]) + sys.exit(-1) + +msg = rfc1157.Message() +msg.setComponentByPosition(0) +msg.setComponentByPosition(1, sys.argv[1]) +# pdu +pdus = msg.setComponentByPosition(2).getComponentByPosition(2) +pdu = pdus.setComponentByPosition(0).getComponentByPosition(0) +pdu.setComponentByPosition(0, 123) +pdu.setComponentByPosition(1, 0) +pdu.setComponentByPosition(2, 0) +vbl = pdu.setComponentByPosition(3).getComponentByPosition(3) +vb = vbl.setComponentByPosition(0).getComponentByPosition(0) +vb.setComponentByPosition(0, sys.argv[3]) +v = vb.setComponentByPosition(1).getComponentByPosition(1).setComponentByPosition(0).getComponentByPosition(0).setComponentByPosition(3).getComponentByPosition(3) + +print('sending: %s' % msg.prettyPrint()) + +sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) +sock.sendto(encoder.encode(msg), (sys.argv[2], 161)) + +substrate, _ = sock.recvfrom(2048) + +rMsg, _ = decoder.decode(substrate, asn1Spec=msg) + +print('received: %s' % rMsg.prettyPrint()) diff --git a/python/pyasn1-modules/tools/x509dump.py b/python/pyasn1-modules/tools/x509dump.py new file mode 100755 index 0000000000..64cba7e305 --- /dev/null +++ b/python/pyasn1-modules/tools/x509dump.py @@ -0,0 +1,40 @@ +#!/usr/bin/python +# +# Read ASN.1/PEM X.509 certificates on stdin, parse each into plain text, +# then build substrate from it +# +from pyasn1.codec.der import decoder, encoder +from pyasn1_modules import rfc2459, pem +import sys + +if len(sys.argv) != 1: + print("""Usage: +$ cat CACertificate.pem | %s +$ cat userCertificate.pem | %s""" % (sys.argv[0], sys.argv[0])) + sys.exit(-1) + +certType = rfc2459.Certificate() + +certCnt = 0 + +while 1: + idx, substrate = pem.readPemBlocksFromFile( + sys.stdin, ('-----BEGIN CERTIFICATE-----', + '-----END CERTIFICATE-----') + ) + if not substrate: + break + + cert, rest = decoder.decode(substrate, asn1Spec=certType) + + if rest: substrate = substrate[:-len(rest)] + + print(cert.prettyPrint()) + + assert encoder.encode(cert, defMode=False) == substrate or \ + encoder.encode(cert, defMode=True) == substrate, \ + 'cert recode fails' + + certCnt = certCnt + 1 + +print('*** %s PEM cert(s) de/serialized' % certCnt) |