]>
git.siccegge.de Git - tools.git/blob - make-tlsa
3 from pyasn1_modules
import pem
, rfc2459
4 from pyasn1
.codec
.der
import decoder
5 from pyasn1
.type import univ
12 for root
, _
, files
in os
.walk(sys
.argv
[1]):
13 for filename
in files
:
14 if filename
== 'cert.pem':
15 certname
= os
.path
.join(root
, filename
)
16 altnames
= parse_cert(certname
)
17 for altname
in altnames
:
18 nameparts
= altname
.split('.')
19 zone
= '.'.join(nameparts
[-2:])
20 domain
= '.'.join(nameparts
[:-2])
24 ldns
= subprocess
.Popen(["ldns-dane", "create", "-c", certname
,
25 altname
, "443", "3", "1", "1"],
26 stdout
=subprocess
.PIPE
)
27 data
= ldns
.stdout
.read().decode().strip().split('\t')
28 record
= "{0:<35s}\t{1}".format(data
[0], '\t'.join(data
[2:]))
29 if not zone
in records
:
31 records
[zone
].append(record
)
33 for zone
, data
in records
.items():
34 with
open(os
.path
.join("output", zone
), "w") as zonefile
:
35 zonefile
.write('\n'.join(data
))
38 def parse_cert(fname
):
40 with
open(fname
) as fhd
:
41 bits
= pem
.readPemFromFile(fhd
)
42 cert
= decoder
.decode(bits
, asn1Spec
=rfc2459
.Certificate())[0]
43 extensions
= cert
['tbsCertificate']['extensions']
44 for extension
in extensions
:
45 if extension
['extnID'] != univ
.ObjectIdentifier('2.5.29.17'):
48 data
= extension
['extnValue'].asOctets()
49 altnames
= decoder
.decode(data
)[0]
50 altnames
= decoder
.decode(altnames
, asn1Spec
=rfc2459
.SubjectAltName())[0]
51 for altname
in altnames
:
52 result
= altname
['dNSName']
53 if result
is not None:
54 names
.append(str(result
))
59 if __name__
== '__main__':