2019-03-29 16:12:11 +01:00
|
|
|
#!/usr/bin/env python3
|
2020-07-15 16:28:34 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2019-03-29 16:12:11 +01:00
|
|
|
|
|
|
|
import csv
|
|
|
|
|
2020-07-15 16:28:34 +02:00
|
|
|
from OpenSSL.crypto import FILETYPE_PEM, load_certificate
|
2019-03-29 16:12:11 +01:00
|
|
|
|
2020-07-27 10:44:30 +02:00
|
|
|
from generator import download_to_file, get_version, write_to_file, get_abspath_source_file
|
2019-03-29 16:12:11 +01:00
|
|
|
|
2020-07-15 16:28:34 +02:00
|
|
|
|
2019-03-29 16:12:11 +01:00
|
|
|
def gethash(cert, digest):
|
|
|
|
return cert.digest(digest).decode('ASCII').replace(':', '').lower()
|
|
|
|
|
2020-07-15 16:28:34 +02:00
|
|
|
|
2019-03-29 16:12:11 +01:00
|
|
|
def process(file, dst, type):
|
|
|
|
hashes = set()
|
2020-07-27 10:44:30 +02:00
|
|
|
with open(get_abspath_source_file(file), 'r') as f_in:
|
2019-03-29 16:12:11 +01:00
|
|
|
for obj in csv.DictReader(f_in):
|
2020-07-15 16:28:34 +02:00
|
|
|
pem = obj['PEM Info'].strip("'").replace(
|
|
|
|
'\r', '').replace('\n\n', '\n')
|
2019-03-29 16:12:11 +01:00
|
|
|
try:
|
2020-07-15 16:28:34 +02:00
|
|
|
obj['Certificate Name']
|
2019-03-29 16:12:11 +01:00
|
|
|
except:
|
2020-07-15 16:28:34 +02:00
|
|
|
obj['Common Name or Certificate Name']
|
2019-03-29 16:12:11 +01:00
|
|
|
cert = load_certificate(FILETYPE_PEM, pem)
|
|
|
|
hashes.add(gethash(cert, 'md5'))
|
|
|
|
hashes.add(gethash(cert, 'sha1'))
|
|
|
|
hashes.add(obj['SHA-256 Fingerprint'].lower())
|
2020-07-15 16:28:34 +02:00
|
|
|
|
2020-07-21 00:31:06 +02:00
|
|
|
warninglist = {
|
|
|
|
'name': 'Fingerprint of {type}'.format(type=type),
|
|
|
|
'version': get_version(),
|
|
|
|
'description': "Fingerprint of {type} taken from Mozilla's lists at https://wiki.mozilla.org/CA".format(
|
|
|
|
type=type),
|
|
|
|
'list': hashes,
|
|
|
|
'type': 'string',
|
|
|
|
'matching_attributes': ["md5", "sha1", "sha256", "filename|md5", "filename|sha1",
|
|
|
|
"filename|sha256", "x509-fingerprint-md5", "x509-fingerprint-sha1", "x509-fingerprint-sha256"]
|
|
|
|
}
|
|
|
|
|
|
|
|
write_to_file(warninglist, dst)
|
2019-03-29 16:12:11 +01:00
|
|
|
|
2020-07-15 16:28:34 +02:00
|
|
|
|
2019-03-29 16:12:11 +01:00
|
|
|
if __name__ == '__main__':
|
2020-07-15 16:28:34 +02:00
|
|
|
Included_CA_url = 'https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV'
|
|
|
|
Included_CA_file = 'IncludedCACertificateReportPEMCSV.csv'
|
|
|
|
Included_CA_dst = 'mozilla-CA'
|
|
|
|
CA_known_intermediate_url = 'https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsWithPEMCSV'
|
|
|
|
CA_known_intermediate_file = 'PublicAllIntermediateCertsWithPEMCSV.csv'
|
|
|
|
CA_known_intermediate_dst = 'mozilla-IntermediateCA'
|
|
|
|
|
2020-07-17 10:06:06 +02:00
|
|
|
download_to_file(Included_CA_url, Included_CA_file)
|
2019-03-29 16:12:11 +01:00
|
|
|
process(Included_CA_file, Included_CA_dst, 'trusted CA certificates')
|
2020-07-17 10:06:06 +02:00
|
|
|
download_to_file(CA_known_intermediate_url, CA_known_intermediate_file)
|
2020-07-15 16:28:34 +02:00
|
|
|
process(CA_known_intermediate_file, CA_known_intermediate_dst,
|
2021-06-10 17:56:08 +02:00
|
|
|
'known intermediate of trusted certificates')
|