synta 0.2.5

ASN.1 parser, decoder, and encoder library with DER/BER support and C FFI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# CertificateList (CRL)


`CertificateList` represents an RFC 5280 Certificate Revocation List.

## Construction

```python
CertificateList.from_der(data: bytes) -> CertificateList
CertificateList.from_pem(data: bytes) -> CertificateList | list[CertificateList]
CertificateList.to_pem(crl_or_list) -> bytes
```

## Properties

| Property | Type | Description |
|---|---|---|
| `version` | `int \| None` | CRL version (`1` = v2); `None` implies v1 (RFC 5280 ยง5.1.2.1) |
| `issuer` | `str` | RFC 4514 DN string |
| `issuer_raw_der` | `bytes` | Raw DER of issuer Name SEQUENCE |
| `this_update` | `str` | thisUpdate time as string |
| `next_update` | `str \| None` | nextUpdate time as string, or `None` if absent |
| `signature_algorithm` | `str` | Algorithm name or dotted OID |
| `signature_algorithm_oid` | `ObjectIdentifier` | |
| `signature_value` | `bytes` | Raw signature bytes |
| `crl_number` | `int \| None` | CRL sequence number from `cRLNumber` extension (OID 2.5.29.20), or `None` |
| `revoked_count` | `int` | Number of revoked certificate entries |

## Methods

| Method | Signature | Returns | Description |
|---|---|---|---|
| `to_der()` | `()` | `bytes` | Original DER bytes |
| `get_extension_value_der` | `(oid: str \| ObjectIdentifier)` | `bytes \| None` | Return the extnValue bytes of the named CRL extension, or `None` if absent. |
| `verify_issued_by` | `(issuer: Certificate)` | `None` | Verify that this CRL was signed by `issuer`. Checks issuer Name match then signature. Raises `ValueError` on mismatch or invalid signature. |

## Full class stub

```python
class CertificateList:
    @staticmethod
    def from_der(data: bytes) -> CertificateList: ...
    @staticmethod
    def from_pem(data: bytes) -> CertificateList | list[CertificateList]: ...
    @staticmethod
    def to_pem(crl_or_list) -> bytes: ...

    version: int | None
    issuer: str
    issuer_raw_der: bytes
    this_update: str
    next_update: str | None
    signature_algorithm: str
    signature_algorithm_oid: ObjectIdentifier
    signature_value: bytes
    crl_number: int | None
    revoked_count: int

    def to_der(self) -> bytes: ...
    def get_extension_value_der(self, oid: str) -> bytes | None: ...
    def verify_issued_by(self, issuer: Certificate) -> None: ...
```

## Usage

```python
import synta

# Parse a DER-encoded CRL
with open("ca.crl", "rb") as f:
    crl = synta.CertificateList.from_der(f.read())

# Access fields
print(crl.issuer)
print(crl.this_update)
print(crl.next_update)
print(f"Revoked entries: {crl.revoked_count}")
print(f"CRL number: {crl.crl_number}")

# Verify the CRL signature
ca_cert = synta.Certificate.from_der(open("ca.der", "rb").read())
try:
    crl.verify_issued_by(ca_cert)
    print("CRL signature valid")
except ValueError as e:
    print(f"Invalid CRL: {e}")

# Read the CRL number extension
crl_num_der = crl.get_extension_value_der("2.5.29.20")
```

See also [Certificate](certificate.md) and [OCSP](ocsp.md).