Menu
▾
▴
perl-ldap-dev
|
From: <vi...@al...> - 2000-07-31 13:57:21
|
Hi all, I would like to decode an ASN.1 string. In this string a digital certificate is stored. I'm able to retrieve the userCertificate attribute value from the Directory server, but I still don't know how to decode the ASN.1. The only thing I need is the creation timestamp of the certificate. I looked at the Convert::ASN.1 library, but I don't know how to use it. http://search.cpan.org/doc/GBARR/Convert-ASN1-0.07/htdocs/Convert/ASN1.html Maybe somebody has a another example how to decode ASN.1 in Perl with Convert::ASN1? Thanks! Vincent. |
|
From: Graham B. <gb...@po...> - 2000-07-31 14:45:05
|
Well looking in the sources for Net::LDAP will show how to use it. But do you have the ASN.1 definition for the certificate, it also has to be implicitly encoded and with indefinate lengths. Although I do have a fix for indefinate lengths for Convert::ASN1 Graham. On Mon, Jul 31, 2000 at 03:57:14PM +0200, vi...@al... wrote: > Hi all, > > I would like to decode an ASN.1 string. In this string a digital > certificate is stored. > I'm able to retrieve the userCertificate attribute value from > the Directory server, but I still don't know how to decode the > ASN.1. The only thing I need is the creation timestamp of the > certificate. I looked at the Convert::ASN.1 library, but I don't > know how to use it. > http://search.cpan.org/doc/GBARR/Convert-ASN1-0.07/htdocs/Convert/ASN1.html > > Maybe somebody has a another example how to decode ASN.1 in Perl > with Convert::ASN1? > > Thanks! > Vincent. > > > > > |
|
From: Chris R. <chr...@me...> - 2000-07-31 14:58:05
|
Graham Barr <gb...@po...> wrote:
> Well looking in the sources for Net::LDAP will show how to use it.
>
> But do you have the ASN.1 definition for the certificate, it also has
> to be implicitly encoded and with indefinate lengths. Although I
^definite?
In other words, Convert::ASN1 will not decode a certificate encoded using
BER, though a cert encoded in DER will be OK.
> do have a fix for indefinate lengths for Convert::ASN1
>
> Graham.
I just had a quick go, and am having problems.
How does Convert::ASN1 handle ANY, Graham? I don't fancy decoding the
*entire* certificate so want to put in placeholders for the bits I don't
care about.
eg
Foo ::= SEQUENCE {
version [0] INTEGER,
serialNumber ANY,
subject ANY,
...
}
will that do what I expect and let me decode past the bits I don't care
about (serialNumber and subject in the above case)?
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2000-07-31 15:10:02
|
On Mon, Jul 31, 2000 at 03:57:33PM +0100, Chris Ridd wrote:
> Graham Barr <gb...@po...> wrote:
>
> > Well looking in the sources for Net::LDAP will show how to use it.
> >
> > But do you have the ASN.1 definition for the certificate, it also has
> > to be implicitly encoded and with indefinate lengths. Although I
>
> ^definite?
Um, yes
> In other words, Convert::ASN1 will not decode a certificate encoded using
> BER, though a cert encoded in DER will be OK.
Right. but as I said I do have a fix for the indefinate lengths, I just have
to verify it and release it.
> > do have a fix for indefinate lengths for Convert::ASN1
> >
> > Graham.
>
> I just had a quick go, and am having problems.
Like ?
> How does Convert::ASN1 handle ANY, Graham? I don't fancy decoding the
> *entire* certificate so want to put in placeholders for the bits I don't
> care about.
>
> eg
>
> Foo ::= SEQUENCE {
> version [0] INTEGER,
> serialNumber ANY,
> subject ANY,
> ...
> }
>
> will that do what I expect and let me decode past the bits I don't care
> about (serialNumber and subject in the above case)?
It should do. serialNumber in the output has should be the encoded object
it skipped over, complete with it's tag.
Graham.
|
|
From: Chris R. <chr...@me...> - 2000-07-31 15:25:19
|
Graham Barr <gb...@po...> wrote:
> On Mon, Jul 31, 2000 at 03:57:33PM +0100, Chris Ridd wrote:
>> I just had a quick go, and am having problems.
>
> Like ?
Erm, I think I just had the ASN.1 wrong :-)
Well, here's an attempt at decoding the timestamps from a cert:
-----
#!/usr/bin/perl -w
use strict;
use Carp;
use Convert::ASN1;
my $cert;
{
local $/ = undef;
open CERT, "mycert.der" or die;
$cert = <CERT>;
close CERT;
}
my $asn = Convert::ASN1->new;
# Can't get this to work. Want to stop Convert::ASN1 from changing the
# UTCTime values...
#my %opts = (
# timezone => [0,0]
# );
#$asn->configure(decode => \%opts);
# Ignore pretty much everything
$asn->prepare(q<
SEQUENCE {
SEQUENCE {
version [0] IMPLICIT INTEGER OPTIONAL,
serialNumber ANY,
signature ANY,
issuer ANY,
SEQUENCE {
notBefore UTCTime,
notAfter UTCTime
}
subject ANY,
spkinfo ANY,
issueruid [1] IMPLICIT ANY OPTIONAL,
subjectuid [2] IMPLICIT ANY OPTIONAL,
extensions [3] ANY OPTIONAL
}
alg ANY OPTIONAL,
sig BIT STRING
}>) or die;
my $out = $asn->decode($cert) or die;
print "NotBefore: " . $out->{notBefore} . "\n";
print "NotAfter: " . $out->{notAfter} . "\n";
----
I couldn't persuade Convert::ASN1 from messing with the time strings.
Replacing 'UTCTime' above with '[UNIVERSAL 23] IMPLICIT STRING' will get
the correct unadulterated times back...
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2000-07-31 15:47:52
|
On Mon, Jul 31, 2000 at 04:24:44PM +0100, Chris Ridd wrote:
> I couldn't persuade Convert::ASN1 from messing with the time strings.
> Replacing 'UTCTime' above with '[UNIVERSAL 23] IMPLICIT STRING' will get
> the correct unadulterated times back...
You mean you want the string exactly as it appeasrs ?
By default Convert::ASN1 will return a unix time (ie UTC) of the time in the cert.
If you do
$asn->configure( decode => { timezone => 1 } );
Then the time value will be an array of two elements, the unixtime value and
the timezone offset that was specified.
We could add other options to make it just return the string.
Graham.
|
|
From: Chris R. <chr...@me...> - 2000-08-01 08:15:35
|
Graham Barr <gb...@po...> wrote:
> On Mon, Jul 31, 2000 at 04:24:44PM +0100, Chris Ridd wrote:
>> I couldn't persuade Convert::ASN1 from messing with the time strings.
>> Replacing 'UTCTime' above with '[UNIVERSAL 23] IMPLICIT STRING' will get
>> the correct unadulterated times back...
>
> You mean you want the string exactly as it appeasrs ?
Yes. It can sometimes be useful to get the 'raw' octets. (In this case, it
was useful because I could compare the values with the strings I could see
in the cert. But it's useful for when you care about what optional parts of
the value are present.)
> By default Convert::ASN1 will return a unix time (ie UTC) of the time in
> the cert.
>
> If you do
>
> $asn->configure( decode => { timezone => 1 } );
>
> Then the time value will be an array of two elements, the unixtime value
> and the timezone offset that was specified.
>
> We could add other options to make it just return the string.
>
> Graham.
That only gives me the following error:
Can't use string ("decode") as a SCALAR ref while "strict refs" in use at
/usr/lib/perl5/site_perl/5.005/Convert/ASN1.pm line 107.
Convert::ASN1::configure('Convert::ASN1=HASH(0x8373cf0)', 'decode',
'HASH(0x83b2efc)') called at ./testcert.pl line 20
Cheers,
Chris
|
|
From: Graham B. <gb...@po...> - 2000-08-01 09:14:46
|
On Tue, Aug 01, 2000 at 09:15:04AM +0100, Chris Ridd wrote:
> Graham Barr <gb...@po...> wrote:
>
> > On Mon, Jul 31, 2000 at 04:24:44PM +0100, Chris Ridd wrote:
> >> I couldn't persuade Convert::ASN1 from messing with the time strings.
> >> Replacing 'UTCTime' above with '[UNIVERSAL 23] IMPLICIT STRING' will get
> >> the correct unadulterated times back...
> >
> > You mean you want the string exactly as it appeasrs ?
>
> Yes. It can sometimes be useful to get the 'raw' octets. (In this case, it
> was useful because I could compare the values with the strings I could see
> in the cert. But it's useful for when you care about what optional parts of
> the value are present.)
We could change the configure options to be
decode => { time => 'raw|unixtime|timezone' }
where `unixtime' is the default
> > If you do
> >
> > $asn->configure( decode => { timezone => 1 } );
> >
> That only gives me the following error:
>
> Can't use string ("decode") as a SCALAR ref while "strict refs" in use at
> /usr/lib/perl5/site_perl/5.005/Convert/ASN1.pm line 107.
> Convert::ASN1::configure('Convert::ASN1=HASH(0x8373cf0)', 'decode',
> 'HASH(0x83b2efc)') called at ./testcert.pl line 20
Whoops, typo :)
Change like 107 to
$self->{options}{"${type}_${what}"} = $value;
Graham.
|
|
From: Chris R. <chr...@me...> - 2000-08-01 09:39:54
|
Graham Barr <gb...@po...> wrote:
> We could change the configure options to be
>
> decode => { time => 'raw|unixtime|timezone' }
>
> where `unixtime' is the default
Sounds good to me.
Cheers,
Chris
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X