ruben/sort_certificate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Better granularity with exception handling

Browse Source
This commit is contained in:
Ruben van Staveren 2020-03-20 14:26:38 +01:00
parent d415f4786e
commit ea449a1436
Failed to extract signature
1 changed files with 31 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
sort_certificate.py
View File

@ -30,6 +30,18 @@ SHA1 Fingerprint={sha1fingerprint}
ASN1TIME_FMT = str('%Y%m%d%H%M%SZ'.encode('utf8'))
OPENSSLTIME_FMT = '%b %e %T %Y GMT'
class OnlyRSAKeyException(Exception):
'''
When we encounter other than RSA crypto material
'''
pass
class CertificateComponentException(Exception):
'''
When something is not right with the whole cert+intermediates+private key bundle
'''
pass
def load_data(filenames):
'''
@ -68,7 +80,7 @@ def get_pub_modulus(cert):
cert.get_subject(),
cert.has_expired(),
pub.type())
raise Exception('Can only handle RSA crypto')
raise OnlyRSAKeyException('Can only handle RSA crypto')
pub_asn1 = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pub)
pub_der = asn1.DerSequence()
@ -85,7 +97,7 @@ def get_priv_modulus(priv):
# Only works for RSA (I think)
if priv.type() != crypto.TYPE_RSA:
raise Exception('Can only handle RSA crypto')
raise OnlyRSAKeyException('Can only handle RSA crypto')
priv_asn1 = crypto.dump_privatekey(crypto.FILETYPE_ASN1, priv)
priv_der = asn1.DerSequence()
@ -143,7 +155,7 @@ def order_x509(x509_objects, root_issuers):
if next((x for x in x509_objects
if x.get_subject() != x.get_issuer()
and x.get_subject() == root_crt.get_subject()), None):
raise Exception('Both present as intermediate '
raise CertificateComponentException('Both present as intermediate '
'and root certificate: %s' %
str(root_crt.get_subject()))
else:
@ -160,7 +172,7 @@ def order_x509(x509_objects, root_issuers):
root_crt[0].get_subject(), root_crt[0].get_issuer())
root_crt = x509_objects.pop(x509_objects.index(root_crt[0]))
else:
raise Exception('No intermediate found')
raise CertificateComponentException('No intermediate found')
# Insert our anchor.
bundle.insert(0, root_crt)
@ -176,7 +188,7 @@ def order_x509(x509_objects, root_issuers):
bundle.insert(0, x509_objects.pop(x509_objects.index(sibling[0])))
else:
# Lets complain
raise Exception('Non matching certificates in input:'
raise CertificateComponentException('Non matching certificates in input:'
' No sibling found for %s'
% bundle[0].get_subject())
return bundle
@ -260,7 +272,8 @@ def main():
root_cert.get_issuer(),
root_cert.has_expired(),
get_pub_modulus(root_cert))
except Exception:
except OnlyRSAKeyException as onlyrsa_exception:
logging.debug(onlyrsa_exception)
continue
root_issuers = [str(root_cert.get_subject())
for root_cert in root_certs]
@ -300,21 +313,21 @@ def main():
get_components()
if len(rsa_objects) > 1:
raise Exception('More than one RSA private key found in input.'
raise CertificateComponentException('More than one RSA private key found in input.'
' Aborting')
elif rsa_objects:
if not match_cert_privkey(x509_objects[0], rsa_objects[0]):
raise Exception('Provided certificate'
raise CertificateComponentException('Provided certificate'
' and RSA private key do not match')
else:
logging.info('OK: Modulus of provided certificate'
' and RSA private key match')
elif len(pk_objects) > 1:
raise Exception('More than one RSA private key found in input.'
raise CertificateComponentException('More than one RSA private key found in input.'
' Aborting')
elif pk_objects:
if not match_cert_privkey(x509_objects[0], pk_objects[0]):
raise Exception('Provided certificate'
raise CertificateComponentException('Provided certificate'
' and private key do not match')
else:
logging.info('OK: Modulus of provided certificate'