From e22223ba6618c80f598732fedaa0f2cad9e16547 Mon Sep 17 00:00:00 2001 From: Ruben van Staveren Date: Mon, 17 Aug 2020 12:19:21 +0200 Subject: [PATCH] Please pylint/pep8 etc --- sort_certificate.py | 78 ++++++++++++++++++++++++++++++--------------- 1 file changed, 53 insertions(+), 25 deletions(-) diff --git a/sort_certificate.py b/sort_certificate.py index 8d6f851..d58769f 100755 --- a/sort_certificate.py +++ b/sort_certificate.py @@ -11,7 +11,6 @@ import fileinput from argparse import ArgumentParser from datetime import datetime from OpenSSL import crypto -from Crypto.Util import asn1 from cryptography.hazmat.primitives import serialization import certifi.core @@ -30,15 +29,18 @@ SHA1 Fingerprint={sha1fingerprint} ASN1TIME_FMT = str('%Y%m%d%H%M%SZ'.encode('utf8')) OPENSSLTIME_FMT = '%b %e %T %Y GMT' + class OnlyRSAKeyException(Exception): ''' When we encounter other than RSA crypto material ''' pass + class CertificateComponentException(Exception): ''' - When something is not right with the whole cert+intermediates+private key bundle + When something is not right with the whole cert+intermediates+private key + bundle ''' pass @@ -72,9 +74,12 @@ def get_cert_pubkey(cert): ''' cert_crypto = cert.to_cryptography() - pub = cert_crypto.public_key().public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) + pubkey = cert_crypto.public_key() + pub_bytes = pubkey.public_bytes( + serialization.Encoding.PEM, + serialization.PublicFormat.SubjectPublicKeyInfo) - return pub + return pub_bytes def get_priv_pubkey(priv): @@ -84,9 +89,12 @@ def get_priv_pubkey(priv): priv_crypto = priv.to_cryptography_key() - pub = priv_crypto.public_key().public_bytes(serialization.Encoding.PEM, serialization.PublicFormat.SubjectPublicKeyInfo) + pubkey = priv_crypto.public_key() + pub_bytes = pubkey.public_bytes( + serialization.Encoding.PEM, + serialization.PublicFormat.SubjectPublicKeyInfo) - return pub + return pub_bytes def match_cert_privkey(cert, priv): @@ -106,6 +114,7 @@ def find_root(x509_objects, root_issuers): logging.debug('Retrieved root certificate %s', root_cert.get_subject()) return root_cert + def find_intermediate_root(x509_objects, root_issuers): ''' Find a suitable anchor by finding the intermediate that was signed by root @@ -178,11 +187,13 @@ def order_x509(x509_objects, root_issuers): bundle.insert(0, x509_objects.pop(x509_objects.index(sibling[0]))) else: # Lets complain - raise CertificateComponentException('Non matching certificates in input:' + raise CertificateComponentException('Non matching certificates in ' + 'input:' ' No sibling found for %s' % bundle[0].get_subject()) return bundle + def load_root_issuers(): ''' Return the list of CA roots (RSA only) @@ -241,29 +252,43 @@ def handle_args(): outputgrp = parser.add_mutually_exclusive_group() - outputgrp.add_argument('--just-certificate', dest='print_cert', - action='store_true', help='Just print certificate') - outputgrp.add_argument('--no-certificate', dest='print_cert', + outputgrp.add_argument('--just-certificate', + dest='print_cert', + action='store_true', + help='Just print certificate') + outputgrp.add_argument('--no-certificate', + dest='print_cert', action='store_false', help='Omit certificate from output') outputgrp.set_defaults(print_cert=True) - outputgrp.add_argument('--just-chain', dest='print_chain', - action='store_true', help='Just print chain') - outputgrp.add_argument('--no-chain', dest='print_chain', - action='store_false', help='Omit chain from output') - outputgrp.add_argument('--include-root', dest='include_root', - action='store_true', help='Also include the root certificate') + outputgrp.add_argument('--just-chain', + dest='print_chain', + action='store_true', + help='Just print chain') + outputgrp.add_argument('--no-chain', + dest='print_chain', + action='store_false', + help='Omit chain from output') + outputgrp.add_argument('--include-root', + dest='include_root', + action='store_true', + help='Also include the root certificate') outputgrp.set_defaults(print_chain=True) - outputgrp.add_argument('--key', dest='print_key', + outputgrp.add_argument('--key', + dest='print_key', action='store_true', default=True, help='Just print key') - outputgrp.add_argument('--no-key', dest='print_key', - action='store_false', help='Omit key from output') + outputgrp.add_argument('--no-key', + dest='print_key', + action='store_false', + help='Omit key from output') outputgrp.set_defaults(print_key=True) - parser.add_argument('x509files', metavar='x509 file', nargs='*', + parser.add_argument('x509files', + metavar='x509 file', + nargs='*', help='x509 fullchain (+ rsa privkey)' ' bundles to be checked') @@ -275,7 +300,6 @@ def main(): main program start and argument parsing ''' - root_issuers = None args = handle_args() @@ -326,22 +350,26 @@ def main(): get_components() if len(rsa_objects) > 1: - raise CertificateComponentException('More than one RSA private key found in input.' + raise CertificateComponentException('More than one RSA private key' + ' found in input.' ' Aborting') elif rsa_objects: if not match_cert_privkey(x509_objects[0], rsa_objects[0]): raise CertificateComponentException('Provided certificate' - ' and RSA private key do not match') + ' and RSA private key' + ' do not match') else: logging.info('OK: Public key of provided certificate' ' and RSA private key match') elif len(pk_objects) > 1: - raise CertificateComponentException('More than one RSA private key found in input.' + raise CertificateComponentException('More than one RSA private key' + ' found in input.' ' Aborting') elif pk_objects: if not match_cert_privkey(x509_objects[0], pk_objects[0]): raise CertificateComponentException('Provided certificate' - ' and private key do not match') + ' and private key' + ' do not match') else: logging.info('OK: Public key of provided certificate' ' and private key match')