Port tools to Python 3

author: Jan Dittberner <jandd@cacert.org> 2018-10-27 23:22:55 +0200
committer: Jan Dittberner <jandd@cacert.org> 2018-10-27 23:23:27 +0200
commit: 5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9 (patch)
tree: aa2b6024c3719be4875b32ea46a26765f7d0bf1c /tools/sslcert.py
parent: 72493e64ef5ad7562678d2dc289fa6835faad8d6 (diff)
download: cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.tar.gz
cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.tar.xz
cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.zip
1 files changed, 24 insertions, 36 deletions
diff --git a/tools/sslcert.py b/tools/sslcert.py
index cb1dc78..aca3753 100755
--- a/tools/sslcert.py
+++ b/tools/sslcert.py
@@ -2,65 +2,54 @@
 
 from __future__ import print_function
 
-from datetime import datetime
-from hashlib import sha1
 import argparse
 import os.path
+from datetime import datetime
+from hashlib import sha1
 
-from pyasn1_modules import pem
-from pyx509.pkcs7.asn1_models.X509_certificate import Certificate
-from pyx509.pkcs7_models import X509Certificate
-from pyx509.pkcs7.asn1_models.decoder_workarounds import decode
-
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.x509 import ExtensionOID, NameOID
 
 ALTNAME_MAP = (
-    ('dNSName', 'DNS'),
-    ('rfc822Name', 'EMAIL'),
-    ('iPAddress', 'IP')
+    (x509.DNSName, 'DNS'),
+    (x509.RFC822Name, 'EMAIL'),
+    (x509.IPAddress, 'IP')
 )
 
 
-def x509_parse(derData):
-    """Decodes certificate.
-    @param derData: DER-encoded certificate string
-    @returns: pkcs7_models.X509Certificate
-    """
-    cert = decode(derData, asn1Spec=Certificate())[0]
-    x509cert = X509Certificate(cert)
-    return x509cert
-
-
 def get_altnames(cert):
-    altnames = cert.tbsCertificate.subjAltNameExt.value.values
+    altnames = cert.extensions.get_extension_for_oid(
+        ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+
     retval = []
-    for typ, data in [(field[1], altnames[field[0]]) for field in ALTNAME_MAP]:
-        for item in sorted(data):
-            retval.append("{typ}:{item}".format(typ=typ, item=item))
+    for altname_type, field_name in ALTNAME_MAP:
+        names = altnames.value.get_values_for_type(altname_type)
+        for item in sorted(names):
+            retval.append("{typ}:{item}".format(typ=field_name, item=item))
     return ", ".join(retval)
 
 
 def get_serial(cert):
-    serial = "%X" % cert.tbsCertificate.serial_number
+    serial = "%X" % cert.serial_number
     return "0" * (len(serial) % 2) + serial
 
 
 def get_expiration(cert):
-    return datetime.strptime(
-        cert.tbsCertificate.validity.valid_to, '%Y%m%d%H%M%SZ'
-    ).strftime('%b %d %H:%M:%S %Y GMT')
+    return cert.not_valid_after.strftime('%b %d %H:%M:%S %Y GMT')
 
 
 def get_sha1fp(certdata):
     hexhash = sha1(certdata).hexdigest().upper()
-    return ":".join([hexhash[i:i+2] for i in range(0, len(hexhash), 2)])
+    return ":".join([hexhash[i:i + 2] for i in range(0, len(hexhash), 2)])
 
 
 def get_issuer(cert):
-    return cert.tbsCertificate.issuer.get_attributes()['CN'][0]
+    return cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
 
 
 def get_subject(cert):
-    return cert.tbsCertificate.subject.get_attributes()['CN'][0]
+    return cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
 
 
 if __name__ == '__main__':
@@ -70,10 +59,10 @@ if __name__ == '__main__':
             'X.509 certificate file and its corresponding PEM encoded RSA key '
             'file.'))
     parser.add_argument(
-        'cert', metavar='CERT', type=open,
+        'cert', metavar='CERT', type=argparse.FileType('rb'),
         help='PEM encoded X.509 certficate file')
     parser.add_argument(
-        '--key', metavar='KEY', type=open,
+        '--key', metavar='KEY', type=argparse.FileType('rb'),
         help='PEM encoded RSA private key', default=None)
     parser.add_argument(
         '--root', metavar='ROOT', type=str,
@@ -81,20 +70,19 @@ if __name__ == '__main__':
 
     args = parser.parse_args()
 
-    certpem = pem.readPemFromFile(args.cert)
     certpath = os.path.abspath(args.cert.name)
     if args.root:
         certpath = '/' + os.path.relpath(certpath, args.root)
     if args.key:
         haskey = True
-        keypem = pem.readPemFromFile(args.key)
         keypath = os.path.abspath(args.key.name)
         if args.root:
             keypath = '/' + os.path.relpath(keypath, args.root)
     else:
         keypath = 'TODO: define key path'
 
-    cert = x509_parse(certpem)
+    certpem = args.cert.read()
+    cert = x509.load_pem_x509_certificate(certpem, default_backend())
     data = {
         'altnames': get_altnames(cert),
         'certfile': certpath,
author	Jan Dittberner <jandd@cacert.org>	2018-10-27 23:22:55 +0200
committer	Jan Dittberner <jandd@cacert.org>	2018-10-27 23:23:27 +0200
commit	5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9 (patch)
tree	aa2b6024c3719be4875b32ea46a26765f7d0bf1c /tools/sslcert.py
parent	72493e64ef5ad7562678d2dc289fa6835faad8d6 (diff)
download	cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.tar.gz cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.tar.xz cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.zip