]>
git.siccegge.de Git - tools.git/blob - make-tlsa
3 from pyasn1_modules
import pem
, rfc2459
4 from pyasn1
.codec
.der
import decoder
5 from pyasn1
.type import univ
11 for root
, _
, files
in os
.walk(sys
.argv
[1]):
12 for filename
in files
:
13 if filename
== 'cert.pem':
14 certname
= os
.path
.join(root
, filename
)
15 altnames
= parse_cert(certname
)
16 for altname
in altnames
:
17 subprocess
.Popen(["ldns-dane", "create", "-c", certname
,
18 altname
, "443", "3", "1", "1"])
22 def parse_cert(fname
):
24 with
open(fname
) as fhd
:
25 bits
= pem
.readPemFromFile(fhd
)
26 cert
= decoder
.decode(bits
, asn1Spec
=rfc2459
.Certificate())[0]
27 extensions
= cert
['tbsCertificate']['extensions']
28 for extension
in extensions
:
29 if extension
['extnID'] != univ
.ObjectIdentifier('2.5.29.17'):
32 data
= extension
['extnValue'].asOctets()
33 altnames
= decoder
.decode(data
)[0]
34 altnames
= decoder
.decode(altnames
, asn1Spec
=rfc2459
.SubjectAltName())[0]
35 for altname
in altnames
:
36 result
= altname
['dNSName']
37 if result
is not None:
38 names
.append(str(result
))
43 if __name__
== '__main__':