4 # certdata2pem.py - splits certdata.txt into multiple files
6 # Copyright (C) 2009 Philipp Kern <pkern@debian.org>
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
32 in_data, in_multiline, in_obj = False, False, False
33 field, type, value, obj = None, None, None, dict()
34 for line in open('certdata.txt', 'r'):
35 # Ignore the file header.
37 if line.startswith('BEGINDATA'):
40 # Ignore comment lines.
41 if line.startswith('#'):
43 # Empty lines are significant if we are inside an object.
44 if in_obj and len(line.strip()) == 0:
49 if len(line.strip()) == 0:
52 if not line.startswith('END'):
53 if type == 'MULTILINE_OCTAL':
55 for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
56 value += chr(int(i.group(1), 8))
63 if line.startswith('CKA_CLASS'):
65 line_parts = line.strip().split(' ', 2)
66 if len(line_parts) > 2:
67 field, type = line_parts[0:2]
68 value = ' '.join(line_parts[2:])
69 elif len(line_parts) == 2:
70 field, type = line_parts
73 raise NotImplementedError, 'line_parts < 2 not supported.'
74 if type == 'MULTILINE_OCTAL':
79 if len(obj.items()) > 0:
84 if os.path.exists('blacklist.txt'):
85 for line in open('blacklist.txt', 'r'):
87 if line.startswith('#') or len(line) == 0:
89 item = line.split('#', 1)[0].strip()
90 blacklist.append(item)
92 # Build up trust database.
95 if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
97 if obj['CKA_LABEL'] in blacklist:
98 print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
99 elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
100 trust[obj['CKA_LABEL']] = True
101 elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
102 trust[obj['CKA_LABEL']] = True
103 elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
105 print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
108 print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
109 (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
110 obj['CKA_TRUST_EMAIL_PROTECTION'])
113 if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
114 if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
116 fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
120 .replace(',', '_') + '.crt'
121 fname = fname.decode('string_escape')
123 f.write("-----BEGIN CERTIFICATE-----\n")
124 f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
125 f.write("\n-----END CERTIFICATE-----\n")