Re: [pyasn1-users] Decoding X509 Extensions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

BTW, there is a pending change in unreleased master which would break
this check:

>     akid['authorityCertIssuer'] is None == True
>     akid['authorityCertSerialNumber'] is None == True

The latest code lazily instantiates all sequence components on first
access so that working with nested objects would be easier:

      asn1_obj = DeeplyNestedSequence()
      asn1_obj['inner']['foo'] = 'bar

Before that change, you'd have to:

      asn1_obj = DeeplyNestedSequence()
      asn1_obj['inner'] = None  # this triggers 'inner' component
instantiation
      asn1_obj['inner']['foo'] = 'bar

With the first example, the same check for object initialization state
could be done by testing its `.isValue` property:

    akid['authorityCertIssuer'].isValue

or `.hasValue()` function (which is backward compatible).

Let me know if you have strong opinions on this change... ;-)

On 04/06/2017 01:49 PM, Sergey Matveev wrote:
> *** Paul King <pa...@gr...> [2017-04-06 14:11]:
>> I am nearly there decoding all Extensions in a X509 cert but I am stuck on some final decoding. I have confused myself I am sure so can someone sort me out?
>>    sal_raw = extension.getComponentByPosition(2)
>> 2 [Any(hexValue='04183016801459a4660652a07b95923ca394072796745bf93dd0’)]
> 
> Now you have got Any X.509 extension value. It is by definition is
> OctetString. So X.509 Extension's extnValue is:
> 
>     akid_raw, tail = decode(sal_raw.asOctets(), OctetString())
> 
> then, decode this AuthorityKeyIdentifier:
> 
>     class AuthorityKeyIdentifier(Sequence):
>         componentType = NamedTypes(
>             OptionalNamedType('keyIdentifier', KeyIdentifier().subtype(
>                 implicitTag=Tag(tagClassContext, tagFormatSimple, 0)
>             )),
>             OptionalNamedType('authorityCertIssuer', GeneralNames().subtype(
>                 implicitTag=Tag(tagClassContext, tagFormatSimple, 1)
>             )),
>             OptionalNamedType(
>                 'authorityCertSerialNumber', CertificateSerialNumber().subtype(
>                     implicitTag=Tag(tagClassContext, tagFormatSimple, 2)
>                 )
>             )
>         )
> 
>     akid, tail = decode(akid_raw, AuthorityKeyIdentifier())
> 
>     akid == AuthorityKeyIdentifier().setComponents(KeyIdentifier(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0, tagId=0)), hexValue='59a4660652a07b95923ca394072796745bf93dd0'))
> 
> Now you have AuthorityKeyIdentifier object. You can be sure that
> authorityCertIssuer and authorityCertSerialNumber are set to None:
> 
>     akid['authorityCertIssuer'] is None == True
>     akid['authorityCertSerialNumber'] is None == True
> 
> to get KeyIdentifier value itself just do:
> 
>     akid['keyIdentifier'].asOctets()
>     '59a4660652a07b95923ca394072796745bf93dd0'
> 
> But pay attention that X.509 Extension's extnValue has various ASN.1
> structure for various corresponding Extension's extnID's. This
> structure is only for AuthorityKeyIdentifier. You have to specify
> another ones to decode other extensions properly.
> 