ruben/sort_certificate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pylint/pep8 compliancy

Browse Source
This commit is contained in:
Ruben van Staveren 2020-03-20 11:27:41 +01:00
parent fd5b903caa
commit d415f4786e
No known key found for this signature in database
GPG Key ID: 63424959ACCADD9C
1 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
sort_certificate.py
View File

@ -15,10 +15,9 @@ from Crypto.Util import asn1
from cryptography.hazmat.primitives import serialization
import certifi.core
VALID_HOSTNAME_RE = '^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])'\
'(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}'\
'[a-zA-Z0-9]))*$'
VALID_FQDN_RE = r'^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])'\
r'(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}'\
r'[a-zA-Z0-9]))*$'
CERTINFO_TEMPLATE = '''
subject= /{subject}
@ -98,7 +97,7 @@ def get_priv_modulus(priv):
def match_cert_privkey(cert, priv):
'''
Copied from https://stackoverflow.com/questions/19922790/how-to-check-for-python-the-key-associated-with-the-certificate-or-not
Copied from https://stackoverflow.com/questions/19922790/how-to-check-for-python-the-key-associated-with-the-certificate-or-not # noqa pylint: disable=line-too-long
and reworked
'''
@ -255,7 +254,8 @@ def main():
logging.debug('Loaded root certificates from bundle')
for root_cert in root_certs:
try:
logging.debug('subject=%s\n\tissuer%s\n\texpired=%s\n\tmodulus=%s',
logging.debug('subject=%s\n\tissuer%s\n\t'
'expired=%s\n\tmodulus=%s',
root_cert.get_subject(),
root_cert.get_issuer(),
root_cert.has_expired(),
@ -321,33 +321,36 @@ def main():
' and private key match')
logging.debug("Print certificates in order")
# XXX Need to do b'CN' to have this python3 compatible
logging.info('Writing bundle for Subject: %s', [x[1]
for x in x509_objects_components
if x[0] == b'CN'][0])
# Need to do b'CN' to have this python3 compatible
logging.info('Writing bundle for Subject: %s',
[x[1].decode('utf-8')
for x in x509_objects_components
if x[0] == b'CN'][0])
for x509_object in [x for x in x509_objects
if x.get_subject() != x.get_issuer()]:
# Stringify subject like openssl x509 -subject
x509_subject = '/'.join(['{0}={1}'.format(component[0].decode(),
component[1].decode())
for component in
x509_object.get_subject().get_components()
])
x509_subject = \
'/'.join(['{0}={1}'.format(component[0].decode(),
component[1].decode())
for component in
x509_object.get_subject().get_components()])
# Stringify issuer like openssl x509 -issuer
x509_issuer = '/'.join(['{0}={1}'.format(component[0].decode(),
component[1].decode())
for component in
x509_object.get_issuer().get_components()
])
x509_issuer = \
'/'.join(['{0}={1}'.format(component[0].decode(),
component[1].decode())
for component in
x509_object.get_issuer().get_components()])
x509_notAfter = datetime.strptime(str(x509_object.get_notAfter()),
ASN1TIME_FMT)
x509_not_after = \
datetime.strptime(str(x509_object.get_notAfter()),
ASN1TIME_FMT)
x509_notBefore = datetime.strptime(str(x509_object.get_notBefore()),
ASN1TIME_FMT)
x509_not_before = \
datetime.strptime(str(x509_object.get_notBefore()),
ASN1TIME_FMT)
logging.info('Subject: %s', x509_subject)
logging.info('Issuer: %s', x509_issuer)
@ -355,8 +358,8 @@ def main():
print(CERTINFO_TEMPLATE.format(
subject=x509_subject,
issuer=x509_issuer,
notbefore=x509_notBefore.strftime(OPENSSLTIME_FMT),
notafter=x509_notAfter.strftime(OPENSSLTIME_FMT),
notbefore=x509_not_before.strftime(OPENSSLTIME_FMT),
notafter=x509_not_after.strftime(OPENSSLTIME_FMT),
sha1fingerprint=x509_object.digest('sha1').decode()))
print(crypto.dump_certificate(crypto.FILETYPE_PEM,
@ -371,7 +374,7 @@ def main():
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()).decode(
'ascii'),
end='')
end='')
elif pk_objects:
logging.info('Print private keys')
for pk_object in pk_objects: