From 1256d13c42ee4e51ad5f66cd70b82cd3b238fe93 Mon Sep 17 00:00:00 2001
From: Ruben van Staveren <rvstaveren@proserve.nl>
Date: Tue, 20 Aug 2019 14:20:46 +0200
Subject: [PATCH] Provide openssl like x509 -subjext -issuer -dates
 -fingerprint output

---
 sort_certificate.py | 45 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/sort_certificate.py b/sort_certificate.py
index f0ba4fb..a2c4713 100755
--- a/sort_certificate.py
+++ b/sort_certificate.py
@@ -10,6 +10,7 @@ import re
 import os
 import fileinput
 from argparse import ArgumentParser
+from datetime import datetime
 from OpenSSL import crypto
 from Crypto.Util import asn1
 from cryptography.hazmat.primitives import serialization
@@ -26,6 +27,17 @@ VALID_HOSTNAME_RE = '^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])'\
                     '(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}'\
                     '[a-zA-Z0-9]))*$'
 
+CERTINFO_TEMPLATE = '''
+subject= /{subject}
+issuer= /{issuer}
+notBefore={notbefore!s}
+notAfter={notafter}
+SHA1 Fingerprint={sha1fingerprint}
+'''.strip()
+
+ASN1TIME_FMT = str('%Y%m%d%H%M%SZ'.encode('utf8'))
+OPENSSLTIME_FMT = '%b %e %T %Y GMT'
+
 
 def load_data(filenames):
     '''
@@ -325,8 +337,37 @@ def main():
 
         for x509_object in [x for x in x509_objects
                             if x.get_subject() != x.get_issuer()]:
-            logging.info('Subject: %s', x509_object.get_subject())
-            logging.info('Issuer: %s', x509_object.get_issuer())
+
+            # Stringify subject like openssl x509 -subject
+            x509_subject = '/'.join(['{0}={1}'.format(component[0].decode(),
+                                                      component[1].decode())
+                                     for component in
+                                     x509_object.get_subject().get_components()
+                                     ])
+
+            # Stringify issuer like openssl x509 -issuer
+            x509_issuer = '/'.join(['{0}={1}'.format(component[0].decode(),
+                                                     component[1].decode())
+                                    for component in
+                                    x509_object.get_issuer().get_components()
+                                    ])
+
+            x509_notAfter = datetime.strptime(str(x509_object.get_notAfter()),
+                                              ASN1TIME_FMT)
+
+            x509_notBefore = datetime.strptime(str(x509_object.get_notBefore()),
+                                               ASN1TIME_FMT)
+
+            logging.info('Subject: %s', x509_subject)
+            logging.info('Issuer: %s', x509_issuer)
+
+            print(CERTINFO_TEMPLATE.format(
+                subject=x509_subject,
+                issuer=x509_issuer,
+                notbefore=x509_notBefore.strftime(OPENSSLTIME_FMT),
+                notafter=x509_notAfter.strftime(OPENSSLTIME_FMT),
+                sha1fingerprint=x509_object.digest('sha1').decode()))
+
             print(crypto.dump_certificate(crypto.FILETYPE_PEM,
                                           x509_object).decode('ascii'),
                   end='')