Lines 53-59
for line in open('certdata.txt', 'r'):
Link Here
|
53 |
if type == 'MULTILINE_OCTAL': |
53 |
if type == 'MULTILINE_OCTAL': |
54 |
line = line.strip() |
54 |
line = line.strip() |
55 |
for i in re.finditer(r'\\([0-3][0-7][0-7])', line): |
55 |
for i in re.finditer(r'\\([0-3][0-7][0-7])', line): |
56 |
value += chr(int(i.group(1), 8)) |
56 |
value.append(int(i.group(1), 8)) |
57 |
else: |
57 |
else: |
58 |
value += line |
58 |
value += line |
59 |
continue |
59 |
continue |
Lines 70-82
for line in open('certdata.txt', 'r'):
Link Here
|
70 |
field, type = line_parts |
70 |
field, type = line_parts |
71 |
value = None |
71 |
value = None |
72 |
else: |
72 |
else: |
73 |
raise NotImplementedError, 'line_parts < 2 not supported.' |
73 |
raise NotImplementedError('line_parts < 2 not supported.') |
74 |
if type == 'MULTILINE_OCTAL': |
74 |
if type == 'MULTILINE_OCTAL': |
75 |
in_multiline = True |
75 |
in_multiline = True |
76 |
value = "" |
76 |
value = bytearray() |
77 |
continue |
77 |
continue |
78 |
obj[field] = value |
78 |
obj[field] = value |
79 |
if len(obj.items()) > 0: |
79 |
if len(obj) > 0: |
80 |
objects.append(obj) |
80 |
objects.append(obj) |
81 |
|
81 |
|
82 |
# Read blacklist. |
82 |
# Read blacklist. |
Lines 95-101
for obj in objects:
Link Here
|
95 |
if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'): |
95 |
if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'): |
96 |
continue |
96 |
continue |
97 |
if obj['CKA_LABEL'] in blacklist: |
97 |
if obj['CKA_LABEL'] in blacklist: |
98 |
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] |
98 |
print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) |
99 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR', |
99 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR', |
100 |
'CKT_NSS_TRUSTED_DELEGATOR'): |
100 |
'CKT_NSS_TRUSTED_DELEGATOR'): |
101 |
trust[obj['CKA_LABEL']] = True |
101 |
trust[obj['CKA_LABEL']] = True |
Lines 104-116
for obj in objects:
Link Here
|
104 |
trust[obj['CKA_LABEL']] = True |
104 |
trust[obj['CKA_LABEL']] = True |
105 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED', |
105 |
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED', |
106 |
'CKT_NSS_NOT_TRUSTED'): |
106 |
'CKT_NSS_NOT_TRUSTED'): |
107 |
print '!'*74 |
107 |
print('!'*74) |
108 |
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] |
108 |
print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) |
109 |
print '!'*74 |
109 |
print('!'*74) |
110 |
else: |
110 |
else: |
111 |
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ |
111 |
print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ |
112 |
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], |
112 |
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], |
113 |
obj['CKA_TRUST_EMAIL_PROTECTION']) |
113 |
obj['CKA_TRUST_EMAIL_PROTECTION'])) |
114 |
|
114 |
|
115 |
for obj in objects: |
115 |
for obj in objects: |
116 |
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
116 |
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
Lines 121-133
for obj in objects:
Link Here
|
121 |
.replace('(', '=')\ |
121 |
.replace('(', '=')\ |
122 |
.replace(')', '=')\ |
122 |
.replace(')', '=')\ |
123 |
.replace(',', '_') |
123 |
.replace(',', '_') |
124 |
bname = bname.decode('string_escape') |
124 |
|
|
|
125 |
# this is the only way to decode the way NSS stores multi-byte UTF-8 |
126 |
if bytes != str: |
127 |
bname = bname.encode('utf-8') |
128 |
bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8') |
125 |
fname = bname + '.crt' |
129 |
fname = bname + '.crt' |
|
|
130 |
|
126 |
if os.path.exists(fname): |
131 |
if os.path.exists(fname): |
127 |
print "Found duplicate certificate name %s, renaming." % bname |
132 |
print("Found duplicate certificate name %s, renaming." % bname) |
128 |
fname = bname + '_2.crt' |
133 |
fname = bname + '_2.crt' |
129 |
f = open(fname, 'w') |
134 |
f = open(fname, 'w') |
130 |
f.write("-----BEGIN CERTIFICATE-----\n") |
135 |
f.write("-----BEGIN CERTIFICATE-----\n") |
131 |
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) |
136 |
encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8') |
|
|
137 |
f.write("\n".join(textwrap.wrap(encoded, 64))) |
132 |
f.write("\n-----END CERTIFICATE-----\n") |
138 |
f.write("\n-----END CERTIFICATE-----\n") |
133 |
|
139 |
|