| Dzmitry Stremkouski | b0887c9 | 2018-07-03 13:05:35 +0200 | [diff] [blame] | 1 | #!/usr/bin/env python |
| 2 | |
| 3 | import os |
| 4 | import sys |
| 5 | from cryptography import x509 |
| 6 | from cryptography.hazmat.backends import default_backend |
| 7 | from cryptography.x509.oid import ExtensionOID |
| 8 | from datetime import datetime |
| 9 | |
| 10 | salt_master_ca_path = '/etc/pki/ca/salt_master_ca/certs/' |
| 11 | certs = [] |
| 12 | elem_in_list = False |
| 13 | |
| 14 | _files = os.listdir(salt_master_ca_path) |
| 15 | for _file in _files: |
| 16 | _file_obj = open(salt_master_ca_path + _file, 'r') |
| 17 | pem_data = _file_obj.read() |
| 18 | _file_obj.close() |
| 19 | |
| 20 | cert_serial = _file.split('.')[0].lower() |
| 21 | cert = x509.load_pem_x509_certificate(pem_data, default_backend()) |
| 22 | cert_date = datetime.strptime(str(cert.not_valid_before), '%Y-%m-%d %H:%M:%S').strftime('%s') |
| 23 | cert_exts = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME) |
| 24 | cert_exts_list = cert_exts.value.get_values_for_type(x509.DNSName) |
| 25 | |
| 26 | for _name in cert.subject: |
| 27 | if _name.oid.dotted_string == '2.5.4.3': |
| 28 | cert_cn = _name.value |
| 29 | |
| 30 | for elem in certs: |
| 31 | if (elem[0] == cert_cn) and (elem[1] == cert_exts_list): |
| 32 | elem_in_list = True |
| 33 | if elem[2] < cert_date: |
| 34 | elem[2] = cert_date |
| 35 | |
| 36 | if not elem_in_list: |
| 37 | certs.append([ cert_cn, cert_exts_list, cert_date, cert_serial ]) |
| 38 | |
| 39 | elem_in_list = False |
| 40 | |
| 41 | for elem in certs: |
| 42 | print salt_master_ca_path + elem[3].upper() + '.crt (' + str(elem[0]) + ', ' + ', '.join(map(str, elem[1])) + ')' |