a = M2Crypto.X509.load_cert(file, format=FORMAT_DER) der = a.as_der() cert = nss.Certificate(der, certdb) s = hashlib.new("sha256") cert_dec = DerSequence() cert_dec.decode(der) tbsCertificate = DerSequence() try: tbsCertificate.decode(cert_dec[0]) except: continue try: spki = tbsCertificate[6] except: # FIXME observing some outcomes with the certificates given the # len(tbs)-1 is spki I don't know why due to spki in the rfc is in # the 7th position. BTW maybe you have to research in this and # adapt it based in yours certificates. Also you can develop your # own script but is important to use nss because the main program # use subjectPublicKeyInfo.id_str + subject_common_name spki = tbsCertificate[len(tbsCertificate) - 1] s.update(spki) hash_t = s.hexdigest() algorithm = cert.subject_public_key_info.algorithm.id_str _id = str(algorithm) + " - " + cert.subject_common_name exist = db.get(_id) if exist is None: db.set_hash(hash_t, _id, drop=False)
a = M2Crypto.X509.load_cert(file, format=FORMAT_DER) der = a.as_der() cert = nss.Certificate(der, certdb) s = hashlib.new("sha256") cert_dec = DerSequence() cert_dec.decode(der) tbsCertificate = DerSequence() try: tbsCertificate.decode(cert_dec[0]) except: continue try: spki = tbsCertificate[6] except: # FIXME observing some outcomes with the certificates given the # len(tbs)-1 is spki I don't know why due to spki in the rfc is in # the 7th position. BTW maybe you have to research in this and # adapt it based in yours certificates. Also you can develop your # own script but is important to use nss because the main program # use subjectPublicKeyInfo.id_str + subject_common_name spki = tbsCertificate[len(tbsCertificate) - 1] s.update(spki) hash_t = s.hexdigest() algorithm = cert.subject_public_key_info.algorithm.id_str _id = str(algorithm) + ' - ' + cert.subject_common_name exist = db.get(_id) if exist is None: db.set_hash(hash_t, _id, drop=False)