3
########################################################################
5
# (c) by Michael Stroeder, michael@stroeder.com
6
########################################################################
10
########################################################################
11
# This simple script prints all CA certs on stdout.
12
# This is intended to generate a authentic printout of the fingerprints
13
# on the private CA system.
14
# Choose the option --html to generate nicer formatted HTML-output
15
# instead of the default textual output in ISO-8859-1.
16
########################################################################
19
import sys, string, os, getopt
21
def findoption(options,paramname):
27
def PrintUsage(ErrorMsg='',ErrorCode=1):
28
script_name = string.split(sys.argv[0],os.sep)[-1]
29
sys.stderr.write("""*** %s *** (C) by Michael Stroeder, 1999
36
Print out this message
39
Pathname of OpenSSL configuration file.
40
You may also use env variable OPENSSL_CONF.
41
Default: /etc/openssl/openssl.cnf
44
Specify directory containing the pyCA modules
45
Default: /usr/local/pyca/pylib
48
Generate nicer formatted HTML output
50
""" % (script_name,script_name))
52
sys.stderr.write('Error: %s\n' % ErrorMsg)
55
script_name=sys.argv[0]
58
options,args=getopt.getopt(sys.argv[1:],'h',['help','config=','pycalib=','html'])
59
except getopt.error,e:
62
if findoption(options,'-h')!=() or findoption(options,'--help')!=():
65
if findoption(options,'--config')!=():
66
opensslcnfname = findoption(options,'--config')[1]
68
opensslcnfname = os.environ.get('OPENSSL_CONF','/etc/openssl/openssl.cnf')
70
if not os.path.isfile(opensslcnfname):
71
PrintUsage('Config file %s not found.' % (opensslcnfname))
73
if findoption(options,'--pycalib')!=():
74
pycalib = findoption(options,'--pycalib')[1]
76
pycalib = os.environ.get('PYCALIB','/usr/local/pyca/pylib')
78
if not os.path.exists(pycalib) or not os.path.isdir(pycalib):
79
PrintUsage('Module directory %s not exists or not a directory.' % (pycalib))
81
sys.path.append(pycalib)
84
import openssl, charset, htmlbase
86
PrintUsage('Required pyCA modules not found in directory %s!' % (pycalib))
88
# Read the configuration file
89
if os.path.isfile('%s.pickle' % (opensslcnfname)):
90
# Try to read OpenSSL's config file from a pickled copy
91
f=open('%s.pickle' % (opensslcnfname),'rb')
93
# first try to use the faster cPickle module
94
from cPickle import load
96
from pickle import load
100
# Parse OpenSSL's config file from source
101
opensslcnf=openssl.cnf.OpenSSLConfigClass(opensslcnfname)
103
pyca_section = opensslcnf.data.get('pyca',{})
105
openssl.bin_filename = pyca_section.get('OpenSSLExec','/usr/local/ssl/bin/openssl')
106
if not os.path.isfile(openssl.bin_filename):
107
PrintUsage('Did not find OpenSSL executable %s.' % (openssl.bin_filename))
109
ca_names = opensslcnf.sectionkeys.get('ca',[])
111
htmlmode = findoption(options,'--html')!=()
117
sys.stdout.write('<HTML>\n<HEAD>\n<TITLE>CA certs</TITLE>\n</HEAD>\n<BODY>\n<CENTER>\n')
119
for ca_name in ca_names:
121
ca = opensslcnf.getcadata(ca_name)
123
if os.path.isfile(ca.certificate):
125
# Parse certificate textual output
126
cacert = openssl.cert.X509CertificateClass(ca.certificate)
127
sys.stdout.write('<H2>%s</H2>%s<P>' % (ca_name,cacert.htmlprint()))
129
sys.stdout.write('</CENTER>\n</BODY>\n</HTML>\n')
136
for ca_name in ca_names:
138
ca = opensslcnf.getcadata(ca_name)
140
if os.path.isfile(ca.certificate):
142
# Parse certificate textual output
143
cacert = openssl.cert.X509CertificateClass(ca.certificate)
145
# Convert character sets
146
subject,issuer = {},{}
147
for attr in ['CN','Email','OU','O','L','ST','C']:
148
subject[attr] = string.strip(charset.asn12iso(cacert.subject.get(attr,'')))
149
issuer[attr] = string.strip(charset.asn12iso(cacert.issuer.get(attr,'')))
151
sys.stdout.write('Subject:\nCommon Name: "%(CN)s"\nOrganizational Unit: "%(OU)s"\nOrganization: "%(O)s"\nLocation: "%(L)s"\nState/Province: "%(ST)s"\nCountry: "%(C)s"\n\n' % (subject))
152
sys.stdout.write('Issuer:\nCommon Name: "%(CN)s"\nOrganizational Unit: "%(OU)s"\nOrganization: "%(O)s"\nLocation: "%(L)s"\nState/Province: "%(ST)s"\nCountry: "%(C)s"\n\n' % (issuer))
153
sys.stdout.write('Serial: %s\n' % (cacert.serial))
154
sys.stdout.write('Validity: from %s until %s\n' % (cacert.notBefore,cacert.notAfter))
155
sys.stdout.write('Hash: %s\n' % (cacert.hash))
156
sys.stdout.write('SHA-1 Fingerprint: %s\n' % (cacert.getfingerprint('sha1')))
157
sys.stdout.write('MD5 Fingerprint: %s\n' % (cacert.getfingerprint('md5')))
158
sys.stdout.write('\n%s\n\n' % (72*'-'))