4 # certdata2pem.py - splits certdata.txt into multiple files
6 # Copyright (C) 2009 Philipp Kern <pkern@debian.org>
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
32 in_data, in_multiline, in_obj = False, False, False
33 field, type, value, obj = None, None, None, dict()
34 for line in open('certdata.txt', 'r'):
35 # Ignore the file header.
37 if line.startswith('BEGINDATA'):
40 # Ignore comment lines.
41 if line.startswith('#'):
43 # Empty lines are significant if we are inside an object.
44 if in_obj and len(line.strip()) == 0:
49 if len(line.strip()) == 0:
52 if not line.startswith('END'):
53 if type == 'MULTILINE_OCTAL':
55 for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
56 value += chr(int(i.group(1), 8))
63 if line.startswith('CKA_CLASS'):
65 line_parts = line.strip().split(' ', 2)
66 if len(line_parts) > 2:
67 field, type = line_parts[0:2]
68 value = ' '.join(line_parts[2:])
69 elif len(line_parts) == 2:
70 field, type = line_parts
73 raise NotImplementedError, 'line_parts < 2 not supported.'
74 if type == 'MULTILINE_OCTAL':
79 if len(obj.items()) > 0:
84 if os.path.exists('blacklist.txt'):
85 for line in open('blacklist.txt', 'r'):
87 if line.startswith('#') or len(line) == 0:
89 item = line.split('#', 1)[0].strip()
90 blacklist.append(item)
92 # Build up trust database.
95 if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
97 if obj['CKA_LABEL'] in blacklist:
98 print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
99 elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
100 'CKT_NSS_TRUSTED_DELEGATOR'):
101 trust[obj['CKA_LABEL']] = True
102 elif obj['CKA_TRUST_EMAIL_PROTECTION'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
103 'CKT_NSS_TRUSTED_DELEGATOR'):
104 trust[obj['CKA_LABEL']] = True
105 elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
106 'CKT_NSS_NOT_TRUSTED'):
108 print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
111 print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
112 (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
113 obj['CKA_TRUST_EMAIL_PROTECTION'])
116 if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
117 if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
119 fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
123 .replace(',', '_') + '.crt'
124 fname = fname.decode('string_escape')
126 f.write("-----BEGIN CERTIFICATE-----\n")
127 f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
128 f.write("\n-----END CERTIFICATE-----\n")