mirror of
https://github.com/adulau/crl-monitor.git
synced 2024-12-22 16:56:01 +00:00
Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64)
This commit is contained in:
parent
2b29cdea43
commit
f205a23a19
1 changed files with 73 additions and 0 deletions
73
bin/dumpcrl.py
Normal file
73
bin/dumpcrl.py
Normal file
|
@ -0,0 +1,73 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64)
|
||||
#
|
||||
# Software is free software released under the GNU General Public License version 3 and later
|
||||
#
|
||||
# Copyright (c) 2014 Alexandre Dulaunoy - a@foo.be
|
||||
|
||||
import fileinput
|
||||
from M2Crypto import X509
|
||||
import base64
|
||||
import magic
|
||||
import argparse
|
||||
import json
|
||||
|
||||
argParser = argparse.ArgumentParser(description='Dump CRL URI and OCSP URI from X.509 certificates')
|
||||
argParser.add_argument('-j', action='store_true', default=False, help='Dump JSON')
|
||||
argParser.add_argument('-c', action='store_true', default=True, help='Dump CSV')
|
||||
argParser.add_argument('-v', action='store_true', help='Verbose output')
|
||||
argParser.add_argument('-r', default='-', help='Read from a file, default is stdin')
|
||||
args = argParser.parse_args()
|
||||
|
||||
def mapExtension(ext=None):
|
||||
if ext is None:
|
||||
return False
|
||||
return dict([v.strip().split(':', 1) for v in ext.split('\n') if v.strip()])
|
||||
|
||||
def certValues(cert=None):
|
||||
if cert is None:
|
||||
return False
|
||||
|
||||
for cert in fileinput.input(args.r):
|
||||
try:
|
||||
certb = base64.b64decode(cert.split(",")[1])
|
||||
except:
|
||||
if args.v:
|
||||
print "Padding error "+fileinput.lineno()
|
||||
pass
|
||||
|
||||
try:
|
||||
x509 = X509.load_cert_string(certb, X509.FORMAT_DER)
|
||||
except:
|
||||
print "At line number "+ str(fileinput.lineno()) + " parsing error"
|
||||
pass
|
||||
#print x509.get_subject().as_text()
|
||||
# CRL
|
||||
try:
|
||||
crlExt = x509.get_ext('crlDistributionPoints').get_value()
|
||||
crlExts = mapExtension(ext=crlExt)
|
||||
if args.j:
|
||||
print json.dumps(crlExts)
|
||||
elif args.c:
|
||||
print "CRL URI," + crlExts['URI']
|
||||
except:
|
||||
if args.v:
|
||||
print "No CRL for " + str(fileinput.lineno())
|
||||
pass
|
||||
|
||||
# OCSP
|
||||
try:
|
||||
ocspExt = x509.get_ext('authorityInfoAccess').get_value()
|
||||
ocspExts = mapExtension(ext=ocspExt)
|
||||
if args.j:
|
||||
print json.dumps(ocspExts)
|
||||
elif args.c:
|
||||
print "OCSP URI," + str(ocspExts['OCSP - URI'])
|
||||
print "CA Issuers - URI," + str(ocspExts['CA Issuers - URI'])
|
||||
except:
|
||||
if args.v:
|
||||
print "No OCSP for " + str(fileinput.lineno())
|
||||
pass
|
||||
|
Loading…
Reference in a new issue