Analyze CRLs stored in a directory and dump a JSON

2024-11-21 17:47:09 +00:00 · 2014-12-30 19:25:32 +01:00 · 2014-12-30 19:25:32 +01:00 · 47996ec87a
commit 47996ec87a
parent b205fcd9c3
1 changed files with 76 additions and 0 deletions
--- a/bin/analyzecrl.py
+++ b/bin/analyzecrl.py
@ -0,0 +1,76 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Analyze CRLs stored in a directory and dump a JSON
+#
+# Software is free software released under the GNU General Public License version 3 and later
+#
+# Copyright (c) 2014 Alexandre Dulaunoy - a@foo.be
+
+import argparse
+import sys
+import os
+from pyasn1_modules import rfc2459
+crlspec = rfc2459.CertificateList()
+from pyasn1.codec.der import decoder
+import OpenSSL
+import json
+import binascii
+import datetime
+
+argParser = argparse.ArgumentParser(description='Analyze CRLs stored in a directory')
+argParser.add_argument('-v', action='store_true', help='Verbose output')
+argParser.add_argument('-d', help='Path where CRLs are stored')
+argParser.add_argument('-j', action='store_false', default=True, help='Toggle JSON output (default)')
+args = argParser.parse_args()
+
+if not args.d:
+    argParser.print_help()
+    sys.exit()
+
+def DNToString(dn):
+  ret = ""
+  for x in dn:
+    for y in x:
+        ret = ret + " " + str(y[0][1])
+  return ret
+
+for crl in os.listdir(args.d):
+    crlpath = os.path.join(args.d,crl)
+    f = open(crlpath, 'rb')
+    crlfile = f.read()
+    try:
+        crlp = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_ASN1, crlfile)
+    except Exception, err:
+        if args.v:
+            print err
+        continue
+
+    fx = open(crlpath, 'rb')
+    crlfileasn = fx.read()
+    try:
+        cert, rest = decoder.decode(crlfileasn, asn1Spec=crlspec)
+    except Exception, err:
+        if args.v:
+            print err
+        continue
+    a = cert['tbsCertList']
+    if a.getComponentByName('thisUpdate') is not None:
+        thisUpdate = str(a.getComponentByName('thisUpdate')[0])
+    else:
+        thisUpdate = None
+    if a.getComponentByName('nextUpdate') is not None:
+        nextUpdate = str(a.getComponentByName('nextUpdate')[0])
+    else:
+        nextUpdate = None
+    issuer = DNToString(a.getComponentByName('issuer'))
+    fx.close()
+
+    if crlp.get_revoked() is None:
+        o = {'crlpath': crlpath, 'revoked': None, 'issuer' : issuer, 'thisUpdate': thisUpdate, 'nextUpdate': nextUpdate}
+    else:
+        o = {'crlpath': crlpath, 'revoked': [], 'issuer' : issuer, 'thisUpdate': thisUpdate, 'nextUpdate': nextUpdate}
+        for revoked in crlp.get_revoked():
+            o['revoked'].append({'serial':revoked.get_serial(), 'rev_date':revoked.get_rev_date(), 'reason':revoked.get_reason()})
+    if args.j:
+        print json.dumps(o)