-
Notifications
You must be signed in to change notification settings - Fork 0
/
openssl.py
59 lines (43 loc) · 2.13 KB
/
openssl.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import subprocess
import re
# [0-9,a-z]{8}-[0-9,a-z]{4}-[0-9,a-z]{4}-[0-9,a-z]{4}-[0-9,a-z]{12}
MODULUSPATTERN = "(?<=Modulus=)[A-F0-9]*"
class PrivateKeyMismatchException(Exception):
pass
def getuuidfromcsr(csr):
opensslprocess = subprocess.run(
['openssl', 'req', '-noout', '-subject'], input=csr, encoding='ascii',
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if opensslprocess.returncode == 0:
matches = re.search('(?<=CN = )[a-zA-Z0-9\ \-\.]*(?=(,|$))',
opensslprocess.stdout)
if matches is None:
raise Exception("couldn't find CN")
uuid = matches.group(0)
return uuid
def cert_verifychain(chainpath: str, cert: str):
print("verifying cert using cert chain %s" % chainpath)
opensslprocess = subprocess.run(['openssl', 'verify', '-show_chain', '--CAfile', chainpath], input=cert,
encoding='ascii', stdout=subprocess.PIPE, stderr=subprocess.PIPE)
print("stdout: %s, stderr: %s" % (opensslprocess.stdout, opensslprocess.stderr))
if opensslprocess.returncode != 0:
raise Exception()
def cert_verifyprivatekey(cert, privatekey):
opensslprocess = subprocess.run(['openssl', 'x509', '-noout', '-modulus'], input=cert, encoding='ascii',
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
print("stdout: %s, stderr: %s" % (opensslprocess.stdout, opensslprocess.stderr))
if opensslprocess.returncode != 0:
raise Exception()
certmod = re.search(MODULUSPATTERN, opensslprocess.stdout).group(0)
opensslprocess = subprocess.run(['openssl', 'rsa', '-noout', '-modulus'], input=privatekey, encoding='ascii',
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
print("stdout: %s, stderr: %s" % (opensslprocess.stdout, opensslprocess.stderr))
if opensslprocess.returncode != 0:
raise Exception()
keymod = re.search(MODULUSPATTERN, opensslprocess.stdout).group(0)
if keymod != certmod:
raise PrivateKeyMismatchException()
def cert_normalise(cert):
pass
def key_normalise(key):
pass