diff options
| author | Max Rees <maxcrees@me.com> | 2020-06-16 00:50:21 +0000 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-06-16 00:50:21 +0000 |
| commit | 256ed96a191c4f491242e5207a21a39b1450f0e5 (patch) | |
| tree | c7c8d0acf5516dbc5759aa745f6e5ac658dbf9e1 /certdata2pem.py | |
| parent | 9f002a55738f183a25813a3e324b5b66cf38755c (diff) | |
| parent | 1bb1c32dd6dce336b036c4f3bef43fd1cce99a77 (diff) | |
| download | ca-certificates-256ed96a191c4f491242e5207a21a39b1450f0e5.tar.gz ca-certificates-256ed96a191c4f491242e5207a21a39b1450f0e5.tar.bz2 ca-certificates-256ed96a191c4f491242e5207a21a39b1450f0e5.tar.xz ca-certificates-256ed96a191c4f491242e5207a21a39b1450f0e5.zip | |
Merge branch '20200603' into 'master'master
Bump to 20200603
See merge request adelie/ca-certificates!1
Diffstat (limited to 'certdata2pem.py')
| -rw-r--r-- | certdata2pem.py | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/certdata2pem.py b/certdata2pem.py index f91422b..5af0def 100644 --- a/certdata2pem.py +++ b/certdata2pem.py @@ -21,11 +21,17 @@ # USA. import base64 +import datetime +import io import os.path +import pathlib import re import sys import textwrap -import io + +DATE_FMT = "%a %b %d %H:%M:%S %Y" +VERSION = pathlib.Path(__file__).parent / "VERSION" +VERSION = datetime.datetime.strptime(VERSION.read_text().strip(), "%Y%m%d") objects = [] @@ -43,9 +49,6 @@ for line in io.open('certdata.txt', 'rt', encoding='utf8'): if line.startswith('BEGINDATA'): in_data = True continue - # Ignore comment lines. - if line.startswith('#'): - continue # Empty lines are significant if we are inside an object. if in_obj and len(line.strip()) == 0: objects.append(obj) @@ -54,6 +57,17 @@ for line in io.open('certdata.txt', 'rt', encoding='utf8'): continue if len(line.strip()) == 0: continue + if line.startswith("# Not Valid Before: "): + line = line.replace("# Not Valid Before: ", "", 1).strip() + obj["before"] = datetime.datetime.strptime(line, DATE_FMT) + continue + if line.startswith("# Not Valid After : "): + line = line.replace("# Not Valid After : ", "", 1).strip() + obj["after"] = datetime.datetime.strptime(line, DATE_FMT) + continue + # Ignore comment lines. + if line.startswith('#'): + continue if in_multiline: if not line.startswith('END'): if type == 'MULTILINE_OCTAL': @@ -97,15 +111,23 @@ if os.path.exists('blacklist.txt'): # Build up trust database. trust = dict() +next_expiring = None for obj in objects: if obj['CKA_CLASS'] != 'CKO_NSS_TRUST': continue if obj['CKA_LABEL'] in blacklist: print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR': - trust[obj['CKA_LABEL']] = True + if VERSION < obj["before"] or VERSION > obj["after"]: + print('!'*74) + print("EXPIRED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) + print('!'*74) + else: + if not next_expiring: + next_expiring = obj + elif obj['after'] < next_expiring['after']: + next_expiring = obj + trust[obj['CKA_LABEL']] = True elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED': print('!'*74) print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) @@ -115,6 +137,8 @@ for obj in objects: (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], obj['CKA_TRUST_EMAIL_PROTECTION'])) +print('Next expiring certificate:', next_expiring['CKA_LABEL'], next_expiring['after']) + for obj in objects: if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |