nhpip
Decoding an X.509 certificate
Hi,
I’ve got a project where I have to decode an X.509 certificate. I’m using Erlang’s public_key module to decode either a PEM or DER file. I get back a beautiful Erlang record. I know I can use Record for this purpose, but that seems overkill. I want to avoid adding yet another library.
Anyone got any recommendations for nicely extracting items out of a nested tuple in Elixir?
Thanks
Marked As Solved
nhpip
Thanks. I ended up using the X509 library. Took 5 lines of code.
Also Liked
voltone
Recent OTP versions support generating code from ASN.1 that produces and accepts maps:
iex(1)> path = ~c"path/to/source/of/otp/lib/public_key/asn1/OTP-PUB-KEY.set.asn"
iex(2)> :asn1ct.compile(path, [:maps])
iex(3)> :code.load_abs(~c"OTP-PUB-KEY")
iex(4)> {:ok, cert} = :"OTP-PUB-KEY".decode(:"Certificate", der)
{:ok,
%{
signature: <<133, 191, 235, 15, 159, 223, 81, 127, 179, 46, 167, 62, 52, 82,
250, 40, 4, 169, 130, 49, 63, 172, 36, 83, 164, 138, 162, 50, 233, 76, 254,
50, 216, 144, 27, 209, 244, 68, 99, 74, 40, 207, 201, 3, 50, 87, 71, ...>>,
tbsCertificate: %{
version: :v3,
signature: %{
algorithm: {1, 2, 840, 113549, 1, 1, 11},
parameters: <<5, 0>>
},
extensions: [
%{
critical: true,
extnID: {2, 5, 29, 19},
extnValue: <<48, 6, 1, 1, 255, 2, 1, 1>>
},
%{critical: true, extnID: {2, 5, 29, 15}, extnValue: <<3, 2, 1, 134>>},
%{
critical: false,
extnID: {2, 5, 29, 14},
extnValue: <<4, 20, 103, 184, 255, 213, 187, 5, 43, 104, 112, 7, 148,
46, 97, 212, 57, 234, 235, 127, 203, 121>>
},
%{
critical: false,
extnID: {2, 5, 29, 35},
extnValue: <<48, 22, 128, 20, 103, 184, 255, 213, 187, 5, 43, 104, 112,
7, 148, 46, 97, 212, 57, 234, 235, 127, 203, 121>>
}
],
serialNumber: 4655353446208655840,
issuer: {:rdnSequence,
[
[%{type: {2, 5, 4, 6}, value: <<19, 2, 85, 83>>}],
[%{type: {2, 5, 4, 8}, value: <<12, 2, 78, 84>>}],
[%{type: {2, 5, 4, 7}, value: "\f\vSpringfield"}],
[%{type: {2, 5, 4, 10}, value: "\f\tACME Inc."}]
]},
validity: %{
notBefore: {:utcTime, ~c"220525065848Z"},
notAfter: {:utcTime, ~c"470525070348Z"}
},
subject: {:rdnSequence,
[
[%{type: {2, 5, 4, 6}, value: <<19, 2, 85, 83>>}],
[%{type: {2, 5, 4, 8}, value: <<12, 2, 78, 84>>}],
[%{type: {2, 5, 4, 7}, value: "\f\vSpringfield"}],
[%{type: {2, 5, 4, 10}, value: "\f\tACME Inc."}]
]},
subjectPublicKeyInfo: %{
algorithm: %{
algorithm: {1, 2, 840, 113549, 1, 1, 1},
parameters: <<5, 0>>
},
subjectPublicKey: <<48, 130, 1, 10, 2, 130, 1, 1, 0, 180, 114, 112, 36,
255, 225, 242, 197, 38, 146, 113, 132, 20, 169, 223, 175, 93, 149, 110,
209, 12, 217, 199, 112, 222, 188, 84, ...>>
}
},
signatureAlgorithm: %{
algorithm: {1, 2, 840, 113549, 1, 1, 11},
parameters: <<5, 0>>
}
}}
iex(5)> cert.tbsCertificate.validity.notAfter
{:utcTime, ~c"470525070348Z"}
D4no0
Pattern matching, using elem/2, are you looking for anything in particular?
I would recommend to use x509 library though, it’s really neat library written by @voltone. When you start decoding things by hand, that code is really hard to comprehend afterwards, better use a well tested library instead IMO.
Popular in Questions
Other popular topics
Latest on Elixir Forum
Sponsor Spotlight
Supporting innovation across the BEAM ecosystem.
Categories:
Sub Categories:
Forums
Our Sponsors
Build Elixir applications with speed and confidence.
Supporting innovation across the BEAM ecosystem.
We build reliable cloud platforms for business-critical systems.
Catch errors, track performance, monitor hosts and more.
Practical resources that improve the lives of professional developers.
Develop your skills with books, videos, and courses.
Enabling companies to succeed by building software people love.
Courses that'll move you from confusion to "Aha, now I get it!"