Spaces:

raannakasturi
/

decode_ssl

Running

App Files Files Community

raannakasturi commited on Sep 15, 2024

Commit

2a4ddb8

verified ·

1 Parent(s): a2075a8

Update decode.py

Browse files

Files changed (1) hide show

decode.py +166 -166

decode.py CHANGED Viewed

@@ -1,167 +1,167 @@
-import os
-import subprocess
-from cryptography import x509
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
-from cryptography.hazmat.primitives.asymmetric import ec, rsa
-from datetime import datetime
-import pytz
-def get_date(date):
-    date = datetime.fromisoformat(date)
-    timezone = pytz.timezone('Asia/Kolkata')
-    local_datetime = date.astimezone(timezone)
-    formatted_date = local_datetime.strftime('%d %B, %Y %H:%M:%S %z')
-    day = local_datetime.day
-    ordinal_suffix = 'th' if 4 <= day <= 20 else {1: 'st', 2: 'nd', 3: 'rd'}.get(day % 10, 'th')
-    formatted_date_with_suffix = formatted_date.replace(f"{day}", f"{day}{ordinal_suffix}")
-    return formatted_date_with_suffix
-def check_expiry(date):
-    date = datetime.fromisoformat(date)
-    timezone = pytz.timezone('Asia/Kolkata')
-    current_date = datetime.now(timezone)
-    days_left = (date - current_date).days
-    if days_left > 0:
-        return f"No ({days_left} days till expiration)"
-    else:
-        return f"Yes ({abs(days_left)} days since expired)"
-def get_key_data(public_key):
-    if isinstance(public_key, ec.EllipticCurvePublicKey):
-        public_key_curve = public_key.curve.name
-        public_key_size = public_key.curve.key_size
-        data = {
-            "type": f"ECDSA ({public_key_curve})",
-            "size": f"{public_key_size} bits"
-        }
-    elif isinstance(public_key, rsa.RSAPublicKey):
-        public_key_size = public_key.key_size
-        data = {
-            "type": "RSA",
-            "size": f"{public_key_size} bits"
-        }
-    else:
-        data = {
-            "type": "Unknown",
-            "size": "Unknown"
-        }
-    return data
-def general_info(cert, public_key):
-    subject = None
-    sans = None
-    not_valid_after = None
-    not_valid_before = None
-    expiry = None
-    key_data = None
-    signature_algorithm = None
-    serial_number = None
-    subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if subject else None
-    sans = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName).value.get_values_for_type(x509.DNSName) if sans else None
-    not_valid_after = get_date(str(cert.not_valid_after_utc)) if not_valid_after else None
-    not_valid_before = get_date(str(cert.not_valid_before_utc)) if not_valid_before else None
-    expiry = check_expiry(str(cert.not_valid_after_utc)) if expiry else None
-    key_data = get_key_data(public_key) if key_data else None
-    signature_algorithm = cert.signature_algorithm_oid._name if signature_algorithm else None
-    serial_number = f"{cert.serial_number} ({hex(cert.serial_number)})"
-    gen_info = {
-        "subject": subject,
-        "sans": sans,
-        "not_valid_after": not_valid_after,
-        "not_valid_before": not_valid_before,
-        "expiry": expiry,
-        "key_data": key_data,
-        "signature_algorithm": signature_algorithm,
-        "serial_number": serial_number
-    }
-    return gen_info
-def issuer_info(cert):
-    issuer = None; organization = None; country = None
-    issuer = cert.issuer.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if issuer else None
-    organization = cert.issuer.get_attributes_for_oid(x509.NameOID.ORGANIZATION_NAME)[0].value if organization else None
-    country = cert.issuer.get_attributes_for_oid(x509.NameOID.COUNTRY_NAME)[0].value if country else None
-    return {
-        "issuer": issuer,
-        "organization": organization,
-        "country": country
-    }
-def extenstions_data(cert):
-    authorityinfo = None; ocsp_url = None; ca_issuer_url = None; subject_alt_name = None
-    if (tempdata1 := cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_KEY_IDENTIFIER).value.key_identifier):
-        authorityKeyIdentifier = ':'.join(f'{b:02X}' for b in tempdata1)
-    else:
-        authorityKeyIdentifier = None
-    if (subject := cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_KEY_IDENTIFIER).value.digest):
-        subjectKeyIdentifier = ':'.join(f'{b:02X}' for b in subject)
-    else:
-        subjectKeyIdentifier = None
-    if (key_usage := cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE).value):
-        key_usage_info = list(vars(key_usage).items())
-        key_usage_data =[]
-        for item in key_usage_info:
-            key_usage_data.append(f"{item[0][1:]} : {item[1]}")
-        key_usage_data = key_usage_data
-    else:
-        key_usage_data = None
-    if (ext_key_usage := cert.extensions.get_extension_for_oid(x509.OID_EXTENDED_KEY_USAGE).value):
-        ext_key_usage_data = [oid._name for oid in ext_key_usage]
-    else:
-        ext_key_usage_data = None
-    crl_distribution_points = []
-    try:
-        crl_extension = cert.extensions.get_extension_for_oid(x509.OID_CRL_DISTRIBUTION_POINTS)
-        for distribution_point in crl_extension.value:
-            # Extracting the full names (URIs)
-            if distribution_point.full_name:
-                uris = [name.value for name in distribution_point.full_name]
-                crl_distribution_points.extend(uris)
-    except x509.ExtensionNotFound:
-        crl_distribution_points.append("No CRL Distribution Points extension")
-    authorityinfo = cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_INFORMATION_ACCESS).value if authorityinfo else None
-    ocsp_url = authorityinfo[0].access_location.value if ocsp_url else None
-    ca_issuer_url = authorityinfo[1].access_location.value  if ca_issuer_url else None
-    authority_info_data = {
-        "ocsp_url": ocsp_url,
-        "ca_issuer_url": ca_issuer_url
-    }
-    subject_alt_name = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME).value.get_values_for_type(x509.DNSName) if subject_alt_name else None
-    return {
-        "authorityKeyIdentifier": authorityKeyIdentifier,
-        "subjectKeyIdentifier": subjectKeyIdentifier,
-        "key_usage": key_usage_data,
-        "extended_key_usage": ext_key_usage_data,
-        "crl_distribution_points": crl_distribution_points,
-        "authority_info": authority_info_data,
-        "subject_alt_name": subject_alt_name
-    }
-def get_openssl_data(cert_file):
-    result1 = subprocess.run(["openssl", "x509", "-in", cert_file, "-text", "-noout"], capture_output=True, text=True)
-    result2 = subprocess.run(['openssl', 'asn1parse', '-in', cert_file], capture_output=True, text=True)
-    data = {
-        'raw_openssl_data': result1.stdout,
-        'openssl_asn1parse_data': result2.stdout
-    }
-    return data
-def decode_ssl_certificate(cert):
-    subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value
-    with open(f'{subject}.pem', 'wb') as cert_file:
-        cert_file.write(cert.public_bytes(Encoding.PEM))
-    public_key = cert.public_key()
-    general_info_data = general_info(cert, public_key)
-    issuer_info_data = issuer_info(cert)
-    extensions_data_data = extenstions_data(cert)
-    raw_openssl_data = get_openssl_data(f'{subject}.pem')
-    os.remove(f'{subject}.pem')
-    data = {
-        "general_info": general_info_data,
-        "issuer_info": issuer_info_data,
-        "extensions_data": extensions_data_data,
-        "raw_openssl_data": raw_openssl_data
-    }
     return data

+import os
+import subprocess
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
+from cryptography.hazmat.primitives.asymmetric import ec, rsa
+from datetime import datetime
+import pytz
+def get_date(date):
+    date = datetime.fromisoformat(date)
+    timezone = pytz.timezone('Asia/Kolkata')
+    local_datetime = date.astimezone(timezone)
+    formatted_date = local_datetime.strftime('%d %B, %Y %H:%M:%S %z')
+    day = local_datetime.day
+    ordinal_suffix = 'th' if 4 <= day <= 20 else {1: 'st', 2: 'nd', 3: 'rd'}.get(day % 10, 'th')
+    formatted_date_with_suffix = formatted_date.replace(f"{day}", f"{day}{ordinal_suffix}")
+    return formatted_date_with_suffix
+def check_expiry(date):
+    date = datetime.fromisoformat(date)
+    timezone = pytz.timezone('Asia/Kolkata')
+    current_date = datetime.now(timezone)
+    days_left = (date - current_date).days
+    if days_left > 0:
+        return f"No ({days_left} days till expiration)"
+    else:
+        return f"Yes ({abs(days_left)} days since expired)"
+def get_key_data(public_key):
+    if isinstance(public_key, ec.EllipticCurvePublicKey):
+        public_key_curve = public_key.curve.name
+        public_key_size = public_key.curve.key_size
+        data = {
+            "type": f"ECDSA ({public_key_curve})",
+            "size": f"{public_key_size} bits"
+        }
+    elif isinstance(public_key, rsa.RSAPublicKey):
+        public_key_size = public_key.key_size
+        data = {
+            "type": "RSA",
+            "size": f"{public_key_size} bits"
+        }
+    else:
+        data = {
+            "type": "Unknown",
+            "size": "Unknown"
+        }
+    return data
+def general_info(cert, public_key):
+    subject = None
+    sans = None
+    not_valid_after = None
+    not_valid_before = None
+    expiry = None
+    key_data = None
+    signature_algorithm = None
+    serial_number = None
+    subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if subject else None
+    sans = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName).value.get_values_for_type(x509.DNSName) if sans else None
+    not_valid_after = get_date(str(cert.not_valid_after_utc)) if not_valid_after else None
+    not_valid_before = get_date(str(cert.not_valid_before_utc)) if not_valid_before else None
+    expiry = check_expiry(str(cert.not_valid_after_utc)) if expiry else None
+    key_data = get_key_data(public_key) if key_data else None
+    signature_algorithm = cert.signature_algorithm_oid._name if signature_algorithm else None
+    serial_number = f"{cert.serial_number} ({hex(cert.serial_number)})"
+    gen_info = {
+        "subject": subject,
+        "sans": sans,
+        "not_valid_after": not_valid_after,
+        "not_valid_before": not_valid_before,
+        "expiry": expiry,
+        "key_data": key_data,
+        "signature_algorithm": signature_algorithm,
+        "serial_number": serial_number
+    }
+    return gen_info
+def issuer_info(cert):
+    issuer = None; organization = None; country = None
+    issuer = cert.issuer.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if issuer else None
+    organization = cert.issuer.get_attributes_for_oid(x509.NameOID.ORGANIZATION_NAME)[0].value if organization else None
+    country = cert.issuer.get_attributes_for_oid(x509.NameOID.COUNTRY_NAME)[0].value if country else None
+    return {
+        "issuer": issuer,
+        "organization": organization,
+        "country": country
+    }
+def extenstions_data(cert):
+    authorityinfo = None; ocsp_url = None; ca_issuer_url = None; subject_alt_name = None
+    if (tempdata1 := cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_KEY_IDENTIFIER).value.key_identifier):
+        authorityKeyIdentifier = ':'.join(f'{b:02X}' for b in tempdata1)
+    else:
+        authorityKeyIdentifier = None
+    if (subject := cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_KEY_IDENTIFIER).value.digest):
+        subjectKeyIdentifier = ':'.join(f'{b:02X}' for b in subject)
+    else:
+        subjectKeyIdentifier = None
+    if (key_usage := cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE).value):
+        key_usage_info = list(vars(key_usage).items())
+        key_usage_data =[]
+        for item in key_usage_info:
+            key_usage_data.append(f"{item[0][1:]} : {item[1]}")
+        key_usage_data = key_usage_data
+    else:
+        key_usage_data = None
+    if (ext_key_usage := cert.extensions.get_extension_for_oid(x509.OID_EXTENDED_KEY_USAGE).value):
+        ext_key_usage_data = [oid._name for oid in ext_key_usage]
+    else:
+        ext_key_usage_data = None
+    crl_distribution_points = []
+    try:
+        crl_extension = cert.extensions.get_extension_for_oid(x509.OID_CRL_DISTRIBUTION_POINTS)
+        for distribution_point in crl_extension.value:
+            # Extracting the full names (URIs)
+            if distribution_point.full_name:
+                uris = [name.value for name in distribution_point.full_name]
+                crl_distribution_points.extend(uris)
+    except x509.ExtensionNotFound:
+        crl_distribution_points.append("No CRL Distribution Points extension")
+    authorityinfo = cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_INFORMATION_ACCESS).value if authorityinfo else None
+    ocsp_url = authorityinfo[0].access_location.value if ocsp_url else None
+    ca_issuer_url = authorityinfo[1].access_location.value  if ca_issuer_url else None
+    authority_info_data = {
+        "ocsp_url": ocsp_url,
+        "ca_issuer_url": ca_issuer_url
+    }
+    subject_alt_name = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME).value.get_values_for_type(x509.DNSName) if subject_alt_name else None
+    return {
+        "authorityKeyIdentifier": authorityKeyIdentifier,
+        "subjectKeyIdentifier": subjectKeyIdentifier,
+        "key_usage": key_usage_data,
+        "extended_key_usage": ext_key_usage_data,
+        "crl_distribution_points": crl_distribution_points,
+        "authority_info": authority_info_data,
+        "subject_alt_name": subject_alt_name
+    }
+def get_openssl_data(cert_file):
+    result1 = subprocess.run(["openssl", "x509", "-in", cert_file, "-text", "-noout"], capture_output=True, text=True)
+    result2 = subprocess.run(['openssl', 'asn1parse', '-in', cert_file], capture_output=True, text=True)
+    data = {
+        'raw_openssl_data': result1.stdout,
+        'openssl_asn1parse_data': result2.stdout
+    }
+    return data
+def decode_ssl_certificate(cert) -> dict:
+    subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value
+    with open(f'{subject}.pem', 'wb') as cert_file:
+        cert_file.write(cert.public_bytes(Encoding.PEM))
+    public_key = cert.public_key()
+    general_info_data = general_info(cert, public_key)
+    issuer_info_data = issuer_info(cert)
+    extensions_data_data = extenstions_data(cert)
+    raw_openssl_data = get_openssl_data(f'{subject}.pem')
+    os.remove(f'{subject}.pem')
+    data = {
+        "general_info": general_info_data,
+        "issuer_info": issuer_info_data,
+        "extensions_data": extensions_data_data,
+        "raw_openssl_data": raw_openssl_data
+    }
     return data