4
# certdata2pem.py - splits certdata.txt into multiple files
6
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
8
# This program is free software; you can redistribute it and/or modify
9
# it under the terms of the GNU General Public License as published by
10
# the Free Software Foundation; either version 2 of the License, or
11
# (at your option) any later version.
13
# This program is distributed in the hope that it will be useful,
14
# but WITHOUT ANY WARRANTY; without even the implied warranty of
15
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
# GNU General Public License for more details.
18
# You should have received a copy of the GNU General Public License
19
# along with this program; if not, write to the Free Software
20
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
32
in_data, in_multiline, in_obj = False, False, False
33
field, type, value, obj = None, None, None, dict()
34
for line in open('certdata.txt', 'r'):
35
# Ignore the file header.
37
if line.startswith('BEGINDATA'):
40
# Ignore comment lines.
41
if line.startswith('#'):
43
# Empty lines are significant if we are inside an object.
44
if in_obj and len(line.strip()) == 0:
49
if len(line.strip()) == 0:
52
if not line.startswith('END'):
53
if type == 'MULTILINE_OCTAL':
55
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
56
value += chr(int(i.group(1), 8))
63
if line.startswith('CKA_CLASS'):
65
line_parts = line.strip().split(' ', 2)
66
if len(line_parts) > 2:
67
field, type = line_parts[0:2]
68
value = ' '.join(line_parts[2:])
69
elif len(line_parts) == 2:
70
field, type = line_parts
73
raise NotImplementedError, 'line_parts < 2 not supported.'
74
if type == 'MULTILINE_OCTAL':
79
if len(obj.items()) > 0:
84
if os.path.exists('blacklist.txt'):
85
for line in open('blacklist.txt', 'r'):
87
if line.startswith('#') or len(line) == 0:
89
item = line.split('#', 1)[0].strip()
90
blacklist.append(item)
92
# Build up trust database.
95
if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
97
if obj['CKA_LABEL'] in blacklist:
98
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
99
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
100
trust[obj['CKA_LABEL']] = True
101
elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
102
trust[obj['CKA_LABEL']] = True
103
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
105
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
108
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
109
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
110
obj['CKA_TRUST_EMAIL_PROTECTION'])
113
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
114
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
116
fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
120
.replace(',', '_') + '.crt'
122
f.write("-----BEGIN CERTIFICATE-----\n")
123
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
124
f.write("\n-----END CERTIFICATE-----\n")