crl-monitor/bin/dumpcrl.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64)
#
# Software is free software released under the GNU General Public License version 3 and later
#
# Copyright (c) 2014 Alexandre Dulaunoy - a@foo.be

import fileinput
from M2Crypto import X509
import base64
import magic
import argparse
import json

argParser = argparse.ArgumentParser(description='Dump CRL URI and OCSP URI from X.509 certificates')
argParser.add_argument('-j', action='store_true', default=False, help='Dump JSON')
argParser.add_argument('-c', action='store_true', default=True, help='Dump CSV')
argParser.add_argument('-v', action='store_true', help='Verbose output')
argParser.add_argument('-r', default='-', help='Read from a file, default is stdin')
args = argParser.parse_args()

def mapExtension(ext=None):
    if ext is None:
        return False
    return dict([v.strip().split(':', 1) for v in ext.split('\n') if v.strip()])

def certValues(cert=None):
    if cert is None:
        return False

for cert in fileinput.input(args.r):
    try:
        certb = base64.b64decode(cert.split(",")[1])
    except:
        if args.v:
            print "Padding error "+fileinput.lineno()
        pass

    try:
        x509 = X509.load_cert_string(certb, X509.FORMAT_DER)
    except:
        print "At line number "+ str(fileinput.lineno()) + " parsing error"
        pass
    #print x509.get_subject().as_text()
    # CRL
    try:
        crlExt = x509.get_ext('crlDistributionPoints').get_value()
        crlExts = mapExtension(ext=crlExt)
        if args.j:
            print json.dumps(crlExts)
        elif args.c:
            print "CRL URI," + crlExts['URI']
    except:
        if args.v:
            print "No CRL for " + str(fileinput.lineno())
        pass

    # OCSP
    try:
        ocspExt = x509.get_ext('authorityInfoAccess').get_value()
        ocspExts = mapExtension(ext=ocspExt)
        if args.j:
            print json.dumps(ocspExts)
        elif args.c:
            print "OCSP URI," + str(ocspExts['OCSP - URI'])
            print "CA Issuers - URI," + str(ocspExts['CA Issuers - URI'])
    except:
        if args.v:
            print "No OCSP for " + str(fileinput.lineno())
        pass
Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64) 2014-12-29 13:49:30 +00:00			`#!/usr/bin/env python`
			`# -- coding: utf-8 --`
			`#`
			`# Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64)`
			`#`
			`# Software is free software released under the GNU General Public License version 3 and later`
			`#`
			`# Copyright (c) 2014 Alexandre Dulaunoy - a@foo.be`

			`import fileinput`
			`from M2Crypto import X509`
			`import base64`
			`import magic`
			`import argparse`
			`import json`

			`argParser = argparse.ArgumentParser(description='Dump CRL URI and OCSP URI from X.509 certificates')`
			`argParser.add_argument('-j', action='store_true', default=False, help='Dump JSON')`
			`argParser.add_argument('-c', action='store_true', default=True, help='Dump CSV')`
			`argParser.add_argument('-v', action='store_true', help='Verbose output')`
			`argParser.add_argument('-r', default='-', help='Read from a file, default is stdin')`
			`args = argParser.parse_args()`

			`def mapExtension(ext=None):`
			`if ext is None:`
			`return False`
			`return dict([v.strip().split(':', 1) for v in ext.split('\n') if v.strip()])`

			`def certValues(cert=None):`
			`if cert is None:`
			`return False`

			`for cert in fileinput.input(args.r):`
			`try:`
			`certb = base64.b64decode(cert.split(",")[1])`
			`except:`
			`if args.v:`
			`print "Padding error "+fileinput.lineno()`
			`pass`

			`try:`
			`x509 = X509.load_cert_string(certb, X509.FORMAT_DER)`
			`except:`
			`print "At line number "+ str(fileinput.lineno()) + " parsing error"`
			`pass`
			`#print x509.get_subject().as_text()`
			`# CRL`
			`try:`
			`crlExt = x509.get_ext('crlDistributionPoints').get_value()`
			`crlExts = mapExtension(ext=crlExt)`
			`if args.j:`
			`print json.dumps(crlExts)`
			`elif args.c:`
			`print "CRL URI," + crlExts['URI']`
			`except:`
			`if args.v:`
			`print "No CRL for " + str(fileinput.lineno())`
			`pass`

			`# OCSP`
			`try:`
			`ocspExt = x509.get_ext('authorityInfoAccess').get_value()`
			`ocspExts = mapExtension(ext=ocspExt)`
			`if args.j:`
			`print json.dumps(ocspExts)`
			`elif args.c:`
			`print "OCSP URI," + str(ocspExts['OCSP - URI'])`
			`print "CA Issuers - URI," + str(ocspExts['CA Issuers - URI'])`
			`except:`
			`if args.v:`
			`print "No OCSP for " + str(fileinput.lineno())`
			`pass`