Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 2b73660135794cdcd37966ef82b2c9eddc54911c / . / Tools / ssl / get-remote-certificate.py
blob: ab851efdf852be8697493310b7c7bdac077b467b [file] [log] [blame]
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]1#!/usr/bin/env python
2#
3# fetch the certificate that the server(s) are providing in PEM form
4#
5# args are HOST:PORT [, HOST:PORT...]
6#
7# By Bill Janssen.
8
Georg Brandlf55aa802010-11-26 08:59:40 +0000[diff] [blame]9import re
10import os
11import ssl
Christian Heimes05e8be12008-02-23 18:30:17 +0000[diff] [blame]12import sys
Georg Brandlf55aa802010-11-26 08:59:40 +0000[diff] [blame]13import tempfile
14
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]15
16def fetch_server_certificate (host, port):
17
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]18 def subproc(cmd):
19 from subprocess import Popen, PIPE, STDOUT
20 proc = Popen(cmd, stdout=PIPE, stderr=STDOUT, shell=True)
21 status = proc.wait()
22 output = proc.stdout.read()
23 return status, output
24
25 def strip_to_x509_cert(certfile_contents, outfile=None):
Georg Brandlf55aa802010-11-26 08:59:40 +0000[diff] [blame]26 m = re.search(br"^([-]+BEGIN CERTIFICATE[-]+[\r]*\n"
27 br".*[\r]*^[-]+END CERTIFICATE[-]+)$",
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]28 certfile_contents, re.MULTILINE | re.DOTALL)
29 if not m:
30 return None
31 else:
32 tn = tempfile.mktemp()
Georg Brandlf55aa802010-11-26 08:59:40 +0000[diff] [blame]33 fp = open(tn, "wb")
34 fp.write(m.group(1) + b"\n")
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]35 fp.close()
36 try:
37 tn2 = (outfile or tempfile.mktemp())
38 status, output = subproc(r'openssl x509 -in "%s" -out "%s"' %
39 (tn, tn2))
40 if status != 0:
41 raise OperationError(status, tsig, output)
42 fp = open(tn2, 'rb')
43 data = fp.read()
44 fp.close()
45 os.unlink(tn2)
46 return data
47 finally:
48 os.unlink(tn)
49
50 if sys.platform.startswith("win"):
51 tfile = tempfile.mktemp()
52 fp = open(tfile, "w")
53 fp.write("quit\n")
54 fp.close()
55 try:
56 status, output = subproc(
57 'openssl s_client -connect "%s:%s" -showcerts < "%s"' %
58 (host, port, tfile))
59 finally:
60 os.unlink(tfile)
61 else:
62 status, output = subproc(
63 'openssl s_client -connect "%s:%s" -showcerts < /dev/null' %
64 (host, port))
65 if status != 0:
66 raise OSError(status)
67 certtext = strip_to_x509_cert(output)
68 if not certtext:
69 raise ValueError("Invalid response received from server at %s:%s" %
70 (host, port))
71 return certtext
72
Georg Brandlf55aa802010-11-26 08:59:40 +0000[diff] [blame]73
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]74if __name__ == "__main__":
75 if len(sys.argv) < 2:
76 sys.stderr.write(
77 "Usage: %s HOSTNAME:PORTNUMBER [, HOSTNAME:PORTNUMBER...]\n" %
78 sys.argv[0])
79 sys.exit(1)
80 for arg in sys.argv[1:]:
81 host, port = arg.split(":")
Georg Brandlf55aa802010-11-26 08:59:40 +0000[diff] [blame]82 sys.stdout.buffer.write(fetch_server_certificate(host, int(port)))
Thomas Woutersed03b412007-08-28 21:37:11 +0000[diff] [blame]83 sys.exit(0)