Provide openssl like x509 -subjext -issuer -dates -fingerprint output

2019-08-20 14:20:46 +02:00 · 2019-08-20 14:20:46 +02:00 · 1256d13c42
commit 1256d13c42
parent ccd93d8027
1 changed files with 43 additions and 2 deletions
--- a/sort_certificate.py
+++ b/sort_certificate.py
@ -10,6 +10,7 @@ import re
 import os
 import fileinput
 from argparse import ArgumentParser
+from datetime import datetime
 from OpenSSL import crypto
 from Crypto.Util import asn1
 from cryptography.hazmat.primitives import serialization
@ -26,6 +27,17 @@ VALID_HOSTNAME_RE = '^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])'\
                    '(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}'\
                    '[a-zA-Z0-9]))*$'

+CERTINFO_TEMPLATE = '''
+subject= /{subject}
+issuer= /{issuer}
+notBefore={notbefore!s}
+notAfter={notafter}
+SHA1 Fingerprint={sha1fingerprint}
+'''.strip()
+
+ASN1TIME_FMT = str('%Y%m%d%H%M%SZ'.encode('utf8'))
+OPENSSLTIME_FMT = '%b %e %T %Y GMT'
+

 def load_data(filenames):
    '''
@ -325,8 +337,37 @@ def main():

        for x509_object in [x for x in x509_objects
                            if x.get_subject() != x.get_issuer()]:
-            logging.info('Subject: %s', x509_object.get_subject())
-            logging.info('Issuer: %s', x509_object.get_issuer())
+
+            # Stringify subject like openssl x509 -subject
+            x509_subject = '/'.join(['{0}={1}'.format(component[0].decode(),
+                                                      component[1].decode())
+                                     for component in
+                                     x509_object.get_subject().get_components()
+                                     ])
+
+            # Stringify issuer like openssl x509 -issuer
+            x509_issuer = '/'.join(['{0}={1}'.format(component[0].decode(),
+                                                     component[1].decode())
+                                    for component in
+                                    x509_object.get_issuer().get_components()
+                                    ])
+
+            x509_notAfter = datetime.strptime(str(x509_object.get_notAfter()),
+                                              ASN1TIME_FMT)
+
+            x509_notBefore = datetime.strptime(str(x509_object.get_notBefore()),
+                                               ASN1TIME_FMT)
+
+            logging.info('Subject: %s', x509_subject)
+            logging.info('Issuer: %s', x509_issuer)
+
+            print(CERTINFO_TEMPLATE.format(
+                subject=x509_subject,
+                issuer=x509_issuer,
+                notbefore=x509_notBefore.strftime(OPENSSLTIME_FMT),
+                notafter=x509_notAfter.strftime(OPENSSLTIME_FMT),
+                sha1fingerprint=x509_object.digest('sha1').decode()))
+
            print(crypto.dump_certificate(crypto.FILETYPE_PEM,
                                          x509_object).decode('ascii'),
                  end='')