def cert_facts(self, substrate, count):
cert = ct.crypto.cert.Certificate(substrate)
prefix = 'ssl_certificate-{0}_'.format(count)
self.add_fact(prefix + 'subject-common-name',
cert.subject_common_name())
self.add_fact(prefix + 'subject-name', cert.subject_name())
self.add_fact(prefix + 'issuer-name', cert.issuer_name())
selfsigned = (cert.subject_name() == cert.issuer_name())
self.add_fact(prefix + 'self-signed', selfsigned)
self.add_fact(prefix + 'version', cert.version())
alginfo = cert.subject_public_key_algorithm()
self.add_fact(prefix + 'algorithm', alginfo[0].short_name())
asn_modulus, asn_exponent = cert.subject_public_key()
modulus = int(asn_modulus)
exponent = int(asn_exponent)
#print modulus, exponent
#bitlen = 0
#while modulus > 0:
# bitlen = bitlen + 1
# modulus = modulus >> 1
self.add_fact(prefix + 'bit-length', modulus.bit_length())
self.add_fact(prefix + 'rsa-exponent', exponent)
val = time.mktime(cert.not_before())
days = (time.time() - val) / 86400.0
self.add_fact(prefix + 'not-before', int(val))
self.add_fact(prefix + 'days-since-start', int(days))
val = time.mktime(cert.not_after())
days = (val - time.time()) / 86400.0
self.add_fact(prefix + 'not-after', int(val))
self.add_fact(prefix + 'days-until-end', int(days))
self.add_fact(prefix + 'serial-number', str(cert.serial_number()))
san = cert.subject_alternative_names()
if len(san) > 0:
val = [part.value() for part in san]
self.add_fact(prefix + 'subject-alternative-name', ','.join(val))
junk = cert.authority_info_access()
for oid_val, url_val in junk:
self.add_fact(
prefix + 'authorityinfoaccess_' + oid_val.short_name().lower(),
url_val.value())
def test_subject_alternative_names(self):
cert = self.cert_from_pem_file(self._PEM_MULTIPLE_AN)
sans = cert.subject_alternative_names()
self.assertEqual(4, len(sans))
self.assertEqual(x509_name.DNS_NAME, sans[0].component_key())
self.assertEqual("spires.wpafb.af.mil", sans[0].component_value())
self.assertEqual(x509_name.DIRECTORY_NAME, sans[1].component_key())
self.assertTrue(isinstance(sans[1].component_value(), x509_name.Name),
sans[1].component_value())
self.assertEqual(x509_name.IP_ADDRESS_NAME, sans[2].component_key())
self.assertEqual((129, 48, 105, 104),
sans[2].component_value().as_octets())
self.assertEqual(x509_name.URI_NAME, sans[3].component_key())
self.assertEqual("spires.wpafb.af.mil", sans[3].component_value())
def cert_facts(self, substrate, count):
cert = ct.crypto.cert.Certificate(substrate)
prefix = 'ssl_certificate-{0}_'.format(count)
self.add_fact(prefix + 'subject-common-name', cert.subject_common_name())
self.add_fact(prefix + 'subject-name', cert.subject_name())
self.add_fact(prefix + 'issuer-name', cert.issuer_name())
selfsigned = (cert.subject_name() == cert.issuer_name())
self.add_fact(prefix + 'self-signed', selfsigned)
self.add_fact(prefix + 'version', cert.version())
alginfo = cert.subject_public_key_algorithm()
self.add_fact(prefix + 'algorithm', alginfo[0].short_name())
asn_modulus, asn_exponent = cert.subject_public_key()
modulus = int(asn_modulus)
exponent = int(asn_exponent)
#print modulus, exponent
#bitlen = 0
#while modulus > 0:
# bitlen = bitlen + 1
# modulus = modulus >> 1
self.add_fact(prefix + 'bit-length', modulus.bit_length())
self.add_fact(prefix + 'rsa-exponent', exponent)
val = time.mktime(cert.not_before())
days = (time.time() - val) / 86400.0
self.add_fact(prefix + 'not-before', int(val))
self.add_fact(prefix + 'days-since-start', int(days))
val = time.mktime(cert.not_after())
days = (val - time.time()) / 86400.0
self.add_fact(prefix + 'not-after', int(val))
self.add_fact(prefix + 'days-until-end', int(days))
self.add_fact(prefix + 'serial-number', str(cert.serial_number()))
san = cert.subject_alternative_names()
if len(san) > 0:
val = [ part.value() for part in san ]
self.add_fact(prefix + 'subject-alternative-name', ','.join(val))
junk = cert.authority_info_access()
for oid_val, url_val in junk:
self.add_fact(prefix + 'authorityinfoaccess_' + oid_val.short_name().lower(), url_val.value())
