Created
March 25, 2017 08:04
-
-
Save ph4r05/0fbdba8f990e9b2c38eba697dcbfbebd to your computer and use it in GitHub Desktop.
Parsing X509 certificate, domain extraction
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from cryptography.hazmat.backends import default_backend | |
from cryptography.x509.base import load_pem_x509_certificate | |
from cryptography.hazmat.primitives.serialization import load_ssh_public_key | |
from cryptography.hazmat.primitives import hashes | |
from cryptography.x509.oid import NameOID | |
from cryptography.x509.oid import ExtensionOID | |
from cryptography import x509 | |
def get_backend(backend=None): | |
return default_backend() if backend is None else backend | |
def load_x509(data, backend=None): | |
return load_pem_x509_certificate(data, get_backend(backend)) | |
def get_dn_part(subject, oid=None): | |
if subject is None: | |
return None | |
if oid is None: | |
raise ValueError('Disobey wont be tolerated') | |
for sub in subject: | |
if oid is not None and sub.oid == oid: | |
return sub.value | |
pem = ''' | |
-----BEGIN CERTIFICATE----- | |
MIIFDzCCA/egAwIBAgISA2HtXeXjr4X5ITqEBPqKbwFqMA0GCSqGSIb3DQEBCwUA | |
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD | |
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzAzMjQwOTM5MDBaFw0x | |
NzA2MjIwOTM5MDBaMBoxGDAWBgNVBAMTD2hhcnJvdzMudW1waC5pbzCCASIwDQYJ | |
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4wfTuT5PlbAaxAFbPCXc1o8gm7gtn3 | |
wnkxfBamSM3EkIr19IlKSQqiFhsYORg76cu7PYGoWmEzYjYaopdu4KgyxGdVaGy2 | |
eB6VFlX/NYshKZ5GCIQro8bshvZXZXQksw1JfDkKWfZ2a29DylFZ/+0I+uhDRDu0 | |
VRG1wv1xhQYIqDh/fLy1zTDN5EkzYae3SF7LY44tWry9Cc67E8KWVb4/YcA0xpue | |
+7AtcbdCRaF8VM3/ohVU0Gf/FNoeU4yZ+wf3NApqnjCPElgjY2CmKpdquDp/n6t2 | |
Y67BY5NcyzSEUhrj0JFCh4YNPFckQK+pb0DGXfgDt6aRckIdYjFh4h0CAwEAAaOC | |
Ah0wggIZMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB | |
BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUc7VMi/U8f2VTAhpyvAeYJyMn | |
tmEwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEE | |
ZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu | |
b3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0 | |
Lm9yZy8wJwYDVR0RBCAwHoILaGEzLnVtcGguaW+CD2hhcnJvdzMudW1waC5pbzCB | |
/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYB | |
BQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCB | |
ngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkg | |
UmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUg | |
Q2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQu | |
b3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAn9ARd26/viMDUUwcn | |
T6ymEbyVgBVPuvcqfAvdXmLlU+PWZiDdjUjp87NZjFl+PpLXBtAHKGlb29ccM5p6 | |
uY6F5Sgck2Vr6HpxKtoG3xtfuXQUiD+06ETq2u1zIptXkD4UzjucbFFB4ZNU/uOW | |
EIOeILHvLnj5AZTS7er4JnDnsp3r/NceGyhq7zxEtd5PLk794vvkdSIi63nfJdo4 | |
DFpxD4UVxzmCitKnXYIR8eay5VidFoS56SnDbIJZBWrjiuFBwEv9IFP6ShxDXtrt | |
hDgMT0/PGNeBHhL4JTLxu13toyXBPkLSIOxo+pQoIJvMLMPNZHxd/cg0SbXGfuIn | |
vmyC | |
-----END CERTIFICATE----- | |
''' | |
x509crt = load_x509(pem) | |
print(get_dn_part(x509crt.subject, NameOID.COMMON_NAME)) | |
ext = x509crt.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) | |
if ext is not None: | |
print(ext.value.get_values_for_type(x509.DNSName)) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment