#!/usr/bin/env python # # Electrum - lightweight Bitcoin client # Copyright (C) 2014 Thomas Voegtlin # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . from datetime import datetime import sys import tlslite import util from util import profiler, print_error from asn1tinydecoder import asn1_node_root, asn1_get_all, asn1_get_value, \ asn1_get_value_of_type, asn1_node_next, asn1_node_first_child, \ asn1_read_length, asn1_node_is_child_of, \ bytestr_to_int, bitstr_to_bytestr # workaround https://github.com/trevp/tlslite/issues/15 tlslite.utils.cryptomath.pycryptoLoaded = False # algo OIDs ALGO_RSA_SHA1 = '1.2.840.113549.1.1.5' ALGO_RSA_SHA256 = '1.2.840.113549.1.1.11' ALGO_RSA_SHA384 = '1.2.840.113549.1.1.12' ALGO_RSA_SHA512 = '1.2.840.113549.1.1.13' # prefixes, see http://stackoverflow.com/questions/3713774/c-sharp-how-to-calculate-asn-1-der-encoding-of-a-particular-hash-algorithm PREFIX_RSA_SHA256 = bytearray([0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20]) PREFIX_RSA_SHA384 = bytearray([0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30]) PREFIX_RSA_SHA512 = bytearray([0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40]) class CertificateError(Exception): pass def decode_OID(s): s = map(ord, s) r = [] r.append(s[0] / 40) r.append(s[0] % 40) k = 0 for i in s[1:]: if i<128: r.append(i + 128*k) k = 0 else: k = (i - 128) + 128*k return '.'.join(map(str,r)) def asn1_get_children(der, i): nodes = [] ii = asn1_node_first_child(der,i) nodes.append(ii) while ii[2] now: raise CertificateError('Certificate has not entered its valid date range.') if not_after <= now: raise CertificateError('Certificate has expired.') class X509CertChain(tlslite.X509CertChain): pass @profiler def load_certificates(ca_path): ca_list = {} ca_keyID = {} with open(ca_path, 'r') as f: s = f.read() bList = tlslite.utils.pem.dePemList(s, "CERTIFICATE") for b in bList: x = X509() try: x.parseBinary(b) x.check_date() except BaseException as e: util.print_error("cert error:", e) continue fp = x.getFingerprint() ca_list[fp] = x ca_keyID[x.get_keyID()] = fp return ca_list, ca_keyID