[pyasn1-users] Decoding X509 Extensions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,
I am nearly there decoding all Extensions in a X509 cert but I am stuck on some final decoding. I have confused myself I am sure so can someone sort me out?

I am using pyasn1 and pyasn1_modules, alongside pyopenssl.

I can get the data in two forms:

== 1 ==

extensions = asn1_cert['tbsCertificate']['extensions']
for extension in extensions:
    extension_oid = extension.getComponentByPosition(0)
    print("0 [%s]" % (repr(extension_oid)))
    critical_flag = extension.getComponentByPosition(1)
    print("1 [%s]" % (repr(critical_flag)))
    sal_raw = extension.getComponentByPosition(2)
    print("2 [%s]" % (repr(sal_raw)))

Output:
0 [ObjectIdentifier('2.5.29.35')]
1 [Boolean('False')]
2 [Any(hexValue='04183016801459a4660652a07b95923ca394072796745bf93dd0’)]

== 2 ==

cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert )
for i in range(cert.get_extension_count()):
    name = cert.get_extension(i).get_short_name()
    data = cert.get_extension(i).get_data()
    print name+" "+"".join(['%02x' % ord(b) for b in data])

Output:
authorityKeyIdentifier 3016801459a4660652a07b95923ca394072796745bf93dd0

=======

I am confused on the two raw data fields that I have.

If I decode “04183016801459a4660652a07b95923ca394072796745bf93dd0” online using https://holtstrom.com/michael/tools/asn1decoder.php <https://holtstrom.com/michael/tools/asn1decoder.php>
then I get "OCTETSTRING 3016801459a4660652a07b95923ca394072796745bf93dd0” which maps to the data in my second method.

If I then decode “3016801459a4660652a07b95923ca394072796745bf93dd0” using the same tool I get:
SEQUENCE {
            [0] 59a4660652a07b95923ca394072796745bf93dd0
         }

And “59a4660652a07b95923ca394072796745bf93dd0” is the correct "X509v3 Authority Key Identifier” from command line X509.

How do I decode “3016801459a4660652a07b95923ca394072796745bf93dd0” correctly in my python to get to the correct keyid?

I have to do the same for all of these in the same list:
[ObjectIdentifier('2.5.29.35')]
[ObjectIdentifier('2.5.29.14')]
[ObjectIdentifier('2.5.29.17')]
[ObjectIdentifier('2.5.29.15')]
[ObjectIdentifier('2.5.29.37')]
[ObjectIdentifier('2.5.29.31')]
[ObjectIdentifier('2.5.29.32')]
[ObjectIdentifier('1.3.6.1.5.5.7.1.1')]
[ObjectIdentifier('2.5.29.19’)]