calidog / easyssl Goto Github PK
View Code? Open in Web Editor NEWSSL certificate parsing for humans
License: MIT License
easyssl's People
Contributors
Stargazers
Watchers
Forkers
rmoorman ninoseki ahovgaard omh kayger44 toddholmberg synse ameg-yag ruudk bytevan kianmeng sbv-csis haljin binaryape digital-identity-labs mitel wkxaaxa399easyssl's Issues
Dependency errors
I am getting the following warnings after installing EasySSL 1.3, and doing a deps.get or deps.compile
==> easy_ssl
Compiling 1 file (.ex)
warning: :crypto.hash/2 defined in application :crypto is used by the current application but the current application does not depend on :crypto. To fix this, you must do one of:
1. If :crypto is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs
2. If :crypto is a dependency, make sure it is listed under "def deps" in your mix.exs
3. In case you don't want to add a requirement to :crypto, you may optionally skip this warning by adding [xref: [exclude: [:crypto]]] to your "def project" in mix.exs
lib/easy_ssl.ex:201: EasySSL.fingerprint_cert/1
warning: :public_key.pkix_decode_cert/2 defined in application :public_key is used by the current application but the current application does not depend on :public_key. To fix this, you must do one of:
1. If :public_key is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs
2. If :public_key is a dependency, make sure it is listed under "def deps" in your mix.exs
3. In case you don't want to add a requirement to :public_key, you may optionally skip this warning by adding [xref: [exclude: [:public_key]]] to your "def project" in mix.exs
lib/easy_ssl.ex:76: EasySSL.parse_der/2
warning: :public_key.pkix_sign_types/1 defined in application :public_key is used by the current application but the current application does not depend on :public_key. To fix this, you must do one of:
1. If :public_key is part of Erlang/Elixir, you must include it under :extra_applications inside "def application" in your mix.exs
2. If :public_key is a dependency, make sure it is listed under "def deps" in your mix.exs
3. In case you don't want to add a requirement to :public_key, you may optionally skip this warning by adding [xref: [exclude: [:public_key]]] to your "def project" in mix.exs
lib/easy_ssl.ex:273: EasySSL.parse_signature_algo/1
Generated easy_ssl app
This is with:
elixir 1.12.3-otp-24
erlang 24.1
If I put xref: [exclude: [:crypto, :public_key]] in the mix.exs project() function, the warnings go away. I have no idea if this module actually needs those applications to be running.. my guess is not. If that's the case, I can create a PR with this fix.
Thanks,
Nate
access to custom extensions
i can imagine you never needed custom extensions, because for the certstream-server it's unusual to see them - but they do exist :) right now, i just know "it's there", but the library does not offer a way to access it:
iex> EasySSL.parse_der(cert)
%{
extensions: %{
extra: ["1.3.6.1.5.5.7.1.323.2", "1.3.6.1.5.5.7.1.323.1"],
},
subject: %{
aggregated: "/CN=my_cn"
},
serial_number: "A"
}
using erlang's public_key library i can get it:
{:OTPCertificate, {:OTPTBSCertificate, _, _, _, _, _, _, _, _, _, extensions}, _, _} =
:public_key.pkix_decode_cert(cert, :otp)
Enum.filter(extensions, fn
{:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 323, 1}, _, _} -> true
_ -> false
end) |> List.first()
Question is, do you see fit for the library or is it too special @Fitblip ? it'd probably include a bit code towards ASN1 handling - to get a least some meaningful values returned ..
CaseClauseError in parse_extensions when :rfc822Name identifier case appears in :crlDistributionPoints list.
10:37:59.774 [error] ** (CaseClauseError) no case clause matching: {:rfc822Name, '[email protected]'}
(easy_ssl 1.1.2) lib/easy_ssl.ex:400: anonymous fn/1 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:1396: Enum."-map/2-lists^map/1-0-"/2
(easy_ssl 1.1.2) lib/easy_ssl.ex:399: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:395: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:70: EasySSL.parse_der/2
(tls_worker 0.1.0) lib/tls_worker/certificate.ex:140: TLSWorker.Certificate.process_certificate/
Here's a possible fix:
{:Extension, {2, 5, 29, 31}, _critical, crl_distribution_points} ->
Map.put(
extension_map,
:crlDistributionPoints,
crl_distribution_points
|> Enum.reduce([], fn distro_point, output ->
case distro_point do
{:DistributionPoint, {:fullName, crls}, :asn1_NOVALUE, :asn1_NOVALUE} ->
crl_string =
crls
|> Enum.map(fn identifier ->
case identifier do
{:uniformResourceIdentifier, uri} ->
" URI:#{uri}"
{:rfc822Name, identifier} -> " RFC 822 Name: #{identifier}"
{:directoryName, _rdn_sequence} ->
"" # Just skip this for now, not commonly used.
end
end)
|> Enum.join("\n")
output = ["Full Name:" | output]
output = [crl_string | output]
output
|> Enum.reverse()
_ ->
Logger.error("Unhandled CRL distrobution point #{inspect distro_point}")
output
end
end)
|> Enum.join("\n")
)
I have a pull request in for this issue.
Protocol.UndefinedError with Elixir 1.14
I got the following errors when I try to use EasySSL with Elixir 1.14.
(Sorry I'm an Elixir newbie and I cannot guess a root cause but let me report)
$ elixir --version 11:38:54
Erlang/OTP 25 [erts-13.2] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1] [jit] [dtrace]
Elixir 1.14.4 (compiled with Erlang/OTP 23)$ mix test 11:38:39
warning: use Mix.Config is deprecated. Use the Config module instead
config/config.exs:3
Compiling 1 file (.ex)
1) test parses signature algorithm correctly (EasySSLTest)
test/easy_ssl_test.exs:112
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 42, 48, 40, 160, 38, 160, 36, 134, 34, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 46, 103, 111, 100, 97, 100, 100, 121, 46, 99, 111, 109, 47, 103, 100, 115, 49, 45, 57, 48, 46, 99, 114, 108>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: cert = File.read!(@pem_cert_dir <> "acaline.com.crt") |> EasySSL.parse_pem()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:113: (test)
..
2) test parses all certifiates in @pem_cert_dir directory (EasySSLTest)
test/easy_ssl_test.exs:34
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 42, 48, 40, 160, 38, 160, 36, 134, 34, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 46, 103, 111, 100, 97, 100, 100, 121, 46, 99, 111, 109, 47, 103, 100, 115, 49, 45, 57, 48, 46, 99, 114, 108>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: |> Enum.each(fn cert_filename ->
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:38: anonymous fn/1 in EasySSLTest."test parses all certifiates in @pem_cert_dir directory"/1
(elixir 1.14.4) lib/enum.ex:975: Enum."-each/2-lists^foreach/1-0-"/2
test/easy_ssl_test.exs:36: (test)
.
3) test parses subject and issuer correctly (EasySSLTest)
test/easy_ssl_test.exs:103
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 90, 48, 43, 160, 41, 160, 39, 134, 37, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 101, 118, 99, 97, 49, 45, 103, 50, 46, 99, 114, 108, 48, 43, 160, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: cert = File.read!(@pem_cert_dir <> "github.com.crt") |> EasySSL.parse_pem()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:104: (test)
4) test parses validity dates correctly (EasySSLTest)
test/easy_ssl_test.exs:89
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 90, 48, 43, 160, 41, 160, 39, 134, 37, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 51, 46, 100, 105, 103, 105, 99, 101, 114, 116, 46, 99, 111, 109, 47, 101, 118, 99, 97, 49, 45, 103, 50, 46, 99, 114, 108, 48, 43, 160, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: cert = File.read!(@pem_cert_dir <> "github.com.crt") |> EasySSL.parse_pem()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:90: (test)
5) test parses all certifiates in @der_cert_dir directory (EasySSLTest)
test/easy_ssl_test.exs:21
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 60, 48, 58, 160, 56, 160, 54, 134, 52, 104, 116, 116, 112, 58, 47, 47, 99, 114, 108, 46, 103, 108, 111, 98, 97, 108, 115, 105, 103, 110, 46, 99, 111, 109, 47, 103, 115, 47, 103, 115, 111, 114, 103, 97, 110, 105, 122, 97, 116, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: |> Enum.each(fn cert_filename ->
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:25: anonymous fn/1 in EasySSLTest."test parses all certifiates in @der_cert_dir directory"/1
(elixir 1.14.4) lib/enum.ex:975: Enum."-each/2-lists^foreach/1-0-"/2
test/easy_ssl_test.exs:23: (test)
6) test parses and adds all domains to the top level leaf node (EasySSLTest)
test/easy_ssl_test.exs:59
** (Protocol.UndefinedError) protocol Enumerable not implemented for <<48, 57, 48, 55, 160, 53, 160, 51, 134, 49, 104, 116, 116, 112, 58, 47, 47, 69, 86, 83, 101, 99, 117, 114, 101, 45, 99, 114, 108, 46, 118, 101, 114, 105, 115, 105, 103, 110, 46, 99, 111, 109, 47, 69, 86, 83, 101, 99, 117, 114, ...>> of type BitString. This protocol is implemented for the following type(s): Date.Range, File.Stream, Function, GenEvent.Stream, HashDict, HashSet, IO.Stream, List, Map, MapSet, Range, Stream
code: |> EasySSL.parse_der()
stacktrace:
(elixir 1.14.4) lib/enum.ex:1: Enumerable.impl_for!/1
(elixir 1.14.4) lib/enum.ex:166: Enumerable.reduce/3
(elixir 1.14.4) lib/enum.ex:4307: Enum.reduce/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:523: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.14.4) lib/enum.ex:2468: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.3.0) lib/easy_ssl.ex:86: EasySSL.parse_der/2
test/easy_ssl_test.exs:63: (test)
Finished in 0.08 seconds (0.00s async, 0.08s sync)
9 tests, 6 failuresMatchError in parse extensions when anything other than :AccessDescription is present when parsing :authorityInfoAccess extensions.
I ran into an error recently when parsing a certificate:
10:37:26.790 [error] ** (MatchError) no match of right hand side value: {:AccessDescription, {1, 3, 6, 1, 5, 5, 7, 48, 2}, {:directoryName, {:rdnSequence, [[{:AttributeTypeAndValue, {2, 5, 4, 10}, <<19, 6, 104, 112, 46, 99, 111, 109>>}], [{:AttributeTypeAndValue, {2, 5, 4, 11}, <<19, 17, 73, 84, 32, 73, 110, 102, 114, 97, 115, 116, 114, 117, 99, 116, 117, 114, 101>>}], [{:AttributeTypeAndValue, {2, 5, 4, 6}, <<19, 2, 85, 83>>}], [{:AttributeTypeAndValue, {2, 5, 4, 10}, <<19, 23, 72, 101, 119, 108, 101, 116, 116, 45, 80, 97, 99, 107, 97, 114, 100, 32, 67, 111, 109, 112, 97, 110, 121>>}], [{:AttributeTypeAndValue, {2, 5, 4, 3}, <<19, 55, 72, 101, 119, 108, 101, 116, 116, 45, 80, 97, 99, 107, 97, 114, 100, 32, 80, 114, 105, 118, 97, 116, 101, 32, 67, 108, 97, 115, 115, 32, 50, 32, ...>>}]]}}}
(easy_ssl 1.1.2) lib/easy_ssl.ex:292: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:291: anonymous fn/2 in EasySSL.parse_extensions/1
(elixir 1.10.1) lib/enum.ex:2111: Enum."-reduce/3-lists^foldl/2-0-"/3
(easy_ssl 1.1.2) lib/easy_ssl.ex:70: EasySSL.parse_der/2
(tls_worker 0.1.0) lib/tls_worker/certificate.ex:140: TLSWorker.Certificate.process_certificate/4
(tls_worker 0.1.0) lib/tls_worker.ex:35: TLSWorker.run_scan/2
(tls_worker 0.1.0) lib/tls_worker/broadway.ex:135: TLSWorker.Broadway.process_message/1
This occurs because the match on line 292 is too restrictive and causes the above match error.
Current code:
{:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 1}, _critical, authority_info_access} ->
Map.put(
extension_map,
:authorityInfoAccess,
authority_info_access
|> Enum.reduce([], fn match, entries ->
{:AccessDescription, oid, {:uniformResourceIdentifier, url}} = match
["#{@authority_info_access_oids[oid]}:#{url}" | entries]
end)
|> Enum.join("\n")
|> String.replace_suffix("", "\n")
)
I propose adding a case clause and ignoring anything that does not fit the first case clause:
{:Extension, {1, 3, 6, 1, 5, 5, 7, 1, 1}, _critical, authority_info_access} ->
Map.put(
extension_map,
:authorityInfoAccess,
authority_info_access
|> Enum.reduce([], fn match, entries ->
case match do
{:AccessDescription, oid, {:uniformResourceIdentifier, url}} -> ["#{@authority_info_access_oids[oid]}:#{url}" | entries]
_ -> entries
end
end)
|> Enum.join("\n")
|> String.replace_suffix("", "\n")
)
I have a branch ready for a pull request.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.