def cert_facts(self, substrate, count): cert = ct.crypto.cert.Certificate(substrate) prefix = 'ssl_certificate-{0}_'.format(count) self.add_fact(prefix + 'subject-common-name', cert.subject_common_name()) self.add_fact(prefix + 'subject-name', cert.subject_name()) self.add_fact(prefix + 'issuer-name', cert.issuer_name()) selfsigned = (cert.subject_name() == cert.issuer_name()) self.add_fact(prefix + 'self-signed', selfsigned) self.add_fact(prefix + 'version', cert.version()) alginfo = cert.subject_public_key_algorithm() self.add_fact(prefix + 'algorithm', alginfo[0].short_name()) asn_modulus, asn_exponent = cert.subject_public_key() modulus = int(asn_modulus) exponent = int(asn_exponent) #print modulus, exponent #bitlen = 0 #while modulus > 0: # bitlen = bitlen + 1 # modulus = modulus >> 1 self.add_fact(prefix + 'bit-length', modulus.bit_length()) self.add_fact(prefix + 'rsa-exponent', exponent) val = time.mktime(cert.not_before()) days = (time.time() - val) / 86400.0 self.add_fact(prefix + 'not-before', int(val)) self.add_fact(prefix + 'days-since-start', int(days)) val = time.mktime(cert.not_after()) days = (val - time.time()) / 86400.0 self.add_fact(prefix + 'not-after', int(val)) self.add_fact(prefix + 'days-until-end', int(days)) self.add_fact(prefix + 'serial-number', str(cert.serial_number())) san = cert.subject_alternative_names() if len(san) > 0: val = [part.value() for part in san] self.add_fact(prefix + 'subject-alternative-name', ','.join(val)) junk = cert.authority_info_access() for oid_val, url_val in junk: self.add_fact( prefix + 'authorityinfoaccess_' + oid_val.short_name().lower(), url_val.value())
def test_subject_alternative_names(self): cert = self.cert_from_pem_file(self._PEM_MULTIPLE_AN) sans = cert.subject_alternative_names() self.assertEqual(4, len(sans)) self.assertEqual(x509_name.DNS_NAME, sans[0].component_key()) self.assertEqual("spires.wpafb.af.mil", sans[0].component_value()) self.assertEqual(x509_name.DIRECTORY_NAME, sans[1].component_key()) self.assertTrue(isinstance(sans[1].component_value(), x509_name.Name), sans[1].component_value()) self.assertEqual(x509_name.IP_ADDRESS_NAME, sans[2].component_key()) self.assertEqual((129, 48, 105, 104), sans[2].component_value().as_octets()) self.assertEqual(x509_name.URI_NAME, sans[3].component_key()) self.assertEqual("spires.wpafb.af.mil", sans[3].component_value())
def cert_facts(self, substrate, count): cert = ct.crypto.cert.Certificate(substrate) prefix = 'ssl_certificate-{0}_'.format(count) self.add_fact(prefix + 'subject-common-name', cert.subject_common_name()) self.add_fact(prefix + 'subject-name', cert.subject_name()) self.add_fact(prefix + 'issuer-name', cert.issuer_name()) selfsigned = (cert.subject_name() == cert.issuer_name()) self.add_fact(prefix + 'self-signed', selfsigned) self.add_fact(prefix + 'version', cert.version()) alginfo = cert.subject_public_key_algorithm() self.add_fact(prefix + 'algorithm', alginfo[0].short_name()) asn_modulus, asn_exponent = cert.subject_public_key() modulus = int(asn_modulus) exponent = int(asn_exponent) #print modulus, exponent #bitlen = 0 #while modulus > 0: # bitlen = bitlen + 1 # modulus = modulus >> 1 self.add_fact(prefix + 'bit-length', modulus.bit_length()) self.add_fact(prefix + 'rsa-exponent', exponent) val = time.mktime(cert.not_before()) days = (time.time() - val) / 86400.0 self.add_fact(prefix + 'not-before', int(val)) self.add_fact(prefix + 'days-since-start', int(days)) val = time.mktime(cert.not_after()) days = (val - time.time()) / 86400.0 self.add_fact(prefix + 'not-after', int(val)) self.add_fact(prefix + 'days-until-end', int(days)) self.add_fact(prefix + 'serial-number', str(cert.serial_number())) san = cert.subject_alternative_names() if len(san) > 0: val = [ part.value() for part in san ] self.add_fact(prefix + 'subject-alternative-name', ','.join(val)) junk = cert.authority_info_access() for oid_val, url_val in junk: self.add_fact(prefix + 'authorityinfoaccess_' + oid_val.short_name().lower(), url_val.value())