wbond
commented
6 years ago This sounds like generally a bad idea, depending on what you are trying to accomplish. Most likely you'll want to use something like https://github.com/wbond/certvalidator. That said, the rest of this comment explains the API and how you could do what you are asking for.
The API isn't specifically documented anywhere but in the code. You can expect the following attributes to work on all supported platforms:
class Certificate():
"""
Container for the (crypto library) representation of a certificate
"""
# An asn1crypto.x509.Certificate() object
asn1 = None
@property
def algorithm(self):
"""
:return:
A unicode string of "rsa", "dsa" or "ec"
"""
@property
def curve(self):
"""
:return:
A unicode string of EC curve name
"""
@property
def bit_size(self):
"""
:return:
The number of bits in the public key, as an integer
"""
@property
def byte_size(self):
"""
:return:
The number of bytes in the public key, as an integer
"""
@property
def public_key(self):
"""
:return:
The PublicKey object for the public key this certificate contains
"""
@property
def self_signed(self):
"""
:return:
A boolean - if the certificate is self-signed
"""
To compare the issuer and subject, you'd need to access the .asn1 attribute and compare the ASN.1 values of the asn1crypto.x509.Certificate object. It has properties for .issuer and .subject (https://github.com/wbond/asn1crypto/blob/master/asn1crypto/x509.py#L2522-L2538), and the asn1crypto implementation takes into account the RFC rules for comparing names.
Just be aware that even though the issuer and subject are the same does not mean the cert is self-signed. You really have to verify the cryptographic signature. The .self_signed attribute of the oscrypto.asymmetric.Certificate object will do this, but otherwise doesn't do any of the RFC 5280 checks to ensure the certificate conforms to the RFC.
Is there documentation on the asymmetric.Certificate class? I am trying to retrieve the subject and issuer to compare them.