Refactored mozilla certificate generator: solve relative path issue, remove unused code, refactor structure of code
Kevin Holvoet
parent
c924d72db5
commit
1f15bba220
|
|
@ -1,19 +1,15 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
import csv
|
import csv
|
||||||
import datetime
|
import datetime
|
||||||
import io
|
|
||||||
import json
|
import json
|
||||||
|
from inspect import currentframe, getframeinfo
|
||||||
|
from os import path
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
from OpenSSL.crypto import FILETYPE_PEM, load_certificate
|
||||||
|
|
||||||
from OpenSSL.crypto import load_certificate, FILETYPE_PEM
|
|
||||||
|
|
||||||
Included_CA_url = 'https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV'
|
|
||||||
Included_CA_file = 'IncludedCACertificateReportPEMCSV.csv'
|
|
||||||
Included_CA_dst = 'mozilla-CA'
|
|
||||||
CA_known_intermediate_url = 'https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsWithPEMCSV'
|
|
||||||
CA_known_intermediate_file = 'PublicAllIntermediateCertsWithPEMCSV.csv'
|
|
||||||
CA_known_intermediate_dst = 'mozilla-IntermediateCA'
|
|
||||||
|
|
||||||
def download(url, file):
|
def download(url, file):
|
||||||
r = requests.get(url)
|
r = requests.get(url)
|
||||||
|
|
@ -21,35 +17,59 @@ def download(url, file):
|
||||||
for chunk in r.iter_content(4096):
|
for chunk in r.iter_content(4096):
|
||||||
fd.write(chunk)
|
fd.write(chunk)
|
||||||
|
|
||||||
|
|
||||||
def gethash(cert, digest):
|
def gethash(cert, digest):
|
||||||
return cert.digest(digest).decode('ASCII').replace(':', '').lower()
|
return cert.digest(digest).decode('ASCII').replace(':', '').lower()
|
||||||
|
|
||||||
|
|
||||||
|
def get_abspath_list_file(dst):
|
||||||
|
rel_path = getframeinfo(currentframe()).filename
|
||||||
|
current_folder = path.dirname(path.abspath(rel_path))
|
||||||
|
real_path = path.join(
|
||||||
|
current_folder, '../lists/{dst}/list.json'.format(dst=dst))
|
||||||
|
return path.abspath(path.realpath(real_path))
|
||||||
|
|
||||||
|
|
||||||
def process(file, dst, type):
|
def process(file, dst, type):
|
||||||
hashes = set()
|
hashes = set()
|
||||||
with open(file, 'r') as f_in:
|
with open(file, 'r') as f_in:
|
||||||
for obj in csv.DictReader(f_in):
|
for obj in csv.DictReader(f_in):
|
||||||
pem = obj['PEM Info'].strip("'").replace('\r','').replace('\n\n','\n')
|
pem = obj['PEM Info'].strip("'").replace(
|
||||||
|
'\r', '').replace('\n\n', '\n')
|
||||||
try:
|
try:
|
||||||
name = obj['Certificate Name']
|
obj['Certificate Name']
|
||||||
except:
|
except:
|
||||||
name = obj['Common Name or Certificate Name']
|
obj['Common Name or Certificate Name']
|
||||||
cert = load_certificate(FILETYPE_PEM, pem)
|
cert = load_certificate(FILETYPE_PEM, pem)
|
||||||
hashes.add(gethash(cert, 'md5'))
|
hashes.add(gethash(cert, 'md5'))
|
||||||
hashes.add(gethash(cert, 'sha1'))
|
hashes.add(gethash(cert, 'sha1'))
|
||||||
hashes.add(obj['SHA-256 Fingerprint'].lower())
|
hashes.add(obj['SHA-256 Fingerprint'].lower())
|
||||||
|
|
||||||
warninglist = {}
|
warninglist = {}
|
||||||
warninglist['name'] = 'Fingerprint of {type}'.format(type=type)
|
warninglist['name'] = 'Fingerprint of {type}'.format(type=type)
|
||||||
warninglist['version'] = int(datetime.date.today().strftime('%Y%m%d'))
|
warninglist['version'] = int(datetime.date.today().strftime('%Y%m%d'))
|
||||||
warninglist['description'] = "Fingerprint of {type} taken from Mozilla's lists at https://wiki.mozilla.org/CA".format(type=type)
|
warninglist['description'] = "Fingerprint of {type} taken from Mozilla's lists at https://wiki.mozilla.org/CA".format(
|
||||||
|
type=type)
|
||||||
warninglist['list'] = sorted(hashes)
|
warninglist['list'] = sorted(hashes)
|
||||||
warninglist['type'] = 'string'
|
warninglist['type'] = 'string'
|
||||||
warninglist['matching_attributes'] = ["md5", "sha1", "sha256", "filename|md5", "filename|sha1", "filename|sha256", "x509-fingerprint-md5", "x509-fingerprint-sha1", "x509-fingerprint-sha256"]
|
warninglist['matching_attributes'] = ["md5", "sha1", "sha256", "filename|md5", "filename|sha1",
|
||||||
with open('../lists/{dst}/list.json'.format(dst=dst), 'w') as data_file:
|
"filename|sha256", "x509-fingerprint-md5", "x509-fingerprint-sha1", "x509-fingerprint-sha256"]
|
||||||
|
|
||||||
|
with open(get_abspath_list_file(dst), 'w') as data_file:
|
||||||
json.dump(warninglist, data_file, indent=2, sort_keys=True)
|
json.dump(warninglist, data_file, indent=2, sort_keys=True)
|
||||||
data_file.write("\n")
|
data_file.write("\n")
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
Included_CA_url = 'https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV'
|
||||||
|
Included_CA_file = 'IncludedCACertificateReportPEMCSV.csv'
|
||||||
|
Included_CA_dst = 'mozilla-CA'
|
||||||
|
CA_known_intermediate_url = 'https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsWithPEMCSV'
|
||||||
|
CA_known_intermediate_file = 'PublicAllIntermediateCertsWithPEMCSV.csv'
|
||||||
|
CA_known_intermediate_dst = 'mozilla-IntermediateCA'
|
||||||
|
|
||||||
download(Included_CA_url, Included_CA_file)
|
download(Included_CA_url, Included_CA_file)
|
||||||
process(Included_CA_file, Included_CA_dst, 'trusted CA certificates')
|
process(Included_CA_file, Included_CA_dst, 'trusted CA certificates')
|
||||||
download(CA_known_intermediate_url, CA_known_intermediate_file)
|
download(CA_known_intermediate_url, CA_known_intermediate_file)
|
||||||
process(CA_known_intermediate_file, CA_known_intermediate_dst, 'known intermedicate of trusted certificates')
|
process(CA_known_intermediate_file, CA_known_intermediate_dst,
|
||||||
|
'known intermedicate of trusted certificates')
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue