summaryrefslogtreecommitdiff
path: root/tools/sslcert.py
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2018-10-27 23:22:55 +0200
committerJan Dittberner <jandd@cacert.org>2018-10-27 23:23:27 +0200
commit5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9 (patch)
treeaa2b6024c3719be4875b32ea46a26765f7d0bf1c /tools/sslcert.py
parent72493e64ef5ad7562678d2dc289fa6835faad8d6 (diff)
downloadcacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.tar.gz
cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.tar.xz
cacert-infradocs-5c48baef28d0e7dc9a6de1eb58b0798ba913d9a9.zip
Port tools to Python 3
Diffstat (limited to 'tools/sslcert.py')
-rwxr-xr-xtools/sslcert.py60
1 files changed, 24 insertions, 36 deletions
diff --git a/tools/sslcert.py b/tools/sslcert.py
index cb1dc78..aca3753 100755
--- a/tools/sslcert.py
+++ b/tools/sslcert.py
@@ -2,65 +2,54 @@
from __future__ import print_function
-from datetime import datetime
-from hashlib import sha1
import argparse
import os.path
+from datetime import datetime
+from hashlib import sha1
-from pyasn1_modules import pem
-from pyx509.pkcs7.asn1_models.X509_certificate import Certificate
-from pyx509.pkcs7_models import X509Certificate
-from pyx509.pkcs7.asn1_models.decoder_workarounds import decode
-
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.x509 import ExtensionOID, NameOID
ALTNAME_MAP = (
- ('dNSName', 'DNS'),
- ('rfc822Name', 'EMAIL'),
- ('iPAddress', 'IP')
+ (x509.DNSName, 'DNS'),
+ (x509.RFC822Name, 'EMAIL'),
+ (x509.IPAddress, 'IP')
)
-def x509_parse(derData):
- """Decodes certificate.
- @param derData: DER-encoded certificate string
- @returns: pkcs7_models.X509Certificate
- """
- cert = decode(derData, asn1Spec=Certificate())[0]
- x509cert = X509Certificate(cert)
- return x509cert
-
-
def get_altnames(cert):
- altnames = cert.tbsCertificate.subjAltNameExt.value.values
+ altnames = cert.extensions.get_extension_for_oid(
+ ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
+
retval = []
- for typ, data in [(field[1], altnames[field[0]]) for field in ALTNAME_MAP]:
- for item in sorted(data):
- retval.append("{typ}:{item}".format(typ=typ, item=item))
+ for altname_type, field_name in ALTNAME_MAP:
+ names = altnames.value.get_values_for_type(altname_type)
+ for item in sorted(names):
+ retval.append("{typ}:{item}".format(typ=field_name, item=item))
return ", ".join(retval)
def get_serial(cert):
- serial = "%X" % cert.tbsCertificate.serial_number
+ serial = "%X" % cert.serial_number
return "0" * (len(serial) % 2) + serial
def get_expiration(cert):
- return datetime.strptime(
- cert.tbsCertificate.validity.valid_to, '%Y%m%d%H%M%SZ'
- ).strftime('%b %d %H:%M:%S %Y GMT')
+ return cert.not_valid_after.strftime('%b %d %H:%M:%S %Y GMT')
def get_sha1fp(certdata):
hexhash = sha1(certdata).hexdigest().upper()
- return ":".join([hexhash[i:i+2] for i in range(0, len(hexhash), 2)])
+ return ":".join([hexhash[i:i + 2] for i in range(0, len(hexhash), 2)])
def get_issuer(cert):
- return cert.tbsCertificate.issuer.get_attributes()['CN'][0]
+ return cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
def get_subject(cert):
- return cert.tbsCertificate.subject.get_attributes()['CN'][0]
+ return cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
if __name__ == '__main__':
@@ -70,10 +59,10 @@ if __name__ == '__main__':
'X.509 certificate file and its corresponding PEM encoded RSA key '
'file.'))
parser.add_argument(
- 'cert', metavar='CERT', type=open,
+ 'cert', metavar='CERT', type=argparse.FileType('rb'),
help='PEM encoded X.509 certficate file')
parser.add_argument(
- '--key', metavar='KEY', type=open,
+ '--key', metavar='KEY', type=argparse.FileType('rb'),
help='PEM encoded RSA private key', default=None)
parser.add_argument(
'--root', metavar='ROOT', type=str,
@@ -81,20 +70,19 @@ if __name__ == '__main__':
args = parser.parse_args()
- certpem = pem.readPemFromFile(args.cert)
certpath = os.path.abspath(args.cert.name)
if args.root:
certpath = '/' + os.path.relpath(certpath, args.root)
if args.key:
haskey = True
- keypem = pem.readPemFromFile(args.key)
keypath = os.path.abspath(args.key.name)
if args.root:
keypath = '/' + os.path.relpath(keypath, args.root)
else:
keypath = 'TODO: define key path'
- cert = x509_parse(certpem)
+ certpem = args.cert.read()
+ cert = x509.load_pem_x509_certificate(certpem, default_backend())
data = {
'altnames': get_altnames(cert),
'certfile': certpath,