/Tools/ssl/get-remote-certificate.py

http://unladen-swallow.googlecode.com/ · Python · 79 lines · 65 code · 7 blank · 7 comment · 15 complexity · f9c2fad7daf4d93669ef7f56f4fc6737 MD5 · raw file 

    

  1. #!/usr/bin/env python
    2. 

  2. #
    3. 

  3. # fetch the certificate that the server(s) are providing in PEM form
    4. 

  4. #
    5. 

  5. # args are HOST:PORT [, HOST:PORT...]
    6. 

  6. #
    7. 

  7. # By Bill Janssen.
    8. 

  8. 

  9. import sys
    10. 

  10. 

  11. def fetch_server_certificate (host, port):
    12. 

  12. 

  13.     import re, tempfile, os, ssl
    14. 

  14. 

  15.     def subproc(cmd):
    16. 

  16.         from subprocess import Popen, PIPE, STDOUT
    17. 

  17.         proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
    18. 

  18.         status = proc.wait()
    19. 

  19.         output = proc.stdout.read()
    20. 

  20.         return status, output
    21. 

  21. 

  22.     def strip_to_x509_cert(certfile_contents, outfile=None):
    23. 

  23.         m = re.search(r"^([-]+BEGIN CERTIFICATE[-]+[\r]*\n"
    24. 

  24.                       r".*[\r]*^[-]+END CERTIFICATE[-]+)$",
    25. 

  25.                       certfile_contents, re.MULTILINE | re.DOTALL)
    26. 

  26.         if not m:
    27. 

  27.             return None
    28. 

  28.         else:
    29. 

  29.             tn = tempfile.mktemp()
    30. 

  30.             fp = open(tn, "w")
    31. 

  31.             fp.write(m.group(1) + "\n")
    32. 

  32.             fp.close()
    33. 

  33.             try:
    34. 

  34.                 tn2 = (outfile or tempfile.mktemp())
    35. 

  35.                 status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %
    36. 

  36.                                          (tn, tn2))
    37. 

  37.                 if status != 0:
    38. 

  38.                     raise OperationError(status, tsig, output)
    39. 

  39.                 fp = open(tn2, 'rb')
    40. 

  40.                 data = fp.read()
    41. 

  41.                 fp.close()
    42. 

  42.                 os.unlink(tn2)
    43. 

  43.                 return data
    44. 

  44.             finally:
    45. 

  45.                 os.unlink(tn)
    46. 

  46. 

  47.     if sys.platform.startswith("win"):
    48. 

  48.         tfile = tempfile.mktemp()
    49. 

  49.         fp = open(tfile, "w")
    50. 

  50.         fp.write("quit\n")
    51. 

  51.         fp.close()
    52. 

  52.         try:
    53. 

  53.             status, output = subproc(
    54. 

  54.                 'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
    55. 

  55.                 (host, port, tfile))
    56. 

  56.         finally:
    57. 

  57.             os.unlink(tfile)
    58. 

  58.     else:
    59. 

  59.         status, output = subproc(
    60. 

  60.             'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
    61. 

  61.             (host, port))
    62. 

  62.     if status != 0:
    63. 

  63.         raise OSError(status)
    64. 

  64.     certtext = strip_to_x509_cert(output)
    65. 

  65.     if not certtext:
    66. 

  66.         raise ValueError("Invalid response received from server at %s:%s" %
    67. 

  67.                          (host, port))
    68. 

  68.     return certtext
    69. 

  69. 

  70. if __name__ == "__main__":
    71. 

  71.     if len(sys.argv) < 2:
    72. 

  72.         sys.stderr.write(
    73. 

  73.             "Usage:  %s HOSTNAME:PORTNUMBER [, HOSTNAME:PORTNUMBER...]\n" %
    74. 

  74.             sys.argv[0])
    75. 

  75.         sys.exit(1)
    76. 

  76.     for arg in sys.argv[1:]:
    77. 

  77.         host, port = arg.split(":")
    78. 

  78.         sys.stdout.write(fetch_server_certificate(host, int(port)))
    79. 

  79.     sys.exit(0)
    80.