scott/cert-deets
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Code tidy up

Browse source
This commit is contained in:
Scott Wallace 2025-03-05 17:29:06 +00:00
parent ec2f5ce902
commit d207312a2e
Signed by: scott
SSH key fingerprint: SHA256:+LJug6Dj01Jdg86CILGng9r0lJseUrpI0xfRqdW9Uws
1 changed files with 32 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
cert_deets.py
View file

@ -1,12 +1,13 @@
#!python3
"""
Return the Akamai property and version for a given site
"""
"""Display TLS certificate details for an HTTP endpoint."""
from __future__ import annotations
import argparse
import socket
import ssl
import sys
import urllib.error
from contextlib import suppress
from typing import Any
from urllib.parse import urlparse
@ -20,8 +21,7 @@ SAN_GROUPING = 4
def get_cert_with_servername(addr: tuple[str, int], servername: str = "") -> bytes:
"""
Get TLS certificate from an address with an explicit servername override
"""Get TLS certificate from an address with an explicit servername override.
Args:
addr (tuple[str, int]): adress in tuple form (address, port)
@ -29,51 +29,49 @@ def get_cert_with_servername(addr: tuple[str, int], servername: str = "") -> byt
Returns:
bytes: PEM bytes
"""
context = ssl.create_default_context()
context.check_hostname = False
with socket.create_connection((addr[0], addr[1]), timeout=10) as sock:
with context.wrap_socket(sock, server_hostname=servername) as sslsock:
if der_cert := sslsock.getpeercert(True):
with socket.create_connection((addr[0], addr[1]), timeout=10) as sock, context.wrap_socket(
sock,
server_hostname=servername,
) as sslsock:
if der_cert := sslsock.getpeercert(binary_form=True):
return ssl.DER_cert_to_PEM_cert(der_cert).encode("utf=8")
return bytes()
return b""
def format_fingerprint(fingerprint: bytes | str) -> str:
"""
Print a fingerprint as a colon-separated hex string
"""Print a fingerprint as a colon-separated hex string.
Args:
fingerprint (bytes | str): fingerprint to format
Returns:
str: formatted fingerprint
"""
if isinstance(fingerprint, str):
fingerprint = bytearray.fromhex(fingerprint)
return ":".join([format(i, "02x") for i in fingerprint])
def display_error(
site: str,
error: Any = None,
) -> None:
"""
Print a generic error
"""
def display_error(site: str, error: Any = None) -> None:
"""Print a generic error."""
print(f"ERROR: Could not find a certificate for {site}")
if error:
print(str(error))
def parseargs() -> argparse.Namespace:
"""
Parse the CLI
"""Parse the CLI.
Returns:
argparse.Namespace: parsed arguments
"""
parser = argparse.ArgumentParser()
@ -84,11 +82,11 @@ def parseargs() -> argparse.Namespace:
def main() -> int:
"""
Main entrypoint
"""Run the code.
Returns:
int: return value
"""
args = parseargs()
@ -123,10 +121,8 @@ def main() -> int:
).encode("utf-8")
cert_chain = CertificateChain()
try:
with suppress(urllib.error.URLError):
cert_chain = resolve(pem_data)
except urllib.error.URLError:
pass
except (
ConnectionRefusedError,
ConnectionResetError,
@ -146,23 +142,20 @@ def main() -> int:
sans = [
f"DNS:{dns}"
for dns in cert.extensions.get_extension_for_class(
x509.SubjectAlternativeName
).value.get_values_for_type(x509.DNSName)
for dns in cert.extensions.get_extension_for_class(x509.SubjectAlternativeName).value.get_values_for_type(
x509.DNSName,
)
]
sans.extend(
[
f"IP:{ip}"
for ip in cert.extensions.get_extension_for_class(
x509.SubjectAlternativeName
).value.get_values_for_type(x509.IPAddress)
]
for ip in cert.extensions.get_extension_for_class(x509.SubjectAlternativeName).value.get_values_for_type(
x509.IPAddress,
)
],
)
sangroups = [
sans[group : group + SAN_GROUPING]
for group in range(0, len(sans), SAN_GROUPING)
]
sangroups = [sans[group : group + SAN_GROUPING] for group in range(0, len(sans), SAN_GROUPING)]
table = [
["Common name", cert.subject.rfc4514_string()],
@ -192,7 +185,7 @@ def main() -> int:
if cert
],
),
]
],
)
print(tabulate(table, tablefmt="plain"))