1#!/usr/bin/env python 2# 3# This file is part of pyasn1-modules software. 4# 5# Copyright (c) 2005-2019, Ilya Etingof <[email protected]> 6# License: http://snmplabs.com/pyasn1/license.html 7# 8# Read X.509 CRL on stdin, print them pretty and encode back into 9# original wire format. 10# CRL can be generated with "openssl openssl ca -gencrl ..." commands. 11# 12import sys 13 14from pyasn1.codec.der import decoder 15from pyasn1.codec.der import encoder 16 17from pyasn1_modules import pem 18from pyasn1_modules import rfc2459 19 20if len(sys.argv) != 1: 21 print("""Usage: 22$ cat crl.pem | %s""" % sys.argv[0]) 23 sys.exit(-1) 24 25asn1Spec = rfc2459.CertificateList() 26 27cnt = 0 28 29while True: 30 idx, substrate = pem.readPemBlocksFromFile(sys.stdin, ('-----BEGIN X509 CRL-----', '-----END X509 CRL-----')) 31 if not substrate: 32 break 33 34 key, rest = decoder.decode(substrate, asn1Spec=asn1Spec) 35 36 if rest: 37 substrate = substrate[:-len(rest)] 38 39 print(key.prettyPrint()) 40 41 assert encoder.encode(key) == substrate, 'pkcs8 recode fails' 42 43 cnt += 1 44 45print('*** %s CRL(s) re/serialized' % cnt) 46