calidog / easyssl Goto Github PK
View Code? Open in Web Editor NEWSSL certificate parsing for humans
License: MIT License
SSL certificate parsing for humans
License: MIT License
I am getting the following warnings after installing EasySSL 1.3, and doing a deps.get
or deps.compile
==> easy_ssl
Compiling 1 file (.ex)
warning: :crypto.hash/2 defined in application :crypto is used by the current application but the current application does not depend on :crypto. To fix this, you must do one of:
1. If :crypto is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs
2. If :crypto is a dependency, make sure it is listed under "def deps" in your mix.exs
3. In case you don't want to add a requirement to :crypto, you may optionally skip this warning by adding [xref: [exclude: [:crypto]]] to your "def project" in mix.exs
lib/easy_ssl.ex:201: EasySSL.fingerprint_cert/1
warning: :public_key.pkix_decode_cert/2 defined in application :public_key is used by the current application but the current application does not depend on :public_key. To fix this, you must do one of:
1. If :public_key is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs
2. If :public_key is a dependency, make sure it is listed under "def deps" in your mix.exs
3. In case you don't want to add a requirement to :public_key, you may optionally skip this warning by adding [xref: [exclude: [:public_key]]] to your "def project" in mix.exs
lib/easy_ssl.ex:76: EasySSL.parse_der/2
warning: :public_key.pkix_sign_types/1 defined in application :public_key is used by the current application but the current application does not depend on :public_key. To fix this, you must do one of:
1. If :public_key is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs
2. If :public_key is a dependency, make sure it is listed under "def deps" in your mix.exs
3. In case you don't want to add a requirement to :public_key, you may optionally skip this warning by adding [xref: [exclude: [:public_key]]] to your "def project" in mix.exs
lib/easy_ssl.ex:273: EasySSL.parse_signature_algo/1
Generated easy_ssl app
This is with:
elixir 1.12.3-otp-24
erlang 24.1
If I put xref: [exclude: [:crypto, :public_key]]
in the mix.exs project()
function, the warnings go away. I have no idea if this module actually needs those applications to be running.. my guess is not. If that's the case, I can create a PR with this fix.
Thanks,
Nate
i can imagine you never needed custom extensions, because for the certstream-server it's unusual to see them - but they do exist :) right now, i just know "it's there", but the library does not offer a way to access it:
iex> EasySSL.parse_der(cert)
%{
extensions: %{
extra: ["1.3.6.1.5.5.7.1.323.2", "1.3.6.1.5.5.7.1.323.1"],
},
subject: %{
aggregated: "/CN=my_cn"
},
serial_number: "A"
}
using erlang's public_key
library i can get it:
{:OTPCertificate, {:OTPTBSCertificate, _, _, _, _, _, _, _, _, _, extensions}, _, _} =
:public_key.pkix_decode_cert(cert, :otp)
Enum.filter(extensions, fn
{:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 323, 1}, _, _} -> true
_ -> false
end) |> List.first()
Question is, do you see fit for the library or is it too special @Fitblip ? it'd probably include a bit code towards ASN1 handling - to get a least some meaningful values returned ..
10:37:59.774 [error] ** (CaseClauseError) no case clause matching: {:rfc822Name, '[email protected]'}
(easy_ssl 1.1.2) lib/easy_ssl.ex:400: anonymous fn/1 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:1396: Enum."-map/2-lists^map/1-0-"/2
(easy_ssl 1.1.2) lib/easy_ssl.ex:399: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:395: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:70: EasySSL.parse_der/2
(tls_worker 0.1.0) lib/tls_worker/certificate.ex:140: TLSWorker.Certificate.process_certificate/
Here's a possible fix:
{:Extension, {2, 5, 29, 31}, _critical, crl_distribution_points} ->
Map.put(
extension_map,
:crlDistributionPoints,
crl_distribution_points
|> Enum.reduce([], fn distro_point, output ->
case distro_point do
{:DistributionPoint, {:fullName, crls}, :asn1_NOVALUE, :asn1_NOVALUE} ->
crl_string =
crls
|> Enum.map(fn identifier ->
case identifier do
{:uniformResourceIdentifier, uri} ->
" URI:#{uri}"
{:rfc822Name, identifier} -> " RFC 822 Name: #{identifier}"
{:directoryName, _rdn_sequence} ->
"" # Just skip this for now, not commonly used.
end
end)
|> Enum.join("\n")
output = ["Full Name:" | output]
output = [crl_string | output]
output
|> Enum.reverse()
_ ->
Logger.error("Unhandled CRL distrobution point #{inspect distro_point}")
output
end
end)
|> Enum.join("\n")
)
I have a pull request in for this issue.
I got the following errors when I try to use EasySSL with Elixir 1.14.
(Sorry I'm an Elixir newbie and I cannot guess a root cause but let me report)
$ elixir --version 11:38:54
Erlang/OTP 25 [erts-13.2] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1] [jit] [dtrace]
Elixir 1.14.4 (compiled with Erlang/OTP 23)
$ mix test 11:38:39
warning: use Mix.Config is deprecated. Use the Config module instead
config/config.exs:3
Compiling 1 file (.ex)
1) test parses signature algorithm correctly (EasySSLTest)
test/easy_ssl_test.exs:112
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 42, 48, 40, 160, 38, 160, 36, 134, 34, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 46, 103, 111, 100, 97, 100, 100, 121, 46, 99, 111, 109, 47, 103, 100, 115, 49, 45, 57, 48, 46, 99, 114, 108>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: cert = File.read!(@pem_cert_dir <> "acaline.com.crt") |> EasySSL.parse_pem()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:113: (test)
..
2) test parses all certifiates in @pem_cert_dir directory (EasySSLTest)
test/easy_ssl_test.exs:34
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 42, 48, 40, 160, 38, 160, 36, 134, 34, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 46, 103, 111, 100, 97, 100, 100, 121, 46, 99, 111, 109, 47, 103, 100, 115, 49, 45, 57, 48, 46, 99, 114, 108>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: |> Enum.each(fn cert_filename ->
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:38: anonymous fn/1 in EasySSLTest."test parses all certifiates in @pem_cert_dir directory"/1
(elixir 1.14.4) lib/enum.ex:975: Enum."-each/2-lists^foreach/1-0-"/2
test/easy_ssl_test.exs:36: (test)
.
3) test parses subject and issuer correctly (EasySSLTest)
test/easy_ssl_test.exs:103
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 90, 48, 43, 160, 41, 160, 39, 134, 37, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 101, 118, 99, 97, 49, 45, 103, 50, 46, 99, 114, 108, 48, 43, 160, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: cert = File.read!(@pem_cert_dir <> "github.com.crt") |> EasySSL.parse_pem()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:104: (test)
4) test parses validity dates correctly (EasySSLTest)
test/easy_ssl_test.exs:89
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 90, 48, 43, 160, 41, 160, 39, 134, 37, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 101, 118, 99, 97, 49, 45, 103, 50, 46, 99, 114, 108, 48, 43, 160, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: cert = File.read!(@pem_cert_dir <> "github.com.crt") |> EasySSL.parse_pem()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:90: (test)
5) test parses all certifiates in @der_cert_dir directory (EasySSLTest)
test/easy_ssl_test.exs:21
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 60, 48, 58, 160, 56, 160, 54, 134, 52, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 46, 103, 108, 111, 98, 97, 108, 115, 105, 103, 110, 46, 99, 111, 109, 47, 103, 115, 47, 103, 115, 111, 114, 103, 97, 110, 105, 122, 97, 116, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: |> Enum.each(fn cert_filename ->
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:25: anonymous fn/1 in EasySSLTest."test parses all certifiates in @der_cert_dir directory"/1
(elixir 1.14.4) lib/enum.ex:975: Enum."-each/2-lists^foreach/1-0-"/2
test/easy_ssl_test.exs:23: (test)
6) test parses and adds all domains to the top level leaf node (EasySSLTest)
test/easy_ssl_test.exs:59
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 57, 48, 55, 160, 53, 160, 51, 134, 49, 104, 116, 116, 112, 58, 47, 47, 69, 86, 83, 101, 99, 117, 114, 101, 45, 99, 114, 108, 46, 118, 101, 114, 105, 115, 105, 103, 110, 46, 99, 111, 109, 47, 69, 86, 83, 101, 99, 117, 114, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: |> EasySSL.parse_der()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:63: (test)
Finished in 0.08 seconds (0.00s async, 0.08s sync)
9 tests, 6 failures
I ran into an error recently when parsing a certificate:
10:37:26.790 [error] ** (MatchError) no match of right hand side value: {:AccessDescription, {1, 3, 6, 1, 5, 5, 7, 48, 2}, {:directoryName, {:rdnSequence, [[{:AttributeTypeAndValue, {2, 5, 4, 10}, <<19, 6, 104, 112, 46, 99, 111, 109>>}], [{:AttributeTypeAndValue, {2, 5, 4, 11}, <<19, 17, 73, 84, 32, 73, 110, 102, 114, 97, 115, 116, 114, 117, 99, 116, 117, 114, 101>>}], [{:AttributeTypeAndValue, {2, 5, 4, 6}, <<19, 2, 85, 83>>}], [{:AttributeTypeAndValue, {2, 5, 4, 10}, <<19, 23, 72, 101, 119, 108, 101, 116, 116, 45, 80, 97, 99, 107, 97, 114, 100, 32, 67, 111, 109, 112, 97, 110, 121>>}], [{:AttributeTypeAndValue, {2, 5, 4, 3}, <<19, 55, 72, 101, 119, 108, 101, 116, 116, 45, 80, 97, 99, 107, 97, 114, 100, 32, 80, 114, 105, 118, 97, 116, 101, 32, 67, 108, 97, 115, 115, 32, 50, 32, ...>>}]]}}}
(easy_ssl 1.1.2) lib/easy_ssl.ex:292: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:291: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:70: EasySSL.parse_der/2
(tls_worker 0.1.0) lib/tls_worker/certificate.ex:140: TLSWorker.Certificate.process_certificate/4
(tls_worker 0.1.0) lib/tls_worker.ex:35: TLSWorker.run_scan/2
(tls_worker 0.1.0) lib/tls_worker/broadway.ex:135: TLSWorker.Broadway.process_message/1
This occurs because the match on line 292 is too restrictive and causes the above match error.
Current code:
{:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 1}, _critical, authority_info_access} ->
Map.put(
extension_map,
:authorityInfoAccess,
authority_info_access
|> Enum.reduce([], fn match, entries ->
{:AccessDescription, oid, {:uniformResourceIdentifier, url}} = match
["#{@authority_info_access_oids[oid]}:#{url}" | entries]
end)
|> Enum.join("\n")
|> String.replace_suffix("", "\n")
)
I propose adding a case clause and ignoring anything that does not fit the first case clause:
{:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 1}, _critical, authority_info_access} ->
Map.put(
extension_map,
:authorityInfoAccess,
authority_info_access
|> Enum.reduce([], fn match, entries ->
case match do
{:AccessDescription, oid, {:uniformResourceIdentifier, url}} -> ["#{@authority_info_access_oids[oid]}:#{url}" | entries]
_ -> entries
end
end)
|> Enum.join("\n")
|> String.replace_suffix("", "\n")
)
I have a branch ready for a pull request.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.