Refactored mozilla certificate generator: solve relative path issue, remove unused code, refactor structure of code

pull/154/head
Kevin Holvoet 2020-07-15 16:28:34 +02:00
parent c924d72db5
commit 1f15bba220
1 changed files with 36 additions and 16 deletions

View File

@ -1,19 +1,15 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*-
import csv import csv
import datetime import datetime
import io
import json import json
from inspect import currentframe, getframeinfo
from os import path
import requests import requests
from OpenSSL.crypto import FILETYPE_PEM, load_certificate
from OpenSSL.crypto import load_certificate, FILETYPE_PEM
Included_CA_url = 'https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV'
Included_CA_file = 'IncludedCACertificateReportPEMCSV.csv'
Included_CA_dst = 'mozilla-CA'
CA_known_intermediate_url = 'https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsWithPEMCSV'
CA_known_intermediate_file = 'PublicAllIntermediateCertsWithPEMCSV.csv'
CA_known_intermediate_dst = 'mozilla-IntermediateCA'
def download(url, file): def download(url, file):
r = requests.get(url) r = requests.get(url)
@ -21,35 +17,59 @@ def download(url, file):
for chunk in r.iter_content(4096): for chunk in r.iter_content(4096):
fd.write(chunk) fd.write(chunk)
def gethash(cert, digest): def gethash(cert, digest):
return cert.digest(digest).decode('ASCII').replace(':', '').lower() return cert.digest(digest).decode('ASCII').replace(':', '').lower()
def get_abspath_list_file(dst):
rel_path = getframeinfo(currentframe()).filename
current_folder = path.dirname(path.abspath(rel_path))
real_path = path.join(
current_folder, '../lists/{dst}/list.json'.format(dst=dst))
return path.abspath(path.realpath(real_path))
def process(file, dst, type): def process(file, dst, type):
hashes = set() hashes = set()
with open(file, 'r') as f_in: with open(file, 'r') as f_in:
for obj in csv.DictReader(f_in): for obj in csv.DictReader(f_in):
pem = obj['PEM Info'].strip("'").replace('\r','').replace('\n\n','\n') pem = obj['PEM Info'].strip("'").replace(
'\r', '').replace('\n\n', '\n')
try: try:
name = obj['Certificate Name'] obj['Certificate Name']
except: except:
name = obj['Common Name or Certificate Name'] obj['Common Name or Certificate Name']
cert = load_certificate(FILETYPE_PEM, pem) cert = load_certificate(FILETYPE_PEM, pem)
hashes.add(gethash(cert, 'md5')) hashes.add(gethash(cert, 'md5'))
hashes.add(gethash(cert, 'sha1')) hashes.add(gethash(cert, 'sha1'))
hashes.add(obj['SHA-256 Fingerprint'].lower()) hashes.add(obj['SHA-256 Fingerprint'].lower())
warninglist = {} warninglist = {}
warninglist['name'] = 'Fingerprint of {type}'.format(type=type) warninglist['name'] = 'Fingerprint of {type}'.format(type=type)
warninglist['version'] = int(datetime.date.today().strftime('%Y%m%d')) warninglist['version'] = int(datetime.date.today().strftime('%Y%m%d'))
warninglist['description'] = "Fingerprint of {type} taken from Mozilla's lists at https://wiki.mozilla.org/CA".format(type=type) warninglist['description'] = "Fingerprint of {type} taken from Mozilla's lists at https://wiki.mozilla.org/CA".format(
type=type)
warninglist['list'] = sorted(hashes) warninglist['list'] = sorted(hashes)
warninglist['type'] = 'string' warninglist['type'] = 'string'
warninglist['matching_attributes'] = ["md5", "sha1", "sha256", "filename|md5", "filename|sha1", "filename|sha256", "x509-fingerprint-md5", "x509-fingerprint-sha1", "x509-fingerprint-sha256"] warninglist['matching_attributes'] = ["md5", "sha1", "sha256", "filename|md5", "filename|sha1",
with open('../lists/{dst}/list.json'.format(dst=dst), 'w') as data_file: "filename|sha256", "x509-fingerprint-md5", "x509-fingerprint-sha1", "x509-fingerprint-sha256"]
with open(get_abspath_list_file(dst), 'w') as data_file:
json.dump(warninglist, data_file, indent=2, sort_keys=True) json.dump(warninglist, data_file, indent=2, sort_keys=True)
data_file.write("\n") data_file.write("\n")
if __name__ == '__main__': if __name__ == '__main__':
Included_CA_url = 'https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV'
Included_CA_file = 'IncludedCACertificateReportPEMCSV.csv'
Included_CA_dst = 'mozilla-CA'
CA_known_intermediate_url = 'https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsWithPEMCSV'
CA_known_intermediate_file = 'PublicAllIntermediateCertsWithPEMCSV.csv'
CA_known_intermediate_dst = 'mozilla-IntermediateCA'
download(Included_CA_url, Included_CA_file) download(Included_CA_url, Included_CA_file)
process(Included_CA_file, Included_CA_dst, 'trusted CA certificates') process(Included_CA_file, Included_CA_dst, 'trusted CA certificates')
download(CA_known_intermediate_url, CA_known_intermediate_file) download(CA_known_intermediate_url, CA_known_intermediate_file)
process(CA_known_intermediate_file, CA_known_intermediate_dst, 'known intermedicate of trusted certificates') process(CA_known_intermediate_file, CA_known_intermediate_dst,
'known intermedicate of trusted certificates')