Nimbostratus
I have a strange irule to create in my BIG-IP LTM.
I receive in the HTTP header from the client a certificate in PEM format.
I can read it but I want to decrypt or convert it in order to read some extensions (UPN).
The X509:Extension function is only on SSL:cert objects and not on PEM string.
If fact i am look for the invert function x509:whole
Any idea ?
Thanks for your help
Laurent
Cirrostratus
set extensions [X509::extensions [URI::decode [b64decode [HTTP::header $cert_header_name]]]]
If this doesn't work, you might try opening a case with F5 Support and see if they have ideas on whether this is possible or not. If not, they could open a request for enhancement for you.
Aaron
Nimbostratus
Many thanks Aarron.
Now It works. I was also trying with X509::extensions [[b64decode but it does not support the "BEGIN CERTIFICATE ... END ..." statement in PEM.
Here the result
set userCERT [b64decode [findstr [HTTP::header value USERCERTIFICATE] "-----BEGIN CERTIFICATE-----" 28 "-----END CERTIFICATE-----"]]
set UPN [findstr [X509::extensions $userCERT] "UPN<" 4 ">"]
set CRL [findstr [X509::extensions $userCERT] "X509v3 CRL Distribution Points" 32 "X509"]
Have nice evening and thanks again
Laurent