]>
git.siccegge.de Git - tools.git/blob - make-tlsa
3 from pyasn1_modules
import pem
, rfc2459
4 from pyasn1_modules
import pem
, rfc2459
5 from pyasn1
.codec
.der
import decoder
6 from pyasn1
.type import univ
12 for root
, _
, files
in os
.walk(sys
.argv
[1]):
13 for filename
in files
:
14 if filename
== 'cert.pem':
15 certname
= os
.path
.join(root
, filename
)
17 altnames
= parse_cert(certname
)
18 for altname
in altnames
:
19 subprocess
.Popen(["ldns-dane", "create", "-c", certname
,
20 altname
, "443", "3", "1", "1"])
24 def parse_cert(fname
):
26 with
open(fname
) as fhd
:
27 bits
= pem
.readPemFromFile(fhd
)
28 cert
= decoder
.decode(bits
, asn1Spec
=rfc2459
.Certificate())[0]
29 extensions
= cert
['tbsCertificate']['extensions']
30 for extension
in extensions
:
31 if extension
['extnID'] != univ
.ObjectIdentifier('2.5.29.17'):
34 data
= extension
['extnValue'].asOctets()
35 altnames
= decoder
.decode(data
)[0]
36 altnames
= decoder
.decode(altnames
, asn1Spec
=rfc2459
.SubjectAltName())[0]
37 for altname
in altnames
:
38 result
= altname
['dNSName']
39 if result
is not None:
40 names
.append(str(result
))
45 if __name__
== '__main__':