Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64)

2024-11-21 17:47:09 +00:00 · 2014-12-29 14:49:30 +01:00 · 2014-12-29 14:49:30 +01:00 · f205a23a19
commit f205a23a19
parent 2b29cdea43
1 changed files with 73 additions and 0 deletions
--- a/bin/dumpcrl.py
+++ b/bin/dumpcrl.py
@ -0,0 +1,73 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Tool to dump CRL and OCSP URI from DER encoded X.509 certificate (in Base64)
+#
+# Software is free software released under the GNU General Public License version 3 and later
+#
+# Copyright (c) 2014 Alexandre Dulaunoy - a@foo.be
+
+import fileinput
+from M2Crypto import X509
+import base64
+import magic
+import argparse
+import json
+
+argParser = argparse.ArgumentParser(description='Dump CRL URI and OCSP URI from X.509 certificates')
+argParser.add_argument('-j', action='store_true', default=False, help='Dump JSON')
+argParser.add_argument('-c', action='store_true', default=True, help='Dump CSV')
+argParser.add_argument('-v', action='store_true', help='Verbose output')
+argParser.add_argument('-r', default='-', help='Read from a file, default is stdin')
+args = argParser.parse_args()
+
+def mapExtension(ext=None):
+    if ext is None:
+        return False
+    return dict([v.strip().split(':', 1) for v in ext.split('\n') if v.strip()])
+
+def certValues(cert=None):
+    if cert is None:
+        return False
+
+for cert in fileinput.input(args.r):
+    try:
+        certb = base64.b64decode(cert.split(",")[1])
+    except:
+        if args.v:
+            print "Padding error "+fileinput.lineno()
+        pass
+
+    try:
+        x509 = X509.load_cert_string(certb, X509.FORMAT_DER)
+    except:
+        print "At line number "+ str(fileinput.lineno()) + " parsing error"
+        pass
+    #print x509.get_subject().as_text()
+    # CRL
+    try:
+        crlExt = x509.get_ext('crlDistributionPoints').get_value()
+        crlExts = mapExtension(ext=crlExt)
+        if args.j:
+            print json.dumps(crlExts)
+        elif args.c:
+            print "CRL URI," + crlExts['URI']
+    except:
+        if args.v:
+            print "No CRL for " + str(fileinput.lineno())
+        pass
+
+    # OCSP
+    try:
+        ocspExt = x509.get_ext('authorityInfoAccess').get_value()
+        ocspExts = mapExtension(ext=ocspExt)
+        if args.j:
+            print json.dumps(ocspExts)
+        elif args.c:
+            print "OCSP URI," + str(ocspExts['OCSP - URI'])
+            print "CA Issuers - URI," + str(ocspExts['CA Issuers - URI'])
+    except:
+        if args.v:
+            print "No OCSP for " + str(fileinput.lineno())
+        pass
+