crl-monitor/bin/x509/icsi.py

45 lines
1.2 KiB
Python
Raw Permalink Normal View History

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# ICSI Notary lookup of FP
#
# Software is free software released under the GNU General Public License version 3 and later
#
# Copyright (c) 2015 Alexandre Dulaunoy - a@foo.be
import dns.resolver
import argparse
import fileinput
2015-10-02 19:57:55 +00:00
import shlex
import redis
suffix = '.notary.icsi.berkeley.edu'
resolver = dns.resolver.Resolver()
fp = '592978A72A9061F70AD7C44C4D449DCF258CD534'
argParser = argparse.ArgumentParser(description='Lookup a series of certificate fingerprints ICSI Certificate Notary')
argParser.add_argument('-r', default='-', help='Read from a file, default is stdin')
2015-12-06 18:13:26 +00:00
argParser.add_argument('-v', default=False, action='store_true', help='Verbose output including ICSI output')
args = argParser.parse_args()
2015-10-02 19:57:55 +00:00
icsi_keys = ['version','first_seen','last_seen', 'times_seen', 'validated']
rstore = redis.StrictRedis(host='localhost', port=6380, db=5)
for l in fileinput.input(args.r):
2015-10-02 19:57:55 +00:00
fp = l.rstrip().lower()
try:
2015-10-02 19:57:55 +00:00
r = resolver.query(fp+suffix, 'TXT')
except:
print ("Non-existing certificate {}".format(fp))
continue
2015-10-02 19:57:55 +00:00
for rdata in r:
txt = rdata.strings[0]
rd = {}
rd = dict(token.split('=') for token in shlex.split(txt))
rstore.hmset(fp, rd)
2015-12-06 18:13:26 +00:00
if args.v:
print ("{},{}".format(fp,rd))