3

The asn1crypto package with x509 is being used. I'd like to find particular values in the .der file. The file is opened and read(), then:

mycert = x509.Certificate.load(data)

This returns an object of type asn1crypto.x509.Certificate like so b'0\x81\x50\...'. In debug, mycert can be expanded to show the various keys and values, however I'd like to search directly in the 'mycert' for such keys/values. How can I do this?

EDIT:

The asn1crypto package doesn't have to be used, another one can be used instead.

EDIT:

Expanded code:

with open(cert_path, 'rb') as cert_file:
    data = cert_file.read()

mycert = x509.Certificate.load(data)

a = mycert.native # doesn't work!
pymat
  • 1,090
  • 1
  • 23
  • 45

1 Answers1

1

In asn1crypto.x509 the attribute native contains the native Python datatype representation of the certificate. The values are hierarchically structured and can be OrderedDicts as well:

import asn1crypto.x509 as x509
import pprint

with open('crt.der', mode='rb') as file:
    data = file.read()

    mycert = x509.Certificate.load(data)

    pprint.pprint(mycert.native)

Output:

OrderedDict([('tbs_certificate',
              OrderedDict([('version', 'v3'),
                           ('serial_number', 15158908894724103801),
                           ('signature',
                            OrderedDict([('algorithm', 'sha256_rsa'),
                                         ('parameters', None)])),
                           ('issuer',
                            OrderedDict([('country_name', 'XX'),
                                         ('state_or_province_name',
                                          'Some-State'),
                                         ('locality_name', 'Some-City'),
                                         ('organization_name', 'example ltd'),
                                         ('common_name', 'www.example.com'),
                                         ('email_address',
                                          'info@example.com')])),
                           ('validity',
                            OrderedDict([('not_before',
                                          datetime.datetime(2022, 9, 5, 6, 58, 21, tzinfo=datetime.timezone.utc)),
                                         ('not_after',
                                          datetime.datetime(2022, 10, 5, 6, 58, 21, tzinfo=datetime.timezone.utc))])),
                           ('subject',
                            OrderedDict([('country_name', 'XX'),
                                         ('state_or_province_name',
                                          'Some-State'),
                                         ('locality_name', 'Some-City'),
                                         ('organization_name', 'example ltd'),
                                         ('common_name', 'www.example.com'),
                                         ('email_address',
                                          'info@example.com')])),
...

You can find several discussions in SO on how to search in a nested dict like "Find all occurrences of a key in nested dictionaries and lists".

Markus
  • 5,976
  • 5
  • 6
  • 21
  • thank you for the tip. In my case I get a python-BaseException (KeyError: '1.3.5.....') when trying to call the mycert.native – pymat Sep 07 '22 at 08:33
  • @pymat, I have added the full reproducible example to my answer. Two points: (1) Could you please check if this standalone is working with your der-file? (2) Can you please explain, how you are trying to "call" `mycert.native`? It would be best if you would add reproducible code and full error message to your question. – Markus Sep 07 '22 at 09:40
  • using your example, I noticed that when I use "test0 = mycert[0]" I get the TbsCertificate. Then when debugging I get a similar structure like you in the ppring example above, when I exapand the 'native' attribute. However when I use 'native' on 'test0', I get the key error. – pymat Sep 07 '22 at 10:28
  • @pymat, what could be the difference between your and my environment? I'm using `asn1crypto 1.5.1`. What are you using? – Markus Sep 07 '22 at 10:43