ralphje / signify Goto Github PK
View Code? Open in Web Editor NEWModule to generate and verify PE signatures
License: Other
signify's People
Contributors
Stargazers
Watchers
Forkers
kfirstri jdval ganboing wtfuzz elricos thedoctor0 okrt hugmyndakassi x-ware-ltd jowlo xrblues msftstevechien ostracon houseofloresignify's Issues
The root Microsoft Root Certificate Authority is disallowed for certificate issued after
Hi Ralf,
I'm trying to verify signed windows file and I'm getting certificate error for the file which is regularly signed I use. Here's the example of a verification via PowerShell Get-AuthenticodeSignature:
(venv) PS C:\Users\aa\Documents\Projects\PowerShell\PathHashCalc\src\python> Get-AuthenticodeSignature -FilePath 'C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe'
Directory: C:\Program Files\Common Files\microsoft shared\VSTO\10.0
SignerCertificate Status StatusMessage Path
----------------- ------ ------------- ----
5EAD300DC7E4D637948ECB0ED829A072BD152E17 Valid Signature verified. VSTOInstaller.exeAnd here's the example of the signify verification:
I also tried to use multi_verify_mode='all' on line
signify/examples/authenticode_info.py
Line 62 in 7a1b614
but I'm getting the same result with error:
AuthenticodeVerificationResult.UNKNOWN_ERROR
AuthenticodeSignedData.verify() got an unexpected keyword argument 'multi_verify_mode'
Please can you look at it? Thanks a lot.
BR,
Pavol
Cert Table parsing error
I've had issues parsing PEs with more than one signature in the table, and I believe it is caused by the following line in _parse_cert_table(). If length is already aligned,length + (8 - (length % 8)) -> length + 8. From what I can tell by reading the docs https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#the-attribute-certificate-table-image-only, length should not by incremented by 8 if it is already aligned ("round up to the nearest 8-byte multiple").
Line 194 in d0d0e01
I tried to locally add a check for the special case where length % 8 == 0, and it seemed to solve the issue.
Support for SHA256 in authenticode signatures
Hi there,
I backported this library to work in python 2 here: https://github.com/jdval/signify (we're planning to migrate to python 3 soon though!)
I just made a few changes (along with a test file) to support sha256 in authenticode signatures: https://github.com/jdval/signify/pull/1/files - I don't think I can create a new fork of your original py3 repo to make those changes though
Recurring error checking the countersigner hash
I have many samples where Windows validates the counter-signature, but signify crashes with:
AuthenticodeVerificationError('The expected hash of the encryptedDigest does not match countersigner's SignerInfo')
I'm not sure yet what's wrong in this check, but it doesn't allow to validate many valid signatures (valid at least according to Windows). Can you take a look and see what we're missing here? I uploaded 2 legit samples where this happens (Windows validates, signify doesn't). Thanks!
How to do certificate pinning?
How to make sure that SignedPEFile.verify() validates against the expected certificate, not just some random certificate whose chain happens to lead to trust store?
Parse authroot.stl
In 5b0afa2 we added support for all certificates that were ever trusted by Microsoft's program. However, additional policies, such as revocation from the list, is not yet implemented:
Note that we do NOT currently implement policies as defined in the authroot.stl file that Microsoft uses. This means that we will now trust certificates that have been disabled by Microsoft for some reason, but still need to be trusted for previously issued certificates. (If we were acting as a simple 'now' program, we would ignore those.) Those certificates are shown as 'revoked' in the Certificate Manager of Windows.
We should implement these policies, optionally even downloading the latest authroot.stl file from Microsoft if the user desires.
Question regarding implementation and Java alternatives
I am in need of a library exactly like this in java. I found none, if you know any recommend. Otherwise can you kindly recommend any documentation so that I could implement the signature verification part in java.
Support more `SignerInfo` versions?
I have a sample of a Spotify installer which Windows verifies correctly, while Signify returns:
SignerInfoParseError('SignerInfo.version must be 1, not 0',)
Any plans on supporting other SignerInfo versions as well?
spotify_sample.zip
Question - planned stable release?
Hi,
Latest 0.4 release was two years ago and it seems like there are a lot of additional fixes since then.
Is there a new release planned? If not, is there a specific commit you consider stable?
Also, thanks for developing and maintaining this library !
Support for AIA fetching of intermediates
Hey, would it be possible to add the following CA: DigiCert SHA2 Assured ID Code Signing CA?
The following (valid) sample cannot be verified because of:
VerificationError: Chain verification from CN=Cisco WebEx LLC, O=Cisco WebEx LLC, L=San Jose, ST=California, C=US (serial:20237513593257881702219364533912247498, sha1:b1ebed4a87a134e64ea656ae0fbe38550b9788a3) failed: Unable to build a validation path for the certificate "Common Name: Cisco WebEx LLC, Organization: Cisco WebEx LLC, Locality: San Jose, State/Province: California, Country: US" - no issuer matching "Common Name: DigiCert SHA2 Assured ID Code Signing CA, Organizational Unit: www.digicert.com, Organization: DigiCert Inc, Country: US" was found
Need to specify asn1crypto version in requirements.txt
A colleague found himself using this code on a machine where the version of asn1crypto was 0.24.0, and the parsing was raising incorrect exceptions. Upgrading asn1crypto to 1.4.0 solved the problem.
For fuller details, see https://stackoverflow.com/questions/66337301/inconsistent-parsing-problem-with-signify-in-python/66337590
Support more certificate revisions?
I have a McAfee installer sample which Windows verifies correctly, while with Signify I get:
SignedPEParseError('Unknown certificate revision 3d6e',)
Any plans to support other revisions as well?
mcafee_sample.zip
VerificationError for expired certificate even though there's a valid countersignature
In the following sample the SolarWinds certificate is valid to Friday, February 7, 2020 2:59:59 AM, however Windows accepts this as a valid signature, because there's a countersignature (Symantec SHA256 TimeStamping Signer - G3) that is valid and was signed on Monday, August 26, 2019 5:52:39 PM.
For some reason, Signify fails to verify the signature, saying that it expired, even though there's a valid countersignature:
VerificationError: Chain verification from CN=Solarwinds Worldwide\, LLC, O=Solarwinds Worldwide\, LLC, L=Austin, ST=Texas, C=US(serial:156211740539252461235167966181669418108) failed: The path could not be validated because the end-entity certificate expired 2020-02-06 23:59:59Z
I might be missing something, so please feel free to explain and close the issue if this is expected behavior. Thanks!
test_revoked_certificate fails since 2021-10-08
Some certificate in the chain expired, which makes the revocation test fail. Can be seen on versions 0.3 and 0.4.
_________________ ValidationTestCase.test_revoked_certificate __________________
self = <signify.x509.context.VerificationContext object at 0x7fffeef62fd0>
certificate = <signify.x509.certificates.Certificate object at 0x7fffeef62f70>
def verify(self, certificate):
"""Verifies the certificate, and its chain.
:param Certificate certificate: The certificate to verify
:return: A valid certificate chain for this certificate.
:rtype: Iterable[Certificate]
:raises AuthenticodeVerificationError: When the certificate could not be verified.
"""
# we keep track of our asn1 objects to make sure we return Certificate objects when we're done
to_check_asn1cert = certificate.to_asn1crypto
all_certs = {to_check_asn1cert: certificate}
# we need to get lists of our intermediates and trusted certificates
intermediates, trust_roots = [], []
for store in self.stores:
for cert in store:
asn1cert = cert.to_asn1crypto
# we short-circuit the check here to ensure we do not check too much possibilities
(trust_roots if store.trusted else intermediates).append(asn1cert)
all_certs[asn1cert] = cert
# construct the context and validator for certvalidator
timestamp = self.timestamp
context = ValidationContext(
trust_roots=list(trust_roots),
moment=timestamp,
weak_hash_algos=set() if self.allow_legacy else None,
revocation_mode=self.revocation_mode,
allow_fetching=self.allow_fetching,
crl_fetch_params={'timeout': self.fetch_timeout},
ocsp_fetch_params={'timeout': self.fetch_timeout},
crls=self.crls,
ocsps=self.ocsps
)
validator = CertificateValidator(
end_entity_cert=to_check_asn1cert,
intermediate_certs=list(intermediates),
validation_context=context
)
# verify the chain
try:
> chain = validator.validate_usage(
key_usage=set(self.key_usages) if self.key_usages else set(),
extended_key_usage=set(self.extended_key_usages) if self.extended_key_usages else set(),
extended_optional=self.optional_eku
)
signify/x509/context.py:291:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certvalidator.CertificateValidator object at 0x7fffee54e4f0>
key_usage = set(), extended_key_usage = set(), extended_optional = True
def validate_usage(self, key_usage, extended_key_usage=None, extended_optional=False):
"""
Validates the certificate path and that the certificate is valid for
the key usage and extended key usage purposes specified.
:param key_usage:
A set of unicode strings of the required key usage purposes. Valid
values include:
- "digital_signature"
- "non_repudiation"
- "key_encipherment"
- "data_encipherment"
- "key_agreement"
- "key_cert_sign"
- "crl_sign"
- "encipher_only"
- "decipher_only"
:param extended_key_usage:
A set of unicode strings of the required extended key usage
purposes. These must be either dotted number OIDs, or one of the
following extended key usage purposes:
- "server_auth"
- "client_auth"
- "code_signing"
- "email_protection"
- "ipsec_end_system"
- "ipsec_tunnel"
- "ipsec_user"
- "time_stamping"
- "ocsp_signing"
- "wireless_access_points"
An example of a dotted number OID:
- "1.3.6.1.5.5.7.3.1"
:param extended_optional:
A bool - if the extended_key_usage extension may be ommited and still
considered valid
:raises:
certvalidator.errors.PathValidationError - when an error occurs validating the path
certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked
certvalidator.errors.InvalidCertificateError - when the certificate is not valid for the usages specified
:return:
A certvalidator.path.ValidationPath object of the validated
certificate validation path
"""
> self._validate_path()
/nix/store/qxzqxa6k9rznbidjcnjj1ra1ascizy7n-python3.9-certvalidator-0.11.1/lib/python3.9/site-packages/certvalidator/__init__.py:193:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certvalidator.CertificateValidator object at 0x7fffee54e4f0>
def _validate_path(self):
"""
Builds possible certificate paths and validates them until a valid one
is found, or all fail.
:raises:
certvalidator.errors.PathValidationError - when an error occurs validating the path
certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked
"""
if self._path is not None:
return
exceptions = []
if self._certificate.hash_algo in self._context.weak_hash_algos:
raise InvalidCertificateError(pretty_message(
'''
The X.509 certificate provided has a signature using the weak
hash algorithm %s
''',
self._certificate.hash_algo
))
try:
paths = self._context.certificate_registry.build_paths(self._certificate)
except (PathBuildingError) as e:
if self._certificate.self_signed in set(['yes', 'maybe']):
raise InvalidCertificateError(pretty_message(
'''
The X.509 certificate provided is self-signed - "%s"
''',
self._certificate.subject.human_friendly
))
raise
for candidate_path in paths:
try:
validate_path(self._context, candidate_path)
self._path = candidate_path
return
except (ValidationError) as e:
exceptions.append(e)
if len(exceptions) == 1:
> raise exceptions[0]
/nix/store/qxzqxa6k9rznbidjcnjj1ra1ascizy7n-python3.9-certvalidator-0.11.1/lib/python3.9/site-packages/certvalidator/__init__.py:128:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <certvalidator.CertificateValidator object at 0x7fffee54e4f0>
def _validate_path(self):
"""
Builds possible certificate paths and validates them until a valid one
is found, or all fail.
:raises:
certvalidator.errors.PathValidationError - when an error occurs validating the path
certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked
"""
if self._path is not None:
return
exceptions = []
if self._certificate.hash_algo in self._context.weak_hash_algos:
raise InvalidCertificateError(pretty_message(
'''
The X.509 certificate provided has a signature using the weak
hash algorithm %s
''',
self._certificate.hash_algo
))
try:
paths = self._context.certificate_registry.build_paths(self._certificate)
except (PathBuildingError) as e:
if self._certificate.self_signed in set(['yes', 'maybe']):
raise InvalidCertificateError(pretty_message(
'''
The X.509 certificate provided is self-signed - "%s"
''',
self._certificate.subject.human_friendly
))
raise
for candidate_path in paths:
try:
> validate_path(self._context, candidate_path)
/nix/store/qxzqxa6k9rznbidjcnjj1ra1ascizy7n-python3.9-certvalidator-0.11.1/lib/python3.9/site-packages/certvalidator/__init__.py:121:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
validation_context = <certvalidator.context.ValidationContext object at 0x7fffee4df6d0>
path = <certvalidator.path.ValidationPath object at 0x7fffee534880>
def validate_path(validation_context, path):
"""
Validates the path using the algorithm from
https://tools.ietf.org/html/rfc5280#section-6.1, with the exception
that name constraints are not checked or enforced.
Critical extensions on the end-entity certificate are not validated
and are left up to the consuming application to process and/or fail on.
:param validation_context:
A certvalidator.context.ValidationContext object to use for
configuring validation behavior
:param path:
A certvalidator.path.ValidationPath object of the path to validate
:raises:
certvalidator.errors.PathValidationError - when an error occurs validating the path
certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked
:return:
The final certificate in the path - an instance of
asn1crypto.x509.Certificate
"""
> return _validate_path(validation_context, path)
/nix/store/qxzqxa6k9rznbidjcnjj1ra1ascizy7n-python3.9-certvalidator-0.11.1/lib/python3.9/site-packages/certvalidator/validate.py:50:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
validation_context = <certvalidator.context.ValidationContext object at 0x7fffee4df6d0>
path = <certvalidator.path.ValidationPath object at 0x7fffee534880>
end_entity_name_override = None
def _validate_path(validation_context, path, end_entity_name_override=None):
"""
Internal copy of validate_path() that allows overriding the name of the
end-entity certificate as used in exception messages. This functionality is
used during chain validation when dealing with indirect CRLs issuer or
OCSP responder certificates.
:param validation_context:
A certvalidator.context.ValidationContext object to use for
configuring validation behavior
:param path:
A certvalidator.path.ValidationPath object of the path to validate
:param end_entity_name_override:
A unicode string of the name to use for the final certificate in the
path. This is necessary when dealing with indirect CRL issuers or
OCSP responder certificates.
:return:
The final certificate in the path - an instance of
asn1crypto.x509.Certificate
"""
if not isinstance(path, ValidationPath):
raise TypeError(pretty_message(
'''
path must be an instance of certvalidator.path.ValidationPath,
not %s
''',
type_name(path)
))
if not isinstance(validation_context, ValidationContext):
raise TypeError(pretty_message(
'''
validation_context must be an instance of
certvalidator.context.ValidationContext, not %s
''',
type_name(validation_context)
))
moment = validation_context.moment
if end_entity_name_override is not None and not isinstance(end_entity_name_override, str_cls):
raise TypeError(pretty_message(
'''
end_entity_name_override must be a unicode string, not %s
''',
type_name(end_entity_name_override)
))
# Inputs
trust_anchor = path.first
# We skip the trust anchor when measuring the path since technically
# the trust anchor is not part of the path
path_length = len(path) - 1
# We don't accept any certificate policy or name constraint values as input
# and instead just start allowing everything during initialization
# Step 1: initialization
# Step 1 a
valid_policy_tree = PolicyTreeRoot('any_policy', set(), set(['any_policy']))
# Steps 1 b-c skipped since they relate to name constraints
# Steps 1 d-f
# We do not use initial-explicit-policy, initial-any-policy-inhibit or
# initial-policy-mapping-inhibit, so they are all set to the path length + 1
explicit_policy = path_length + 1
inhibit_any_policy = path_length + 1
policy_mapping = path_length + 1
# Steps 1 g-i
working_public_key = trust_anchor.public_key
# Step 1 j
working_issuer_name = trust_anchor.subject
# Step 1 k
max_path_length = path_length
if trust_anchor.max_path_length is not None:
max_path_length = trust_anchor.max_path_length
# Step 2: basic processing
index = 1
last_index = len(path) - 1
completed_path = ValidationPath(trust_anchor)
validation_context.record_validation(trust_anchor, completed_path)
cert = trust_anchor
while index <= last_index:
cert = path[index]
# Step 2 a 1
signature_algo = cert['signature_algorithm'].signature_algo
hash_algo = cert['signature_algorithm'].hash_algo
if hash_algo in validation_context.weak_hash_algos:
raise PathValidationError(pretty_message(
'''
The path could not be validated because the signature of %s
uses the weak hash algorithm %s
''',
_cert_type(index, last_index, end_entity_name_override, definite=True),
hash_algo
))
if signature_algo == 'rsassa_pkcs1v15':
verify_func = asymmetric.rsa_pkcs1v15_verify
elif signature_algo == 'dsa':
verify_func = asymmetric.dsa_verify
elif signature_algo == 'ecdsa':
verify_func = asymmetric.ecdsa_verify
else:
raise PathValidationError(pretty_message(
'''
The path could not be validated because the signature of %s
uses the unsupported algorithm %s
''',
_cert_type(index, last_index, end_entity_name_override, definite=True),
signature_algo
))
try:
key_object = asymmetric.load_public_key(working_public_key)
verify_func(key_object, cert['signature_value'].native, cert['tbs_certificate'].dump(), hash_algo)
except (oscrypto.errors.SignatureError):
raise PathValidationError(pretty_message(
'''
The path could not be validated because the signature of %s
could not be verified
''',
_cert_type(index, last_index, end_entity_name_override, definite=True)
))
# Step 2 a 2
if not validation_context.is_whitelisted(cert):
validity = cert['tbs_certificate']['validity']
if moment < validity['not_before'].native:
raise PathValidationError(pretty_message(
'''
The path could not be validated because %s is not valid
until %s
''',
_cert_type(index, last_index, end_entity_name_override, definite=True),
validity['not_before'].native.strftime('%Y-%m-%d %H:%M:%SZ')
))
if moment > validity['not_after'].native:
> raise PathValidationError(pretty_message(
'''
The path could not be validated because %s expired %s
''',
_cert_type(index, last_index, end_entity_name_override, definite=True),
validity['not_after'].native.strftime('%Y-%m-%d %H:%M:%SZ')
))
E certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2021-10-08 12:00:00Z
/nix/store/qxzqxa6k9rznbidjcnjj1ra1ascizy7n-python3.9-certvalidator-0.11.1/lib/python3.9/site-packages/certvalidator/validate.py:358: PathValidationError
During handling of the above exception, another exception occurred:
self = <tests.test_context.ValidationTestCase testMethod=test_revoked_certificate>
def test_revoked_certificate(self):
root = FileSystemCertificateStore(root_dir / "certs" / 'digicert-global-root-ca.pem', trusted=True)
intermediate = FileSystemCertificateStore(root_dir / "certs" / 'digicert-sha2-secure-server-ca.pem')
with open(str(root_dir / "certs" / 'revoked.badssl.com.pem'), "rb") as f:
cert = Certificate.from_pem(f.read())
# check that when we do not verify the CRL it does not fail
context = VerificationContext(root, intermediate)
> context.verify(cert)
tests/test_context.py:42:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <signify.x509.context.VerificationContext object at 0x7fffeef62fd0>
certificate = <signify.x509.certificates.Certificate object at 0x7fffeef62f70>
def verify(self, certificate):
"""Verifies the certificate, and its chain.
:param Certificate certificate: The certificate to verify
:return: A valid certificate chain for this certificate.
:rtype: Iterable[Certificate]
:raises AuthenticodeVerificationError: When the certificate could not be verified.
"""
# we keep track of our asn1 objects to make sure we return Certificate objects when we're done
to_check_asn1cert = certificate.to_asn1crypto
all_certs = {to_check_asn1cert: certificate}
# we need to get lists of our intermediates and trusted certificates
intermediates, trust_roots = [], []
for store in self.stores:
for cert in store:
asn1cert = cert.to_asn1crypto
# we short-circuit the check here to ensure we do not check too much possibilities
(trust_roots if store.trusted else intermediates).append(asn1cert)
all_certs[asn1cert] = cert
# construct the context and validator for certvalidator
timestamp = self.timestamp
context = ValidationContext(
trust_roots=list(trust_roots),
moment=timestamp,
weak_hash_algos=set() if self.allow_legacy else None,
revocation_mode=self.revocation_mode,
allow_fetching=self.allow_fetching,
crl_fetch_params={'timeout': self.fetch_timeout},
ocsp_fetch_params={'timeout': self.fetch_timeout},
crls=self.crls,
ocsps=self.ocsps
)
validator = CertificateValidator(
end_entity_cert=to_check_asn1cert,
intermediate_certs=list(intermediates),
validation_context=context
)
# verify the chain
try:
chain = validator.validate_usage(
key_usage=set(self.key_usages) if self.key_usages else set(),
extended_key_usage=set(self.extended_key_usages) if self.extended_key_usages else set(),
extended_optional=self.optional_eku
)
except Exception as e:
> raise CertificateVerificationError("Chain verification from %s failed: %s" % (certificate, e))
E signify.exceptions.CertificateVerificationError: Chain verification from CN=revoked.badssl.com, O=Lucas Garron Torres, L=Walnut Creek, ST=California, C=US (serial:4578095623763233818958520798617405692, sha1:23fc13ba6f27bf8dd1761bda7bb41921f59c21f7) failed: The path could not be validated because the end-entity certificate expired 2021-10-08 12:00:00Z
signify/x509/context.py:297: CertificateVerificationError
Support for MSI files
Windows verifies the attached sample's signature, however when I use signify, I get:
SignedPEParseError: The PE file does not contain a certificate table.
Any ideas?
(Attaching as link because GitHub bug won't allow it)
https://drive.google.com/file/d/1Vhs9EOjqzmEwaTzwZ3f5LC2Vx6_HgtJG/view?usp=sharing
Question - CRL verification support
This is more of a question than an issue:
Does Signify support verifying that a certificate SN does not appear in its CRL? For example, I have a sample where Windows alerts that the certificate has been revoked by its issuer, but Signify verifies the signature and doesn't know that it appears in the CRL, so it thinks everything is OK.
Is there CRL support that I'm missing? If not, what is the most correct way to go about this? For each certificate, download its CRL, and check if the certificate's SN appears in the list? Is there a better way to check this?
PS - When is your next planned release? I need to decide if we should build the current code ourselves, or wait for your release (which is better of course. Thanks!)
verify fails on certain PE files
Calling verify fails for me on certain PE files which seem to have legitimate signatures. For example, try whois.exe from SysInternals (https://docs.microsoft.com/en-us/sysinternals/downloads/whois). I get the exception below. Any ideas how to avoid this?
code:
from signify.signed_pe import SignedPEFile
filename = "whois.exe"
with open(filename, "rb") as f:
pefile = SignedPEFile(f)
pefile.verify()
exception:
Traceback (most recent call last):
File "/home/test/python3/lib/python3.6/site-packages/signify/asn1/__init__.py", line 10, in guarded_ber_decode
result, rest = ber_decoder.decode(data, asn1Spec=asn1_spec)
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1585, in __call__
**options
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 609, in valueDecoder
component, head = decodeFun(head, componentType, **options)
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1585, in __call__
**options
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 728, in valueDecoder
component, head = decodeFun(head, componentType, **options)
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1585, in __call__
**options
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1008, in valueDecoder
tagSet, length, state, **options
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1585, in __call__
**options
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 609, in valueDecoder
component, head = decodeFun(head, componentType, **options)
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1585, in __call__
**options
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 609, in valueDecoder
component, head = decodeFun(head, componentType, **options)
File "/home/test/python3/lib/python3.6/site-packages/pyasn1/codec/ber/decoder.py", line 1619, in __call__
'%s not in asn1Spec: %r' % (tagSet, asn1Spec)
pyasn1.error.PyAsn1Error: <TagSet object, tags 0:32:16> not in asn1Spec: <Choice schema object, tagSet=<TagSet object, untagged>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type baseCertificateID=<IssuerSerial schema object, tagSet=<TagSet object, tags 0:32:16-128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type issuer=<GeneralNames schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, componentType=<GeneralName schema object, tagSet=<TagSet object, untagged>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type otherName=<AnotherName schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type-id=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<Any schema object, tagSet <TagSet object, tags 128:32:0>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type rfc822Name=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>, <NamedType object, type dNSName=<IA5String schema object, tagSet <TagSet object, tags 128:0:2>, encoding us-ascii>>, <NamedType object, type x400Address=<ORAddress schema object, tagSet=<TagSet object, tags 128:32:3>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type built-in-standard-attributes=<BuiltInStandardAttributes value object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type country-name=<CountryName schema object, tagSet=<TagSet object, tags 64:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type x121-dcc-code=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>, <NamedType object, type iso-3166-alpha2-code=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type administration-domain-name=<AdministrationDomainName schema object, tagSet=<TagSet object, tags 64:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type network-address=<NetworkAddress schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>, encoding us-ascii>>, <OptionalNamedType object, type terminal-identifier=<TerminalIdentifier schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [24]>>, encoding us-ascii>>, <OptionalNamedType object, type private-domain-name=<PrivateDomainName schema object, tagSet=<TagSet object, tags 128:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organization-name=<OrganizationName schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [64]>>, encoding us-ascii>>, <OptionalNamedType object, type numeric-user-identifier=<NumericUserIdentifier schema object, tagSet <TagSet object, tags 128:0:4>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>>, <OptionalNamedType object, type personal-name=<PersonalName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type surname=<PrintableString schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [40]>>>, encoding us-ascii>>, <OptionalNamedType object, type given-name=<PrintableString schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <OptionalNamedType object, type initials=<PrintableString schema object, tagSet <TagSet object, tags 128:0:2>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [5]>>>, encoding us-ascii>>, <OptionalNamedType object, type generation-qualifier=<PrintableString schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organizational-unit-names=<OrganizationalUnitNames schema object, tagSet=<TagSet object, tags 128:32:6>, subtypeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>, componentType=<OrganizationalUnitName schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type built-in-domain-defined-attributes=<BuiltInDomainDefinedAttributes schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>, componentType=<BuiltInDomainDefinedAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [8]>>>, encoding us-ascii>>, <NamedType object, type value=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [128]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>, <OptionalNamedType object, type extension-attributes=<ExtensionAttributes schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>, componentType=<ExtensionAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type extension-attribute-type=<Integer schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, <NamedType object, type extension-attribute-value=<Any schema object, tagSet <TagSet object, tags 128:32:1>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type directoryName=<Name schema object, tagSet=<TagSet object, tags 128:32:4>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type rdnSequence=<RDNSequence schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<RelativeDistinguishedName schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, componentType=<AttributeTypeAndValue schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<AttributeType schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<AttributeValue schema object, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type ediPartyName=<EDIPartyName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type nameAssigner=<DirectoryString schema object, tagSet=<TagSet object, tags 128:0:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type partyName=<DirectoryString schema object, tagSet=<TagSet object, tags 128:0:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type uniformResourceIdentifier=<IA5String schema object, tagSet <TagSet object, tags 128:0:6>, encoding us-ascii>>, <NamedType object, type iPAddress=<OctetString schema object, tagSet <TagSet object, tags 128:0:7>, encoding iso-8859-1>>, <NamedType object, type registeredID=<ObjectIdentifier schema object, tagSet <TagSet object, tags 128:0:8>>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>>, <NamedType object, type serial=<CertificateSerialNumber schema object, tagSet <TagSet object, tags 0:0:2>>>, <OptionalNamedType object, type issuerUID=<UniqueIdentifier schema object, tagSet <TagSet object, tags 0:0:3>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type subjectName=<GeneralNames schema object, tagSet=<TagSet object, tags 0:32:16-128:32:1>, subtypeSpec=<ValueSizeConstraint object, consts 1, inf>, componentType=<GeneralName schema object, tagSet=<TagSet object, untagged>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type otherName=<AnotherName schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type-id=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<Any schema object, tagSet <TagSet object, tags 128:32:0>, encoding iso-8859-1>, open type <pyasn1.type.opentype.OpenType object at 0x7f7deeb9d358>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type rfc822Name=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>, <NamedType object, type dNSName=<IA5String schema object, tagSet <TagSet object, tags 128:0:2>, encoding us-ascii>>, <NamedType object, type x400Address=<ORAddress schema object, tagSet=<TagSet object, tags 128:32:3>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type built-in-standard-attributes=<BuiltInStandardAttributes value object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type country-name=<CountryName schema object, tagSet=<TagSet object, tags 64:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type x121-dcc-code=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>, <NamedType object, type iso-3166-alpha2-code=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type administration-domain-name=<AdministrationDomainName schema object, tagSet=<TagSet object, tags 64:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type network-address=<NetworkAddress schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>, encoding us-ascii>>, <OptionalNamedType object, type terminal-identifier=<TerminalIdentifier schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [24]>>, encoding us-ascii>>, <OptionalNamedType object, type private-domain-name=<PrivateDomainName schema object, tagSet=<TagSet object, tags 128:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organization-name=<OrganizationName schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [64]>>, encoding us-ascii>>, <OptionalNamedType object, type numeric-user-identifier=<NumericUserIdentifier schema object, tagSet <TagSet object, tags 128:0:4>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>>, <OptionalNamedType object, type personal-name=<PersonalName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type surname=<PrintableString schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [40]>>>, encoding us-ascii>>, <OptionalNamedType object, type given-name=<PrintableString schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <OptionalNamedType object, type initials=<PrintableString schema object, tagSet <TagSet object, tags 128:0:2>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [5]>>>, encoding us-ascii>>, <OptionalNamedType object, type generation-qualifier=<PrintableString schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organizational-unit-names=<OrganizationalUnitNames schema object, tagSet=<TagSet object, tags 128:32:6>, subtypeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>, componentType=<OrganizationalUnitName schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type built-in-domain-defined-attributes=<BuiltInDomainDefinedAttributes schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>, componentType=<BuiltInDomainDefinedAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [8]>>>, encoding us-ascii>>, <NamedType object, type value=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [128]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>, <OptionalNamedType object, type extension-attributes=<ExtensionAttributes schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>, componentType=<ExtensionAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type extension-attribute-type=<Integer schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, <NamedType object, type extension-attribute-value=<Any schema object, tagSet <TagSet object, tags 128:32:1>, encoding iso-8859-1>, open type <pyasn1.type.opentype.OpenType object at 0x7f7deec0e080>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type directoryName=<Name schema object, tagSet=<TagSet object, tags 128:32:4>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type rdnSequence=<RDNSequence schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<RelativeDistinguishedName schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, componentType=<AttributeTypeAndValue schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<AttributeType schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<AttributeValue schema object, encoding iso-8859-1>, open type <pyasn1.type.opentype.OpenType object at 0x7f7deec72da0>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type ediPartyName=<EDIPartyName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type nameAssigner=<DirectoryString schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type partyName=<DirectoryString schema object, tagSet=<TagSet object, tags 128:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type uniformResourceIdentifier=<IA5String schema object, tagSet <TagSet object, tags 128:0:6>, encoding us-ascii>>, <NamedType object, type iPAddress=<OctetString schema object, tagSet <TagSet object, tags 128:0:7>, encoding iso-8859-1>>, <NamedType object, type registeredID=<ObjectIdentifier schema object, tagSet <TagSet object, tags 128:0:8>>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>>>, sizeSpec=<ConstraintsIntersection object>>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test_signify2.py", line 6, in <module>
pefile.verify()
File "/home/test/python3/lib/python3.6/site-packages/signify/signed_pe.py", line 239, in verify
signed_datas = list(self.signed_datas)
File "/home/test/python3/lib/python3.6/site-packages/signify/signed_pe.py", line 221, in signed_datas
yield SignedData.from_certificate(certificate['certificate'], pefile=self)
File "/home/test/python3/lib/python3.6/site-packages/signify/authenticode.py", line 142, in from_certificate
signed_data = SignedData(data, *args, **kwargs)
File "/home/test/python3/lib/python3.6/site-packages/signify/authenticode.py", line 127, in __init__
self._parse()
File "/home/test/python3/lib/python3.6/site-packages/signify/authenticode.py", line 172, in _parse
self.signer_info = AuthenticodeSignerInfo(self.data['signerInfos'][0])
File "/home/test/python3/lib/python3.6/site-packages/signify/signerinfo.py", line 58, in __init__
self._parse()
File "/home/test/python3/lib/python3.6/site-packages/signify/authenticode.py", line 91, in _parse
asn1_spec=rfc5652.SignedData())
File "/home/test/python3/lib/python3.6/site-packages/signify/asn1/__init__.py", line 12, in guarded_ber_decode
raise ParseError("Error while parsing %s BER: %s" % (_print_type(asn1_spec), e))
signify.exceptions.ParseError: Error while parsing SignedData BER: <TagSet object, tags 0:32:16> not in asn1Spec: <Choice schema object, tagSet=<TagSet object, untagged>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type baseCertificateID=<IssuerSerial schema object, tagSet=<TagSet object, tags 0:32:16-128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type issuer=<GeneralNames schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, componentType=<GeneralName schema object, tagSet=<TagSet object, untagged>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type otherName=<AnotherName schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type-id=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<Any schema object, tagSet <TagSet object, tags 128:32:0>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type rfc822Name=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>, <NamedType object, type dNSName=<IA5String schema object, tagSet <TagSet object, tags 128:0:2>, encoding us-ascii>>, <NamedType object, type x400Address=<ORAddress schema object, tagSet=<TagSet object, tags 128:32:3>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type built-in-standard-attributes=<BuiltInStandardAttributes value object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type country-name=<CountryName schema object, tagSet=<TagSet object, tags 64:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type x121-dcc-code=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>, <NamedType object, type iso-3166-alpha2-code=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type administration-domain-name=<AdministrationDomainName schema object, tagSet=<TagSet object, tags 64:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type network-address=<NetworkAddress schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>, encoding us-ascii>>, <OptionalNamedType object, type terminal-identifier=<TerminalIdentifier schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [24]>>, encoding us-ascii>>, <OptionalNamedType object, type private-domain-name=<PrivateDomainName schema object, tagSet=<TagSet object, tags 128:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organization-name=<OrganizationName schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [64]>>, encoding us-ascii>>, <OptionalNamedType object, type numeric-user-identifier=<NumericUserIdentifier schema object, tagSet <TagSet object, tags 128:0:4>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>>, <OptionalNamedType object, type personal-name=<PersonalName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type surname=<PrintableString schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [40]>>>, encoding us-ascii>>, <OptionalNamedType object, type given-name=<PrintableString schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <OptionalNamedType object, type initials=<PrintableString schema object, tagSet <TagSet object, tags 128:0:2>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [5]>>>, encoding us-ascii>>, <OptionalNamedType object, type generation-qualifier=<PrintableString schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organizational-unit-names=<OrganizationalUnitNames schema object, tagSet=<TagSet object, tags 128:32:6>, subtypeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>, componentType=<OrganizationalUnitName schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type built-in-domain-defined-attributes=<BuiltInDomainDefinedAttributes schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>, componentType=<BuiltInDomainDefinedAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [8]>>>, encoding us-ascii>>, <NamedType object, type value=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [128]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>, <OptionalNamedType object, type extension-attributes=<ExtensionAttributes schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>, componentType=<ExtensionAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type extension-attribute-type=<Integer schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, <NamedType object, type extension-attribute-value=<Any schema object, tagSet <TagSet object, tags 128:32:1>, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type directoryName=<Name schema object, tagSet=<TagSet object, tags 128:32:4>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type rdnSequence=<RDNSequence schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<RelativeDistinguishedName schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, componentType=<AttributeTypeAndValue schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<AttributeType schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<AttributeValue schema object, encoding iso-8859-1>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type ediPartyName=<EDIPartyName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type nameAssigner=<DirectoryString schema object, tagSet=<TagSet object, tags 128:0:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type partyName=<DirectoryString schema object, tagSet=<TagSet object, tags 128:0:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type uniformResourceIdentifier=<IA5String schema object, tagSet <TagSet object, tags 128:0:6>, encoding us-ascii>>, <NamedType object, type iPAddress=<OctetString schema object, tagSet <TagSet object, tags 128:0:7>, encoding iso-8859-1>>, <NamedType object, type registeredID=<ObjectIdentifier schema object, tagSet <TagSet object, tags 128:0:8>>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>>, <NamedType object, type serial=<CertificateSerialNumber schema object, tagSet <TagSet object, tags 0:0:2>>>, <OptionalNamedType object, type issuerUID=<UniqueIdentifier schema object, tagSet <TagSet object, tags 0:0:3>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type subjectName=<GeneralNames schema object, tagSet=<TagSet object, tags 0:32:16-128:32:1>, subtypeSpec=<ValueSizeConstraint object, consts 1, inf>, componentType=<GeneralName schema object, tagSet=<TagSet object, untagged>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type otherName=<AnotherName schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type-id=<ObjectIdentifier schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<Any schema object, tagSet <TagSet object, tags 128:32:0>, encoding iso-8859-1>, open type <pyasn1.type.opentype.OpenType object at 0x7f7deeb9d358>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type rfc822Name=<IA5String schema object, tagSet <TagSet object, tags 128:0:1>, encoding us-ascii>>, <NamedType object, type dNSName=<IA5String schema object, tagSet <TagSet object, tags 128:0:2>, encoding us-ascii>>, <NamedType object, type x400Address=<ORAddress schema object, tagSet=<TagSet object, tags 128:32:3>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type built-in-standard-attributes=<BuiltInStandardAttributes value object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type country-name=<CountryName schema object, tagSet=<TagSet object, tags 64:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type x121-dcc-code=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>, <NamedType object, type iso-3166-alpha2-code=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [2]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type administration-domain-name=<AdministrationDomainName schema object, tagSet=<TagSet object, tags 64:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type network-address=<NetworkAddress schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>, encoding us-ascii>>, <OptionalNamedType object, type terminal-identifier=<TerminalIdentifier schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [24]>>, encoding us-ascii>>, <OptionalNamedType object, type private-domain-name=<PrivateDomainName schema object, tagSet=<TagSet object, tags 128:32:2>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type numeric=<NumericString schema object, tagSet <TagSet object, tags 0:0:18>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <NamedType object, type printable=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organization-name=<OrganizationName schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [64]>>, encoding us-ascii>>, <OptionalNamedType object, type numeric-user-identifier=<NumericUserIdentifier schema object, tagSet <TagSet object, tags 128:0:4>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>>, <OptionalNamedType object, type personal-name=<PersonalName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type surname=<PrintableString schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [40]>>>, encoding us-ascii>>, <OptionalNamedType object, type given-name=<PrintableString schema object, tagSet <TagSet object, tags 128:0:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [16]>>>, encoding us-ascii>>, <OptionalNamedType object, type initials=<PrintableString schema object, tagSet <TagSet object, tags 128:0:2>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [5]>>>, encoding us-ascii>>, <OptionalNamedType object, type generation-qualifier=<PrintableString schema object, tagSet <TagSet object, tags 128:0:3>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [3]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type organizational-unit-names=<OrganizationalUnitNames schema object, tagSet=<TagSet object, tags 128:32:6>, subtypeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>, componentType=<OrganizationalUnitName schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [32]>>, encoding us-ascii>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <OptionalNamedType object, type built-in-domain-defined-attributes=<BuiltInDomainDefinedAttributes schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>, componentType=<BuiltInDomainDefinedAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [8]>>>, encoding us-ascii>>, <NamedType object, type value=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [128]>>>, encoding us-ascii>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [4]>>>>, <OptionalNamedType object, type extension-attributes=<ExtensionAttributes schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>, componentType=<ExtensionAttribute schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type extension-attribute-type=<Integer schema object, tagSet <TagSet object, tags 128:0:0>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, <NamedType object, type extension-attribute-value=<Any schema object, tagSet <TagSet object, tags 128:32:1>, encoding iso-8859-1>, open type <pyasn1.type.opentype.OpenType object at 0x7f7deec0e080>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, <Integer value object, tagSet <TagSet object, tags 0:0:2>, payload [256]>>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type directoryName=<Name schema object, tagSet=<TagSet object, tags 128:32:4>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type rdnSequence=<RDNSequence schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<RelativeDistinguishedName schema object, tagSet=<TagSet object, tags 0:32:17>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, componentType=<AttributeTypeAndValue schema object, tagSet=<TagSet object, tags 0:32:16>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <NamedType object, type type=<AttributeType schema object, tagSet <TagSet object, tags 0:0:6>>>, <NamedType object, type value=<AttributeValue schema object, encoding iso-8859-1>, open type <pyasn1.type.opentype.OpenType object at 0x7f7deec72da0>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type ediPartyName=<EDIPartyName schema object, tagSet=<TagSet object, tags 128:32:5>, subtypeSpec=<ConstraintsIntersection object>, componentType=<NamedTypes object, types <OptionalNamedType object, type nameAssigner=<DirectoryString schema object, tagSet=<TagSet object, tags 128:32:0>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type partyName=<DirectoryString schema object, tagSet=<TagSet object, tags 128:32:1>, subtypeSpec=<ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, 1>>, componentType=<NamedTypes object, types <NamedType object, type teletexString=<TeletexString schema object, tagSet <TagSet object, tags 0:0:20>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding iso-8859-1>>, <NamedType object, type printableString=<PrintableString schema object, tagSet <TagSet object, tags 0:0:19>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding us-ascii>>, <NamedType object, type universalString=<UniversalString schema object, tagSet <TagSet object, tags 0:0:28>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-32-be>>, <NamedType object, type utf8String=<UTF8String schema object, tagSet <TagSet object, tags 0:0:12>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-8>>, <NamedType object, type bmpString=<BMPString schema object, tagSet <TagSet object, tags 0:0:30>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 1, inf>>, encoding utf-16-be>>>, sizeSpec=<ConstraintsIntersection object>>>>, sizeSpec=<ConstraintsIntersection object>>>, <NamedType object, type uniformResourceIdentifier=<IA5String schema object, tagSet <TagSet object, tags 128:0:6>, encoding us-ascii>>, <NamedType object, type iPAddress=<OctetString schema object, tagSet <TagSet object, tags 128:0:7>, encoding iso-8859-1>>, <NamedType object, type registeredID=<ObjectIdentifier schema object, tagSet <TagSet object, tags 128:0:8>>>>, sizeSpec=<ConstraintsIntersection object>>, sizeSpec=<ValueSizeConstraint object, consts 1, inf>>>>, sizeSpec=<ConstraintsIntersection object>>
bytes() on bitstring causes wrong parsing of subject_public_key
signify/signify/x509/certificates.py
Line 130 in 21a8306
in my debug the tbs_certificate['subjectPublicKeyInfo']['subjectPublicKey'] is a bitstring value
so this line results into byte array where each byte is in fact one bit and makes further processing harder
it should be something like:
self.subject_public_key = int(tbs_certificate['subjectPublicKeyInfo']['subjectPublicKey']).to_bytes((len(tbs_certificate['subjectPublicKeyInfo']['subjectPublicKey']) + 7) // 8, byteorder='big')
i took the conversion from the answer here: https://stackoverflow.com/questions/32675679/convert-binary-string-to-bytearray-in-python-3
Add to README.rst or Docs "Examples" section.
This took me longer than I'd like to admit to figure out: https://github.com/jgstew/tools/blob/master/Python/get_pefile_signify_time.py
Would be nice to have an "Examples" section.
Does it support reading a file as a buffer?
I need to verify buffer files, does signify support that?
Support for SHA-384 algorithm
I just came across an executable signed by LumiraDx Care Solutions UK Ltd (added the sample here), which crashes signify with the following error:
SignerInfo.digestAlgorithm must be one of ['md5', 'sha1', 'sha256'], not 2.16.840.1.101.3.4.2.2
The above OID represents the SHA-384 algorithm. Two out of the three certificates in the chain are SHA-384 (the end-certificate is SHA-256), as well as the countersignature. Any plans on adding support to this algorithm?
Error: oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
Why? How to fix it?
Code as below:
from signify.authenticode import SignedPEFile
Error msg:
oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
cannot import name 'rfc3161' from 'pyasn1_modules'
It looks like that the pyasn1_modules is broken.
I understand that it is not a problem of signify, but maybe you can set a working version in the requirements.txt
$ pip3 install signify
$ python3
>>> f = open('example.pe', 'rb')
>>> pefile = SignedPEFile(f)
>>> pefile.verify()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.8/dist-packages/signify/signed_pe.py", line 239, in verify
signed_datas = list(self.signed_datas)
File "/usr/local/lib/python3.8/dist-packages/signify/signed_pe.py", line 213, in signed_datas
from .authenticode import AuthenticodeSignedData
File "/usr/local/lib/python3.8/dist-packages/signify/authenticode.py", line 32, in <module>
from pyasn1_modules import rfc3161, rfc2315, rfc5652
ImportError: cannot import name 'rfc3161' from 'pyasn1_modules' (/usr/lib/python3/dist-packages/pyasn1_modules/__init__.py)
>>> from pyasn1_modules import rfc3161, rfc2315, rfc5652
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: cannot import name 'rfc3161' from 'pyasn1_modules' (/usr/lib/python3/dist-packages/pyasn1_modules/__init__.py)
SignerInfoVerificationError with valid signature
Hey, seems that the following sample's signature is fine according to Windows, however with signify I get SignatureError: Signature is invalid.
Any ideas?
(adding download link because of GitHub bug)
https://drive.google.com/file/d/1NKqGtOAdx_14Hb1dMDsIxCHDOtY0MWfE/view?usp=sharing
Exception when root cert has 'Disallowed Filetime' but no 'Not before time'
The following error is raised when verifying a root cert with a 'Disallowed Filetime' but no "Not before time':
TypeError: '>=' not supported between instances of 'datetime.datetime' and 'NoneType'
Source of error (signify.authenticode.authroot.CertificateTrustSubject):
# The disallowed time does concern the timestamp of the signature being verified.
if self.disallowed_filetime is not None:
if timestamp >= self.not_before_filetime:
# If there is a notBefore time, and there is no NotBeforeEnhkeyUsage, then the validity concerns the
# entire certificate.
The following cert triggers the traceback (found in the latest Microsoft bundle):
Subject Identifier: 627f8d7827656399d27d7f9044c9feb3f33efa9a
Friendly Name: thawte
Extended key usages: ['code_signing', 'server_auth']
Subject Name MD5: d4803ac36c256817d4ec5936f29bc4e7
Disallowed Filetime: 2016-04-19 00:00:00+00:00
-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
-----END CERTIFICATE-----
Support multiple signature types
As far as I can tell, this currently only looks at the signature at index 0, which includes a certificate chain and optionally a timestamp certificate chain. It is within spec for files to have an additional signature. An example is McAfee products which are signed with both a SHA1 and a SHA256 signature. Windows SignTool (https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool) does show and verify these signatures when ran with the /all parameter. As far as I can tell, Signify only handles the default signature (index: 0).
McAfee's definition updates (https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html), which are distributed as executables with a SHA1 signature at index 0 and a SHA256 signature at index 1. As far as I can tell, signify is only parsing and verifying the SHA1, which is the least secure method available. It would be preferable to either parse the SHA256, or ideally, both signatures.
Am I simply missing some functionality in this? Is there any provision for this using the existing code? If not, what would be required to add it.
Can't import signify after upgrading to Ubuntu Jammy
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/oscrypto/_openssl/_libcrypto_ctypes.py", line 304, in <module>
libcrypto.EVP_PKEY_size.argtypes = [
File "/usr/lib/python3.10/ctypes/__init__.py", line 387, in __getattr__
func = self.__getitem__(name)
File "/usr/lib/python3.10/ctypes/__init__.py", line 392, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /lib/x86_64-linux-gnu/libcrypto.so.3: undefined symbol: EVP_PKEY_size. Did you mean: 'EVP_PKEY_free'?
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test.py", line 3, in <module>
import signify.fingerprinter
File "/usr/local/lib/python3.10/dist-packages/signify/fingerprinter.py", line 30, in <module>
from signify.authenticode.signed_pe import SignedPEFile
File "/usr/local/lib/python3.10/dist-packages/signify/authenticode/__init__.py", line 1, in <module>
from .structures import *
File "/usr/local/lib/python3.10/dist-packages/signify/authenticode/structures.py", line 34, in <module>
from signify.authenticode.authroot import CertificateTrustList
File "/usr/local/lib/python3.10/dist-packages/signify/authenticode/authroot.py", line 13, in <module>
from signify.pkcs7.signeddata import SignedData
File "/usr/local/lib/python3.10/dist-packages/signify/pkcs7/__init__.py", line 1, in <module>
from .signerinfo import *
File "/usr/local/lib/python3.10/dist-packages/signify/pkcs7/signerinfo.py", line 12, in <module>
from signify.x509.certificates import CertificateName
File "/usr/local/lib/python3.10/dist-packages/signify/x509/__init__.py", line 1, in <module>
from .certificates import *
File "/usr/local/lib/python3.10/dist-packages/signify/x509/certificates.py", line 7, in <module>
from oscrypto import asymmetric
File "/usr/local/lib/python3.10/dist-packages/oscrypto/asymmetric.py", line 19, in <module>
from ._asymmetric import _unwrap_private_key_info
File "/usr/local/lib/python3.10/dist-packages/oscrypto/_asymmetric.py", line 27, in <module>
from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
File "/usr/local/lib/python3.10/dist-packages/oscrypto/kdf.py", line 9, in <module>
from .util import rand_bytes
File "/usr/local/lib/python3.10/dist-packages/oscrypto/util.py", line 14, in <module>
from ._openssl.util import rand_bytes
File "/usr/local/lib/python3.10/dist-packages/oscrypto/_openssl/util.py", line 6, in <module>
from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
File "/usr/local/lib/python3.10/dist-packages/oscrypto/_openssl/_libcrypto.py", line 15, in <module>
from ._libcrypto_ctypes import (
File "/usr/local/lib/python3.10/dist-packages/oscrypto/_openssl/_libcrypto_ctypes.py", line 688, in <module>
raise FFIEngineError('Error initializing ctypes')
oscrypto._ffi.FFIEngineError: Error initializing ctypes
Long waiting time when parsing malware with SignedPEFile()
Hi.
I'm using signify to extract certificate metadata from malware samples, using a small python script.
I've observed that some samples cause SignedPEFile() to hang forever. When canceling the string the traceback is as follows:
File "/usr/local/lib/python3.7/site-packages/signify/signed_pe.py", line 216, in signed_datas
for certificate in self._parse_cert_table():
File "/usr/local/lib/python3.7/site-packages/signify/signed_pe.py", line 179, in _parse_cert_table
while position < sum(locations['certtable']):
I have a couple of samples that cause this problem, I can provide them if you want. (i.e. MD5:00552da691bf80b2e023381bf0566ed5839d6c86)
All samples are valid PE32 files.
Thanks in advance.
Sample without signatures, but verified in Windows
Validation with Get-AuthenticodeSignature:
(venv) PS C:\Users\aa\Documents\Projects\PowerShell\PathHashCalc\src\python> Get-AuthenticodeSignature "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"
Directory: C:\Program Files\Common Files\microsoft shared\MSInfo
SignerCertificate Status StatusMessage Path
----------------- ------ ------------- ----
58FD671E2D4D200CE92D6E799EC70DF96E6D2664 Valid Signature verified. msinfo32.exe
Signify:
(venv) PS C:\Users\aa\Documents\Projects\PowerShell\PathHashCalc\src\python> python .\signifyexample.py 'C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe'
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe:
DEBUG:signify.authenticode.signed_pe:The Certificate Table is empty
Error while parsing: The PE file does not contain a certificate table.The reality is that there's no "Digital Signature" tab in the file Properties of this file, yet Get-AuthenticodeSignature declares a valid signature...:
Sample file attached below.
sample.zip
Compatibility with pyasn1 0.5
File "c:\python38-32\lib\site-packages\signify\authenticode\authroot.py", line 338, in _parse_attributes
_, v = ber_decoder.decode(value, recursiveFlag=0)
File "c:\python38-32\lib\site-packages\pyasn1\codec\ber\decoder.py", line 2003, in __call__
for asn1Object in streamingDecoder:
File "c:\python38-32\lib\site-packages\pyasn1\codec\ber\decoder.py", line 1918, in __iter__
for asn1Object in self._singleItemDecoder(
File "c:\python38-32\lib\site-packages\pyasn1\codec\ber\decoder.py", line 1778, in __call__
for value in concreteDecoder.valueDecoder(
File "c:\python38-32\lib\site-packages\pyasn1\codec\ber\decoder.py", line 302, in valueDecoder
for chunk in substrateFun(asn1Object, substrate, length, options):
TypeError: <lambda>() takes 3 positional arguments but 4 were given
Signed file but issuer is missing
Signed file but issuer is missing
According to Get-AuthenticodeSignature a file has a valid signature, but signify can't validate it...
(venv) PS C:\Users\aa\Documents\Projects\PowerShell\PathHashCalc\src\python> Get-AuthenticodeSignature -FilePath 'C:\Program Files\Docker\Docker\resources\snyk.exe'
Directory: C:\Program Files\Docker\Docker\resources
SignerCertificate Status StatusMessage Path
----------------- ------ ------------- ----
93A3E89E10ED23729F951AA1472812C28D2FC455 Valid Signature verified. snyk.exeand python example using trusted_certificate_store=TRUSTED_CERTIFICATE_STORE_NO_CTL :
(venv) PS C:\Users\aa\Documents\Projects\PowerShell\PathHashCalc\src\python> python .\signifyexample.py 'C:\Program Files\Docker\Docker\resources\snyk.exe'
C:\Program Files\Docker\Docker\resources\snyk.exe:
Included certificates:
- Subject: CN=Snyk Limited, O=Snyk Limited, ST=London, C=GB
Issuer: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Serial: 207434686800935825601819132938565993876
Valid from: 2022-09-30 00:00:00+00:00
Valid to: 2023-09-30 23:59:59+00:00
- Subject: CN=Sectigo RSA Time Stamping CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Serial: 63883093293784159655322269805543173561
Valid from: 2019-05-02 00:00:00+00:00
Valid to: 2038-01-18 23:59:59+00:00
- Subject: CN=Sectigo RSA Time Stamping Signer #3, O=Sectigo Limited, ST=Manchester, C=GB
Issuer: CN=Sectigo RSA Time Stamping CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
Serial: 191707380446202648670195672873975720259
Valid from: 2022-05-11 00:00:00+00:00
Valid to: 2033-08-10 23:59:59+00:00
Signer:
Issuer: CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Serial: 207434686800935825601819132938565993876
Program name: Snyk CLI
More info: https://snyk.io
Countersigner:
Issuer: CN=Sectigo RSA Time Stamping CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
Serial: 191707380446202648670195672873975720259
Signing time: 2022-11-29 11:46:39+00:00
Digest algorithm: openssl_sha512
Digest: 869698d2246ec14b9678732f1498b313ecb8ec01ea15bb6b5733430ca6f9812f45fa309cdbc59f1b8267ae2508085f0a95a0e308521ce5c141189ed58eb1a8b1
AuthenticodeVerificationResult.CERTIFICATE_ERROR
Chain verification from CN=Snyk Limited, O=Snyk Limited, ST=London, C=GB (serial:207434686800935825601819132938565993876, sha1:93a3e89e10ed23729f951aa1472812c28d2fc455) failed: Unable to build a validation path for the certificate "Common Name: Snyk Limited, Organization: Snyk Limited, State/Province: London, Country: GB" - no issuer matching "Common Name: Sectigo Public Code Signing CA R36, Organization: Sectigo Limited, Country: GB" was found
--------
AuthenticodeVerificationResult.CERTIFICATE_ERROR
Chain verification from CN=Snyk Limited, O=Snyk Limited, ST=London, C=GB (serial:207434686800935825601819132938565993876, sha1:93a3e89e10ed23729f951aa1472812c28d2fc455) failed: Unable to build a validation path for the certificate "Common Name: Snyk Limited, Organization: Snyk Limited, State/Province: London, Country: GB" - no issuer matching "Common Name: Sectigo Public Code Signing CA R36, Organization: Sectigo Limited, Country: GB" was foundDifferent ContentType
When I verify a certificate of PE file. Some thing is wrong.
The Error is:
Unexpected content type for SignerInfo, expected 1.2.840.113549.1.9.16.1.4, got Data
The refer code in signerinfo.py:90 :
if self._expected_content_type is not None and self.content_type is not self._expected_content_type:
raise SignerInfoParseError("Unexpected content type for SignerInfo, expected %s, got %s" %
(_print_type(self.content_type),
_print_type(self._expected_content_type)))The position of self.content_type and self._expected_content_type is mistaken, but that is not key point.
The key point is content type for SignerInfo maybe have different value.
You can see here: http://oidref.com/1.2.840.113549.1.9.16.1.4, the Information by oid_info is:
This is one of the possible values for the contentType value in the ContentInfo structure defined in PKCS#7 (IETF RFC 2630). See also IETF RFC 3161.
Maybe you can add another content type.
Oh, here is the PE file
3a7de393a36ca8911cd0842a9a25b058.zip
Exception raised if script is compiled by pyinstaller
scenario a: Python39 as interpreter:
Script:
from signify import signed_pe
from signify.exceptions import SignedPEParseError
import pefile
with open("C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe", "rb") as petotest:
try:
pefile = signed_pe.SignedPEFile(petotest)
pefile.verify()
except Exception as ex:
print (ex)
Result --> OK
scenario b: compiled version of the script
If I do
pyinstaller --onefile script.py
and run the same code:
exception raised:
An error occurred while validating the countersignature.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.