From 014437298c8f26404f724c7ea1ac5664e8b6d79e Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Wed, 6 Jul 2022 17:08:12 -0700 Subject: [PATCH] add pkcs7 example --- docs/parsers/x509_cert.md | 85 ++++++++++++++++++++++++++++++++++++++- jc/parsers/x509_cert.py | 85 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 168 insertions(+), 2 deletions(-) diff --git a/docs/parsers/x509_cert.md b/docs/parsers/x509_cert.md index f0c24bd2..4d376a04 100644 --- a/docs/parsers/x509_cert.md +++ b/docs/parsers/x509_cert.md @@ -7,6 +7,10 @@ jc - JSON Convert X.509 Certificate format file parser This parser will convert DER and PEM encoded X.509 certificate files. +You can convert other certificate formats (e.g. PKCS #7, PKCS #12, etc.) by +processing them through a program like `openssl` and sending the output to +jc. (See example below) + Usage (cli): $ cat certificate.pem | jc --x509-cert @@ -122,7 +126,7 @@ Schema: Examples: - $ cat entrust-ec1.pem| jc --x509-cert -p + $ cat entrust-ec1.pem | jc --x509-cert -p [ { "tbs_certificate": { @@ -197,6 +201,85 @@ Examples: } ] + $ openssl pkcs7 -in thawte.p7b -inform der -print_certs | \ + jc --x509-cert | -p + [ + { + "tbs_certificate": { + "version": "v3", + "serial_number": "34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db...", + "signature": { + "algorithm": "sha1_rsa", + "parameters": null + }, + "issuer": { + "country_name": "US", + "organization_name": "thawte, Inc.", + "organizational_unit_name": [ + "Certification Services Division", + "(c) 2006 thawte, Inc. - For authorized use only" + ], + "common_name": "thawte Primary Root CA" + }, + "validity": { + "not_before": 1163721600, + "not_after": 2099865599, + "not_before_iso": "2006-11-17T00:00:00+00:00", + "not_after_iso": "2036-07-16T23:59:59+00:00" + }, + "subject": { + "country_name": "US", + "organization_name": "thawte, Inc.", + "organizational_unit_name": [ + "Certification Services Division", + "(c) 2006 thawte, Inc. - For authorized use only" + ], + "common_name": "thawte Primary Root CA" + }, + "subject_public_key_info": { + "algorithm": { + "algorithm": "rsa", + "parameters": null + }, + "public_key": { + "modulus": "ac:a0:f0:fb:80:59:d4:9c:c7:a4:cf:9d:a1:59:73...", + "public_exponent": 65537 + } + }, + "issuer_unique_id": null, + "subject_unique_id": null, + "extensions": [ + { + "extn_id": "basic_constraints", + "critical": true, + "extn_value": { + "ca": true, + "path_len_constraint": null + } + }, + { + "extn_id": "key_usage", + "critical": true, + "extn_value": [ + "crl_sign", + "key_cert_sign" + ] + }, + { + "extn_id": "key_identifier", + "critical": false, + "extn_value": "7b:5b:45:cf:af:ce:cb:7a:fd:31:92:1a:6a:b6:..." + } + ] + }, + "signature_algorithm": { + "algorithm": "sha1_rsa", + "parameters": null + }, + "signature_value": "79:11:c0:4b:b3:91:b6:fc:f0:e9:67:d4:0d:6e..." + } + ] + ### parse diff --git a/jc/parsers/x509_cert.py b/jc/parsers/x509_cert.py index e1812546..4c749d79 100644 --- a/jc/parsers/x509_cert.py +++ b/jc/parsers/x509_cert.py @@ -2,6 +2,10 @@ This parser will convert DER and PEM encoded X.509 certificate files. +You can convert other certificate formats (e.g. PKCS #7, PKCS #12, etc.) by +processing them through a program like `openssl` and sending the output to +jc. (See example below) + Usage (cli): $ cat certificate.pem | jc --x509-cert @@ -117,7 +121,7 @@ Schema: Examples: - $ cat entrust-ec1.pem| jc --x509-cert -p + $ cat entrust-ec1.pem | jc --x509-cert -p [ { "tbs_certificate": { @@ -191,6 +195,85 @@ Examples: "signature_value": "30:64:02:30:61:79:d8:e5:42:47:df:1c:ae:53:..." } ] + + $ openssl pkcs7 -in thawte.p7b -inform der -print_certs | \ + jc --x509-cert | -p + [ + { + "tbs_certificate": { + "version": "v3", + "serial_number": "34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db...", + "signature": { + "algorithm": "sha1_rsa", + "parameters": null + }, + "issuer": { + "country_name": "US", + "organization_name": "thawte, Inc.", + "organizational_unit_name": [ + "Certification Services Division", + "(c) 2006 thawte, Inc. - For authorized use only" + ], + "common_name": "thawte Primary Root CA" + }, + "validity": { + "not_before": 1163721600, + "not_after": 2099865599, + "not_before_iso": "2006-11-17T00:00:00+00:00", + "not_after_iso": "2036-07-16T23:59:59+00:00" + }, + "subject": { + "country_name": "US", + "organization_name": "thawte, Inc.", + "organizational_unit_name": [ + "Certification Services Division", + "(c) 2006 thawte, Inc. - For authorized use only" + ], + "common_name": "thawte Primary Root CA" + }, + "subject_public_key_info": { + "algorithm": { + "algorithm": "rsa", + "parameters": null + }, + "public_key": { + "modulus": "ac:a0:f0:fb:80:59:d4:9c:c7:a4:cf:9d:a1:59:73...", + "public_exponent": 65537 + } + }, + "issuer_unique_id": null, + "subject_unique_id": null, + "extensions": [ + { + "extn_id": "basic_constraints", + "critical": true, + "extn_value": { + "ca": true, + "path_len_constraint": null + } + }, + { + "extn_id": "key_usage", + "critical": true, + "extn_value": [ + "crl_sign", + "key_cert_sign" + ] + }, + { + "extn_id": "key_identifier", + "critical": false, + "extn_value": "7b:5b:45:cf:af:ce:cb:7a:fd:31:92:1a:6a:b6:..." + } + ] + }, + "signature_algorithm": { + "algorithm": "sha1_rsa", + "parameters": null + }, + "signature_value": "79:11:c0:4b:b3:91:b6:fc:f0:e9:67:d4:0d:6e..." + } + ] """ import binascii from collections import OrderedDict