|
Lines 53-59
for line in open('certdata.txt', 'r'):
Link Here
|
| 53 |
if type == 'MULTILINE_OCTAL': |
53 |
if type == 'MULTILINE_OCTAL': |
| 54 |
line = line.strip() |
54 |
line = line.strip() |
| 55 |
for i in re.finditer(r'\\([0-3][0-7][0-7])', line): |
55 |
for i in re.finditer(r'\\([0-3][0-7][0-7])', line): |
| 56 |
value += chr(int(i.group(1), 8)) |
56 |
value.append(int(i.group(1), 8)) |
| 57 |
else: |
57 |
else: |
| 58 |
value += line |
58 |
value += line |
| 59 |
continue |
59 |
continue |
|
Lines 70-82
for line in open('certdata.txt', 'r'):
Link Here
|
| 70 |
field, type = line_parts |
70 |
field, type = line_parts |
| 71 |
value = None |
71 |
value = None |
| 72 |
else: |
72 |
else: |
| 73 |
raise NotImplementedError, 'line_parts < 2 not supported.' |
73 |
raise NotImplementedError('line_parts < 2 not supported.') |
| 74 |
if type == 'MULTILINE_OCTAL': |
74 |
if type == 'MULTILINE_OCTAL': |
| 75 |
in_multiline = True |
75 |
in_multiline = True |
| 76 |
value = "" |
76 |
value = bytearray() |
| 77 |
continue |
77 |
continue |
| 78 |
obj[field] = value |
78 |
obj[field] = value |
| 79 |
if len(obj.items()) > 0: |
79 |
if len(obj) > 0: |
| 80 |
objects.append(obj) |
80 |
objects.append(obj) |
| 81 |
|
81 |
|
| 82 |
# Read blacklist. |
82 |
# Read blacklist. |
|
Lines 95-101
for obj in objects:
Link Here
|
| 95 |
if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'): |
95 |
if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'): |
| 96 |
continue |
96 |
continue |
| 97 |
if obj['CKA_LABEL'] in blacklist: |
97 |
if obj['CKA_LABEL'] in blacklist: |
| 98 |
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] |
98 |
print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) |
| 99 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR', |
99 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR', |
| 100 |
'CKT_NSS_TRUSTED_DELEGATOR'): |
100 |
'CKT_NSS_TRUSTED_DELEGATOR'): |
| 101 |
trust[obj['CKA_LABEL']] = True |
101 |
trust[obj['CKA_LABEL']] = True |
|
Lines 104-116
for obj in objects:
Link Here
|
| 104 |
trust[obj['CKA_LABEL']] = True |
104 |
trust[obj['CKA_LABEL']] = True |
| 105 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED', |
105 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED', |
| 106 |
'CKT_NSS_NOT_TRUSTED'): |
106 |
'CKT_NSS_NOT_TRUSTED'): |
| 107 |
print '!'*74 |
107 |
print('!'*74) |
| 108 |
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] |
108 |
print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) |
| 109 |
print '!'*74 |
109 |
print('!'*74) |
| 110 |
else: |
110 |
else: |
| 111 |
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ |
111 |
print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ |
| 112 |
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], |
112 |
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], |
| 113 |
obj['CKA_TRUST_EMAIL_PROTECTION']) |
113 |
obj['CKA_TRUST_EMAIL_PROTECTION'])) |
| 114 |
|
114 |
|
| 115 |
for obj in objects: |
115 |
for obj in objects: |
| 116 |
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
116 |
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
|
Lines 121-133
for obj in objects:
Link Here
|
| 121 |
.replace('(', '=')\ |
121 |
.replace('(', '=')\ |
| 122 |
.replace(')', '=')\ |
122 |
.replace(')', '=')\ |
| 123 |
.replace(',', '_') |
123 |
.replace(',', '_') |
| 124 |
bname = bname.decode('string_escape') |
124 |
|
|
|
125 |
# this is the only way to decode the way NSS stores multi-byte UTF-8 |
| 126 |
if bytes != str: |
| 127 |
bname = bname.encode('utf-8') |
| 128 |
bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8') |
| 125 |
fname = bname + '.crt' |
129 |
fname = bname + '.crt' |
|
|
130 |
|
| 126 |
if os.path.exists(fname): |
131 |
if os.path.exists(fname): |
| 127 |
print "Found duplicate certificate name %s, renaming." % bname |
132 |
print("Found duplicate certificate name %s, renaming." % bname) |
| 128 |
fname = bname + '_2.crt' |
133 |
fname = bname + '_2.crt' |
| 129 |
f = open(fname, 'w') |
134 |
f = open(fname, 'w') |
| 130 |
f.write("-----BEGIN CERTIFICATE-----\n") |
135 |
f.write("-----BEGIN CERTIFICATE-----\n") |
| 131 |
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) |
136 |
encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8') |
|
|
137 |
f.write("\n".join(textwrap.wrap(encoded, 64))) |
| 132 |
f.write("\n-----END CERTIFICATE-----\n") |
138 |
f.write("\n-----END CERTIFICATE-----\n") |
| 133 |
|
139 |
|
