From f0b9662c5e3921cfb8daf112962c69eb9b792e7a Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Wed, 20 Jul 2022 07:54:50 -0700 Subject: [PATCH] add docs --- jc/parsers/x509_cert.py | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/jc/parsers/x509_cert.py b/jc/parsers/x509_cert.py index 399f332a..ef7187d9 100644 --- a/jc/parsers/x509_cert.py +++ b/jc/parsers/x509_cert.py @@ -6,6 +6,11 @@ You can convert other certificate formats (e.g. PKCS #7, PKCS #12, etc.) by processing them through a program like `openssl` and sending the output to `jc`. (See examples below) +> Note: `jc` does not verify the integrity of the certificate, which +> requires calculating the hash of the certificate body and comparing it to +> the the hash in the certificate's signature after it is decrypted with the +> issuer certificate's public key. + Usage (cli): $ cat certificate.pem | jc --x509-cert @@ -119,6 +124,39 @@ Schema: } } + Subject Alternative Name: + { + "extn_id": "subject_alt_name", + "critical": boolean, + "extn_value": [ + string + ] + } + + Certificate Policies: + { + "extn_id": "certificate_policies", + "critical": boolean, + "extn_value": [ + { + "policy_identifier": string, + "policy_qualifiers": [ array or null + { + "policy_qualifier_id": string, + "qualifier": string + } + ] + } + ] + } + + Signed Certificate Timestamp List + { + "extn_id": "signed_certificate_timestamp_list", + "critical": boolean, + "extn_value": string # [0] + } + Examples: $ cat entrust-ec1.pem | jc --x509-cert -p