-
Notifications
You must be signed in to change notification settings - Fork 0
/
certfilter.py
40 lines (36 loc) · 1.42 KB
/
certfilter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
from etld import get_eTLD_service
from base64 import b64decode
from java.security.cert import X509Certificate, CertificateFactory
from java.io import StringBufferInputStream
from javax.naming.ldap import LdapName
cert_factory = CertificateFactory.getInstance('X.509')
svc = get_eTLD_service()
class CertChainFilter:
def redact_ee(self, ee):
cert_data = b64decode(ee)
x509_cert = cert_factory.generateCertificate(StringBufferInputStream(cert_data))
dn = x509_cert.getSubjectDN().getName()
LDAP_dn = LdapName(dn)
redacted_ee = {}
cn = ''
for rdn in LDAP_dn.getRdns():
if rdn.getType() == 'CN':
cn = rdn.getValue()
redacted_ee['redactedCN'] = svc.get_base_domain(cn)
return redacted_ee
def filter_document(self, document):
failedCertChain = document['failedCertChain']
try:
if failedCertChain:
document['failedCertChain'] = None
document['restOfCertChain'] = failedCertChain[1:]
if len(failedCertChain) > 0:
cert = failedCertChain[0]
redacted_ee = self.redact_ee(cert)
document['redactedEE'] = redacted_ee
except:
message = 'problem redacting cert chain'
try:
document['errors'].append(message)
except:
document['errors'] = [message]