Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Mozilla/mozilla/security/python/nss/doc/examples/cert_dump.py
jdennis%redhat.com 8e16474f20 * Unicode objects now accepted as well as str objects for 
interfaces expecting a string.

  * Sockets were enhanced thusly:
      - Threads will now yield during blocking IO.
      - Socket.makefile() reimplemented
	  file object methods that had been missing (readlines(), sendall(),
	  and iteration) were implemented, makefile now just returns the same
	  Socket object but increments an "open" ref count. Thus a Socket
	  object behaves like a file object and must be closed once for each
	  makefile() call before it's actually closed.
      - Sockets now support the iter protocol
      - Add Socket.readlines(), Socket.sendall()

  * The following classes were added:
      AuthKeyID
      CRLDistributionPoint
      CRLDistributionPts
      CertificateExtension
      GeneralName
      SignedCRL
      X500AVA
      X500Name
      X500RDN

  * The following module functions were added:
      nss.nss.cert_crl_reason_from_name()
      nss.nss.cert_crl_reason_name()
      nss.nss.cert_general_name_type_from_name()
      nss.nss.cert_general_name_type_name()
      nss.nss.decode_der_crl()
      nss.nss.der_universal_secitem_fmt_lines()
      nss.nss.import_crl()
      nss.nss.make_line_pairs()
      nss.nss.oid_dotted_decimal()
      nss.nss.oid_str()
      nss.nss.oid_tag()
      nss.nss.oid_tag_name()
      nss.nss.read_der_from_file()
      nss.nss.x509_alt_name()
      nss.nss.x509_ext_key_usage()
      nss.nss.x509_key_usage()

  * The following class methods and properties were added:
    Note: it's a method if the name is suffixed with (), a propety otherwise
      Socket.next()
      Socket.readlines()
      Socket.sendall()
      SSLSocket.next()
      SSLSocket.readlines()
      SSLSocket.sendall()
      AuthKeyID.key_id
      AuthKeyID.serial_number
      AuthKeyID.get_general_names()
      CRLDistributionPoint.issuer
      CRLDistributionPoint.get_general_names()
      CRLDistributionPoint.get_reasons()
      CertDB.find_crl_by_cert()
      CertDB.find_crl_by_name()
      Certificate.extensions
      CertificateExtension.critical
      CertificateExtension.name
      CertificateExtension.oid
      CertificateExtension.oid_tag
      CertificateExtension.value
      GeneralName.type_enum
      GeneralName.type_name
      GeneralName.type_string
      SecItem.der_to_hex()
      SecItem.get_oid_sequence()
      SecItem.to_hex()
      SignedCRL.delete_permanently()
      X500AVA.oid
      X500AVA.oid_tag
      X500AVA.value
      X500AVA.value_str
      X500Name.cert_uid
      X500Name.common_name
      X500Name.country_name
      X500Name.dc_name
      X500Name.email_address
      X500Name.locality_name
      X500Name.org_name
      X500Name.org_unit_name
      X500Name.state_name
      X500Name.add_rdn()
      X500Name.has_key()
      X500RDN.has_key()

  * The following module functions were removed:
    Note: use nss.nss.oid_tag() instead
      nss.nss.sec_oid_tag_from_name()
      nss.nss.sec_oid_tag_name()
      nss.nss.sec_oid_tag_str()

  * The following files were added:
      doc/examples/cert_dump.py
      test/test_cert_components.py


git-svn-id: svn://10.0.0.236/trunk@260296 18797224-902f-48f8-a5cc-f745e15eee43
2010-05-13 14:48:02 +00:00

171 lines
6.8 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is a Python binding for Network Security Services (NSS).
#
# The Initial Developer of the Original Code is Red Hat, Inc.
# (Author: John Dennis <jdennis@redhat.com>)
#
# Portions created by the Initial Developer are Copyright (C) 2008,2009
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
import os
import sys
import getopt
import getpass
from nss.error import NSPRError
import nss.io as io
import nss.nss as nss
# -----------------------------------------------------------------------------
def print_extension(level, extension):
print nss.indented_format([(level, 'Name: %s' % extension.name),
(level, 'Critical: %s' % extension.critical)])
oid_tag = extension.oid_tag
if oid_tag == nss.SEC_OID_PKCS12_KEY_USAGE:
print nss.indented_format([(level, 'Usages:')])
print nss.indented_format([(level+1, x) for x in nss.x509_key_usage(extension.value)])
elif oid_tag == nss.SEC_OID_X509_SUBJECT_KEY_ID:
print nss.indented_format([(level, 'Data:')])
print nss.indented_format(nss.make_line_pairs(level+1,
extension.value.der_to_hex(nss.OCTETS_PER_LINE_DEFAULT)))
elif oid_tag == nss.SEC_OID_X509_CRL_DIST_POINTS:
pts = nss.CRLDistributionPts(extension.value)
i = 1
print nss.indented_format([(level, 'CRL Distribution Points: [%d total]' % len(pts))])
for pt in pts:
print nss.indented_format([(level+1, 'Point[%d]:' % i)])
names = pt.get_general_names()
print nss.indented_format([(level+2, 'General Names: [%d total]' % len(names))])
for name in names:
print nss.indented_format([(level+3, '%s:' % name)])
print nss.indented_format([(level+2, 'Reasons: %s' % (pt.get_reasons(),))])
print nss.indented_format([(level+2, 'Issuer: %s' % pt.issuer)])
elif oid_tag == nss.SEC_OID_X509_AUTH_KEY_ID:
auth_key_id = nss.AuthKeyID(extension.value)
print nss.indented_format([(level+1, 'Key ID:')])
print nss.indented_format(nss.make_line_pairs(level+1,
auth_key_id.key_id.to_hex(nss.OCTETS_PER_LINE_DEFAULT)))
print nss.indented_format([(level+1, 'Serial Number: %s' % (auth_key_id.serial_number))])
print nss.indented_format([(level+1, 'Issuer:' % auth_key_id.get_general_names())])
elif oid_tag == nss.SEC_OID_X509_EXT_KEY_USAGE:
print nss.indented_format([(level, 'Usages:')])
print nss.indented_format([(level+1, x) for x in nss.x509_ext_key_usage(extension.value)])
elif oid_tag in (nss.SEC_OID_X509_SUBJECT_ALT_NAME, nss.SEC_OID_X509_ISSUER_ALT_NAME):
names = nss.x509_alt_name(extension.value)
print nss.indented_format([(level+2, 'Alternate Names: [%d total]' % len(names))])
for name in names:
print nss.indented_format([(level+3, '%s:' % name)])
print
# -----------------------------------------------------------------------------
usage_str = '''
'''
def usage():
print usage_str
try:
opts, args = getopt.getopt(sys.argv[1:], "h",
["help", ])
except getopt.GetoptError:
# print help information and exit:
usage()
sys.exit(2)
filename = 'cert.der'
for o, a in opts:
if o in ("-H", "--help"):
usage()
sys.exit()
filename = sys.argv[1]
# Perform basic configuration and setup
nss.nss_init_nodb()
if False:
l = nss.temp_test()
print type(l)
print l
sys.exit(0)
if len(args):
filename = args[0]
print "certificate filename=%s" % (filename)
# Read the certificate as DER encoded data
si = nss.read_der_from_file(filename)
# Parse the DER encoded data returning a Certificate object
cert = nss.Certificate(si)
# Get the extension list from the certificate
extensions = cert.extensions
print nss.indented_format([(0, 'Certificate:'),
(1, 'Data:')])
print nss.indented_format([(2, 'Version: %d (%#x)' % (cert.version+1, cert.version))])
print nss.indented_format([(2, 'Serial Number: %d (%#x)' % (cert.serial_number, cert.serial_number))])
print nss.indented_format([(2, 'Signature Algorithm: %s' % cert.signature_algorithm)])
print nss.indented_format([(2, 'Issuer: "%s"' % cert.issuer)])
print nss.indented_format([(2, 'Validity:'),
(3, 'Not Before: %s' % cert.valid_not_before_str),
(3, 'Not After: %s' % cert.valid_not_after_str)])
print nss.indented_format([(2, 'Subject: "%s"' % cert.subject)])
print nss.indented_format([(2, 'Subject Public Key Info:')])
print nss.indented_format(cert.subject_public_key_info.format_lines(3))
if len(extensions) > 0:
print nss.indented_format([(1, 'Signed Extensions: (%d)' % len(extensions))])
for extension in extensions:
print_extension(2, extension)
print nss.indented_format(cert.signed_data.format_lines(1))
print nss.indented_format([(1, 'Fingerprint (MD5):')])
print nss.indented_format(nss.make_line_pairs(2,
nss.data_to_hex(nss.md5_digest(cert.der_data),
nss.OCTETS_PER_LINE_DEFAULT)))
print nss.indented_format([(1, 'Fingerprint (SHA1):')])
print nss.indented_format(nss.make_line_pairs(2,
nss.data_to_hex(nss.sha1_digest(cert.der_data),
nss.OCTETS_PER_LINE_DEFAULT)))
Reference in New Issue View Git Blame Copy Permalink