Created
February 24, 2017 12:19
-
-
Save markwallsgrove/94169332da50592e3f4a8e2195b07d01 to your computer and use it in GitHub Desktop.
Summarise SSL signature hash type used by providers within SAML federation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python2.7 | |
| import lxml.etree as etree | |
| from cryptography import x509 | |
| from cryptography.hazmat.backends import default_backend | |
| def chunkstring(string, length): | |
| return (string[0+i:length+i] for i in range(0, len(string), length)) | |
| def main(): | |
| with open('fed.xml', 'r') as myfile: | |
| data = myfile.read().replace('\n', '') | |
| hashes = {} | |
| root = etree.fromstring(data) | |
| for x in root.xpath("//*[local-name() = 'X509Certificate']"): | |
| text = x.text.replace("\n", "").replace(" ", "").replace("\t", "") | |
| text = "\n".join(chunkstring(text, 64)) | |
| certText = "\n".join(["-----BEGIN CERTIFICATE-----", text, '-----END CERTIFICATE-----']) | |
| cert = x509.load_pem_x509_certificate(certText, default_backend()) | |
| certName = cert.signature_hash_algorithm.name | |
| if certName not in hashes: | |
| hashes[certName] = 0 | |
| hashes[certName] += 1 | |
| print hashes | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment