Esempio n. 1
0
    def cert_facts(self, substrate, count):
        cert = ct.crypto.cert.Certificate(substrate)
        prefix = 'ssl_certificate-{0}_'.format(count)
        self.add_fact(prefix + 'subject-common-name',
                      cert.subject_common_name())
        self.add_fact(prefix + 'subject-name', cert.subject_name())
        self.add_fact(prefix + 'issuer-name', cert.issuer_name())

        selfsigned = (cert.subject_name() == cert.issuer_name())
        self.add_fact(prefix + 'self-signed', selfsigned)

        self.add_fact(prefix + 'version', cert.version())
        alginfo = cert.subject_public_key_algorithm()
        self.add_fact(prefix + 'algorithm', alginfo[0].short_name())
        asn_modulus, asn_exponent = cert.subject_public_key()
        modulus = int(asn_modulus)
        exponent = int(asn_exponent)
        #print modulus, exponent
        #bitlen = 0
        #while modulus > 0:
        #    bitlen = bitlen + 1
        #    modulus = modulus >> 1

        self.add_fact(prefix + 'bit-length', modulus.bit_length())
        self.add_fact(prefix + 'rsa-exponent', exponent)

        val = time.mktime(cert.not_before())
        days = (time.time() - val) / 86400.0
        self.add_fact(prefix + 'not-before', int(val))
        self.add_fact(prefix + 'days-since-start', int(days))

        val = time.mktime(cert.not_after())
        days = (val - time.time()) / 86400.0
        self.add_fact(prefix + 'not-after', int(val))
        self.add_fact(prefix + 'days-until-end', int(days))
        self.add_fact(prefix + 'serial-number', str(cert.serial_number()))

        san = cert.subject_alternative_names()
        if len(san) > 0:
            val = [part.value() for part in san]
            self.add_fact(prefix + 'subject-alternative-name', ','.join(val))

        junk = cert.authority_info_access()
        for oid_val, url_val in junk:
            self.add_fact(
                prefix + 'authorityinfoaccess_' + oid_val.short_name().lower(),
                url_val.value())
    def test_subject_alternative_names(self):
        cert = self.cert_from_pem_file(self._PEM_MULTIPLE_AN)
        sans = cert.subject_alternative_names()
        self.assertEqual(4, len(sans))

        self.assertEqual(x509_name.DNS_NAME, sans[0].component_key())
        self.assertEqual("spires.wpafb.af.mil", sans[0].component_value())

        self.assertEqual(x509_name.DIRECTORY_NAME, sans[1].component_key())
        self.assertTrue(isinstance(sans[1].component_value(), x509_name.Name),
        sans[1].component_value())

        self.assertEqual(x509_name.IP_ADDRESS_NAME, sans[2].component_key())
        self.assertEqual((129, 48, 105, 104),
        sans[2].component_value().as_octets())

        self.assertEqual(x509_name.URI_NAME, sans[3].component_key())
        self.assertEqual("spires.wpafb.af.mil", sans[3].component_value())
Esempio n. 3
0
    def cert_facts(self, substrate, count):
        cert = ct.crypto.cert.Certificate(substrate)
        prefix = 'ssl_certificate-{0}_'.format(count)
        self.add_fact(prefix + 'subject-common-name', cert.subject_common_name())
        self.add_fact(prefix + 'subject-name', cert.subject_name())
        self.add_fact(prefix + 'issuer-name', cert.issuer_name())

        selfsigned = (cert.subject_name() == cert.issuer_name())
        self.add_fact(prefix + 'self-signed', selfsigned)

        self.add_fact(prefix + 'version', cert.version())
        alginfo = cert.subject_public_key_algorithm()
        self.add_fact(prefix + 'algorithm', alginfo[0].short_name())
        asn_modulus, asn_exponent = cert.subject_public_key()
        modulus = int(asn_modulus)
        exponent = int(asn_exponent)
        #print modulus, exponent
        #bitlen = 0
        #while modulus > 0:
        #    bitlen = bitlen + 1
        #    modulus = modulus >> 1

        self.add_fact(prefix + 'bit-length', modulus.bit_length())
        self.add_fact(prefix + 'rsa-exponent', exponent)

        val = time.mktime(cert.not_before())
        days = (time.time() - val) / 86400.0
        self.add_fact(prefix + 'not-before', int(val))
        self.add_fact(prefix + 'days-since-start', int(days))

        val = time.mktime(cert.not_after())
        days = (val - time.time()) / 86400.0
        self.add_fact(prefix + 'not-after', int(val))
        self.add_fact(prefix + 'days-until-end', int(days))
        self.add_fact(prefix + 'serial-number', str(cert.serial_number()))

        san = cert.subject_alternative_names()
        if len(san) > 0:
            val = [ part.value() for part in san ]
            self.add_fact(prefix + 'subject-alternative-name', ','.join(val))

        junk = cert.authority_info_access()
        for oid_val, url_val in junk:
            self.add_fact(prefix + 'authorityinfoaccess_' + oid_val.short_name().lower(), url_val.value())