--- /dev/null
+#!/usr/bin/python3
+
+from pyasn1_modules import pem, rfc2459
+from pyasn1_modules import pem, rfc2459
+from pyasn1.codec.der import decoder
+from pyasn1.type import univ
+import sys
+import os
+import subprocess
+
+def main():
+ for root, _, files in os.walk(sys.argv[1]):
+ for filename in files:
+ if filename == 'cert.pem':
+ certname = os.path.join(root, filename)
+# print(certname)
+ altnames = parse_cert(certname)
+ for altname in altnames:
+ subprocess.Popen(["ldns-dane", "create", "-c", certname,
+ altname, "443", "3", "1", "1"])
+
+
+
+def parse_cert(fname):
+ names = []
+ with open(fname) as fhd:
+ bits = pem.readPemFromFile(fhd)
+ cert = decoder.decode(bits, asn1Spec=rfc2459.Certificate())[0]
+ extensions = cert['tbsCertificate']['extensions']
+ for extension in extensions:
+ if extension['extnID'] != univ.ObjectIdentifier('2.5.29.17'):
+ continue
+
+ data = extension['extnValue'].asOctets()
+ altnames = decoder.decode(data)[0]
+ altnames = decoder.decode(altnames, asn1Spec=rfc2459.SubjectAltName())[0]
+ for altname in altnames:
+ result = altname['dNSName']
+ if result is not None:
+ names.append(str(result))
+
+ return names
+
+
+if __name__ == '__main__':
+ main()
projects / tools.git / blobdiff