Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 172bb39452ae8b3ccdf5d1f23ead46f44200cd49 / . / Tools / scripts / get-remote-certificate.py
blob: 38901286e19ad1aa26f8f8b73ec36267ed1e7822 [file] [log] [blame]
Benjamin Peterson90f5ba52010-03-11 22:53:45 +0000[diff] [blame]1#!/usr/bin/env python3
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]2#
3# fetch the certificate that the server(s) are providing in PEM form
4#
5# args are HOST:PORT [, HOST:PORT...]
6#
7# By Bill Janssen.
8
Georg Brandlcbb94212010-10-28 08:38:30 +0000[diff] [blame]9import re
10import os
Christian Heimes05e8be12008-02-23 18:30:17 +0000[diff] [blame]11import sys
Georg Brandlcbb94212010-10-28 08:38:30 +0000[diff] [blame]12import tempfile
13
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]14
15def fetch_server_certificate (host, port):
16
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]17 def subproc(cmd):
18 from subprocess import Popen, PIPE, STDOUT
19 proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
20 status = proc.wait()
21 output = proc.stdout.read()
22 return status, output
23
24 def strip_to_x509_cert(certfile_contents, outfile=None):
Georg Brandlcbb94212010-10-28 08:38:30 +0000[diff] [blame]25 m = re.search(br"^([-]+BEGIN CERTIFICATE[-]+[\r]*\n"
26 br".*[\r]*^[-]+END CERTIFICATE[-]+)$",
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]27 certfile_contents, re.MULTILINE | re.DOTALL)
28 if not m:
29 return None
30 else:
31 tn = tempfile.mktemp()
Serhiy Storchaka172bb392019-03-30 08:33:02 +0200[diff] [blame^]32 with open(tn, "wb") as fp:
33 fp.write(m.group(1) + b"\n")
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]34 try:
35 tn2 = (outfile or tempfile.mktemp())
36 status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %
37 (tn, tn2))
38 if status != 0:
Georg Brandl30baf2b2010-12-30 17:36:17 +0000[diff] [blame]39 raise RuntimeError('OpenSSL x509 failed with status %s and '
40 'output: %r' % (status, output))
Serhiy Storchaka172bb392019-03-30 08:33:02 +0200[diff] [blame^]41 with open(tn2, 'rb') as fp:
42 data = fp.read()
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]43 os.unlink(tn2)
44 return data
45 finally:
46 os.unlink(tn)
47
48 if sys.platform.startswith("win"):
49 tfile = tempfile.mktemp()
Serhiy Storchaka172bb392019-03-30 08:33:02 +0200[diff] [blame^]50 with open(tfile, "w") as fp:
51 fp.write("quit\n")
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]52 try:
53 status, output = subproc(
54 'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
55 (host, port, tfile))
56 finally:
57 os.unlink(tfile)
58 else:
59 status, output = subproc(
60 'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
61 (host, port))
62 if status != 0:
Georg Brandl30baf2b2010-12-30 17:36:17 +0000[diff] [blame]63 raise RuntimeError('OpenSSL connect failed with status %s and '
64 'output: %r' % (status, output))
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]65 certtext = strip_to_x509_cert(output)
66 if not certtext:
67 raise ValueError("Invalid response received from server at %s:%s" %
68 (host, port))
69 return certtext
70
Georg Brandlcbb94212010-10-28 08:38:30 +0000[diff] [blame]71
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]72if __name__ == "__main__":
73 if len(sys.argv) < 2:
74 sys.stderr.write(
75 "Usage: %s HOSTNAME:PORTNUMBER [, HOSTNAME:PORTNUMBER...]\n" %
76 sys.argv[0])
77 sys.exit(1)
78 for arg in sys.argv[1:]:
79 host, port = arg.split(":")
Georg Brandlcbb94212010-10-28 08:38:30 +0000[diff] [blame]80 sys.stdout.buffer.write(fetch_server_certificate(host, int(port)))
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]81 sys.exit(0)