search

wbond / asn1crypto

Python ASN.1 library with a focus on performance and a pythonic API
MIT License
335 stars 140 forks source link

How to parse certificate_policies_value #250

Closed dwabisch closed 1 year ago

dwabisch commented 1 year ago

Hi together,

I am trying to get the OID from my certPolicy. I load a cert and got the policy like this:

certPolicy = cert.certificate_policies_value

When I print it out I get this one: <asn1crypto.x509.CertificatePolicies 140403662836112 b'0C0A\x06\x0b+\x06\x01\x04\x01\x81\x9d{\x04\x01\x010200\x06\x08+\x06\x01\x05\x05\x07\x02\x01\x16$https://www.test.com'>

But how can I get only the OID out of the variable (certPolicy) ?

MatthiasValvekens commented 1 year ago

Assuming there's only one policy (warning: untested):

cert.certificate_policies_value[0]['policy_identifier'].dotted

EDIT: here's the definition of the CertificatePolicies type: https://github.com/wbond/asn1crypto/blob/fad689f2072e405317436c8bf7f6609ba183a060/asn1crypto/x509.py#L1642-L1643.

dwabisch commented 1 year ago

Thanks for the fast reply!

I tried it like this before and got always the error:

cert.certificate_policies_value[0]['policy_identifier'].dotted

TypeError: 'NoneType' object is not subscriptable

MatthiasValvekens commented 1 year ago

That's what you would get if the cert doesn't have the cert policies extension at all. Are you sure that this is the same certificate object as the one in your original post? If so, try these in order to see which one fails:

cert.certificate_policies_value[0]
cert.certificate_policies_value[0]['policy_identifier']
cert.certificate_policies_value[0]['policy_identifier'].dotted
dwabisch commented 1 year ago

Thank you very much! This was the problem. My first example does not have any cert policies. I just tried it with an other cert, now it works.