Ported scripts to python3
This commit is contained in:
Kai Engert
parent
34c0da9058
commit
1a2c011ba4
@ -38,7 +38,7 @@ Name: ca-certificates
|
||||
Version: 2018.2.24
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: Public Domain
|
||||
|
||||
Group: System Environment/Base
|
||||
@ -78,7 +78,7 @@ Requires: p11-kit >= 0.23.10
|
||||
Requires: p11-kit-trust >= 0.23.10
|
||||
|
||||
BuildRequires: perl-interpreter
|
||||
BuildRequires: python2
|
||||
BuildRequires: python3
|
||||
BuildRequires: openssl
|
||||
BuildRequires: asciidoc
|
||||
BuildRequires: libxslt
|
||||
@ -99,7 +99,7 @@ mkdir %{name}/java
|
||||
pushd %{name}/certs
|
||||
pwd
|
||||
cp %{SOURCE0} .
|
||||
python %{SOURCE4} >c2p.log 2>c2p.err
|
||||
python3 %{SOURCE4} >c2p.log 2>c2p.err
|
||||
popd
|
||||
pushd %{name}
|
||||
(
|
||||
@ -372,6 +372,9 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jun 28 2018 Kai Engert <kaie@redhat.com> - 2018.2.24-5
|
||||
- Ported scripts to python3
|
||||
|
||||
* Mon Jun 11 2018 Daiki Ueno <dueno@redhat.com> - 2018.2.24-4
|
||||
- Extract certificate bundle in EDK2 format, suggested by Laszlo Ersek
|
||||
|
||||
|
||||
@ -26,17 +26,17 @@ import os.path
|
||||
import re
|
||||
import sys
|
||||
import textwrap
|
||||
import urllib
|
||||
import urllib.request, urllib.parse, urllib.error
|
||||
import subprocess
|
||||
|
||||
objects = []
|
||||
|
||||
def printable_serial(obj):
|
||||
return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER']))
|
||||
return ".".join([str(x) for x in obj['CKA_SERIAL_NUMBER']])
|
||||
|
||||
# Dirty file parser.
|
||||
in_data, in_multiline, in_obj = False, False, False
|
||||
field, type, value, obj = None, None, None, dict()
|
||||
field, ftype, value, binval, obj = None, None, None, bytearray(), dict()
|
||||
for line in open('certdata.txt', 'r'):
|
||||
# Ignore the file header.
|
||||
if not in_data:
|
||||
@ -56,33 +56,36 @@ for line in open('certdata.txt', 'r'):
|
||||
continue
|
||||
if in_multiline:
|
||||
if not line.startswith('END'):
|
||||
if type == 'MULTILINE_OCTAL':
|
||||
if ftype == 'MULTILINE_OCTAL':
|
||||
line = line.strip()
|
||||
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
|
||||
value += chr(int(i.group(1), 8))
|
||||
integ = int(i.group(1), 8)
|
||||
binval.extend((integ).to_bytes(1, sys.byteorder))
|
||||
obj[field] = binval
|
||||
else:
|
||||
value += line
|
||||
obj[field] = value
|
||||
continue
|
||||
obj[field] = value
|
||||
in_multiline = False
|
||||
continue
|
||||
if line.startswith('CKA_CLASS'):
|
||||
in_obj = True
|
||||
line_parts = line.strip().split(' ', 2)
|
||||
if len(line_parts) > 2:
|
||||
field, type = line_parts[0:2]
|
||||
field, ftype = line_parts[0:2]
|
||||
value = ' '.join(line_parts[2:])
|
||||
elif len(line_parts) == 2:
|
||||
field, type = line_parts
|
||||
field, ftype = line_parts
|
||||
value = None
|
||||
else:
|
||||
raise NotImplementedError, 'line_parts < 2 not supported.\n' + line
|
||||
if type == 'MULTILINE_OCTAL':
|
||||
raise NotImplementedError('line_parts < 2 not supported.\n' + line)
|
||||
if ftype == 'MULTILINE_OCTAL':
|
||||
in_multiline = True
|
||||
value = ""
|
||||
binval = bytearray()
|
||||
continue
|
||||
obj[field] = value
|
||||
if len(obj.items()) > 0:
|
||||
if len(list(obj.items())) > 0:
|
||||
objects.append(obj)
|
||||
|
||||
# Build up trust database.
|
||||
@ -92,7 +95,7 @@ for obj in objects:
|
||||
continue
|
||||
key = obj['CKA_LABEL'] + printable_serial(obj)
|
||||
trustmap[key] = obj
|
||||
print " added trust", key
|
||||
print(" added trust", key)
|
||||
|
||||
# Build up cert database.
|
||||
certmap = dict()
|
||||
@ -101,7 +104,7 @@ for obj in objects:
|
||||
continue
|
||||
key = obj['CKA_LABEL'] + printable_serial(obj)
|
||||
certmap[key] = obj
|
||||
print " added cert", key
|
||||
print(" added cert", key)
|
||||
|
||||
def obj_to_filename(obj):
|
||||
label = obj['CKA_LABEL'][1:-1]
|
||||
@ -110,7 +113,18 @@ def obj_to_filename(obj):
|
||||
.replace('(', '=')\
|
||||
.replace(')', '=')\
|
||||
.replace(',', '_')
|
||||
label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label)
|
||||
labelbytes = bytearray()
|
||||
i = 0
|
||||
imax = len(label)
|
||||
while i < imax:
|
||||
if i < imax-3 and label[i] == '\\' and label[i+1] == 'x':
|
||||
labelbytes.extend(bytes.fromhex(label[i+2:i+4]))
|
||||
i += 4
|
||||
continue
|
||||
labelbytes.extend(str.encode(label[i]))
|
||||
i = i+1
|
||||
continue
|
||||
label = labelbytes.decode('utf-8')
|
||||
serial = printable_serial(obj)
|
||||
return label + ":" + serial
|
||||
|
||||
@ -166,31 +180,31 @@ openssl_trust = {
|
||||
for tobj in objects:
|
||||
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
|
||||
key = tobj['CKA_LABEL'] + printable_serial(tobj)
|
||||
print "producing trust for " + key
|
||||
print("producing trust for " + key)
|
||||
trustbits = []
|
||||
distrustbits = []
|
||||
openssl_trustflags = []
|
||||
openssl_distrustflags = []
|
||||
legacy_trustbits = []
|
||||
legacy_openssl_trustflags = []
|
||||
for t in trust_types.keys():
|
||||
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
for t in list(trust_types.keys()):
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
trustbits.append(t)
|
||||
if t in openssl_trust:
|
||||
openssl_trustflags.append(openssl_trust[t])
|
||||
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||
distrustbits.append(t)
|
||||
if t in openssl_trust:
|
||||
openssl_distrustflags.append(openssl_trust[t])
|
||||
|
||||
for t in legacy_trust_types.keys():
|
||||
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
for t in list(legacy_trust_types.keys()):
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
real_t = legacy_to_real_trust_types[t]
|
||||
legacy_trustbits.append(real_t)
|
||||
if real_t in openssl_trust:
|
||||
legacy_openssl_trustflags.append(openssl_trust[real_t])
|
||||
if tobj.has_key(t) and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||
raise NotImplementedError, 'legacy distrust not supported.\n' + line
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||
raise NotImplementedError('legacy distrust not supported.\n' + line)
|
||||
|
||||
fname = obj_to_filename(tobj)
|
||||
try:
|
||||
@ -206,10 +220,10 @@ for tobj in objects:
|
||||
#dumpf.close();
|
||||
|
||||
is_legacy = 0
|
||||
if tobj.has_key('LEGACY_CKA_TRUST_SERVER_AUTH') or tobj.has_key('LEGACY_CKA_TRUST_EMAIL_PROTECTION') or tobj.has_key('LEGACY_CKA_TRUST_CODE_SIGNING'):
|
||||
if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj:
|
||||
is_legacy = 1
|
||||
if obj == None:
|
||||
raise NotImplementedError, 'found legacy trust without certificate.\n' + line
|
||||
raise NotImplementedError('found legacy trust without certificate.\n' + line)
|
||||
|
||||
legacy_fname = "legacy-default/" + fname + ".crt"
|
||||
f = open(legacy_fname, 'w')
|
||||
@ -218,11 +232,13 @@ for tobj in objects:
|
||||
if legacy_openssl_trustflags:
|
||||
f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
|
||||
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
||||
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||
f.write("\n".join(temp_wrapped))
|
||||
f.write("\n-----END CERTIFICATE-----\n")
|
||||
f.close()
|
||||
|
||||
if tobj.has_key('CKA_TRUST_SERVER_AUTH') or tobj.has_key('CKA_TRUST_EMAIL_PROTECTION') or tobj.has_key('CKA_TRUST_CODE_SIGNING'):
|
||||
if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj:
|
||||
legacy_fname = "legacy-disable/" + fname + ".crt"
|
||||
f = open(legacy_fname, 'w')
|
||||
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
|
||||
@ -244,7 +260,9 @@ for tobj in objects:
|
||||
cert_fname = "cert-" + fname
|
||||
fc = open(cert_fname, 'w')
|
||||
fc.write("-----BEGIN CERTIFICATE-----\n")
|
||||
fc.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
||||
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||
fc.write("\n".join(temp_wrapped))
|
||||
fc.write("\n-----END CERTIFICATE-----\n")
|
||||
fc.close();
|
||||
pk_fname = "pubkey-" + fname
|
||||
@ -262,7 +280,7 @@ for tobj in objects:
|
||||
fcout.close()
|
||||
sed_command = ["sed", "--in-place", "s/^/#/", comment_fname]
|
||||
subprocess.call(sed_command)
|
||||
with open (comment_fname, "r") as myfile:
|
||||
with open (comment_fname, "r", errors = 'replace') as myfile:
|
||||
cert_comment=myfile.read()
|
||||
|
||||
fname += ".tmp-p11-kit"
|
||||
@ -274,19 +292,19 @@ for tobj in objects:
|
||||
has_email_trust = False
|
||||
has_code_trust = False
|
||||
|
||||
if tobj.has_key('CKA_TRUST_SERVER_AUTH'):
|
||||
if 'CKA_TRUST_SERVER_AUTH' in tobj:
|
||||
if tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
|
||||
is_distrusted = True
|
||||
elif tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
has_server_trust = True
|
||||
|
||||
if tobj.has_key('CKA_TRUST_EMAIL_PROTECTION'):
|
||||
if 'CKA_TRUST_EMAIL_PROTECTION' in tobj:
|
||||
if tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED':
|
||||
is_distrusted = True
|
||||
elif tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
has_email_trust = True
|
||||
|
||||
if tobj.has_key('CKA_TRUST_CODE_SIGNING'):
|
||||
if 'CKA_TRUST_CODE_SIGNING' in tobj:
|
||||
if tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED':
|
||||
is_distrusted = True
|
||||
elif tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
@ -352,7 +370,9 @@ for tobj in objects:
|
||||
f.write("modifiable: false\n");
|
||||
|
||||
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
||||
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||
f.write("\n".join(temp_wrapped))
|
||||
f.write("\n-----END CERTIFICATE-----\n")
|
||||
f.write(cert_comment)
|
||||
f.write("\n")
|
||||
@ -366,13 +386,13 @@ for tobj in objects:
|
||||
f.write("certificate-type: x-509\n")
|
||||
f.write("modifiable: false\n");
|
||||
f.write("issuer: \"");
|
||||
f.write(urllib.quote(tobj['CKA_ISSUER']));
|
||||
f.write(urllib.parse.quote(tobj['CKA_ISSUER']));
|
||||
f.write("\"\n")
|
||||
f.write("serial-number: \"");
|
||||
f.write(urllib.quote(tobj['CKA_SERIAL_NUMBER']));
|
||||
f.write(urllib.parse.quote(tobj['CKA_SERIAL_NUMBER']));
|
||||
f.write("\"\n")
|
||||
if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'):
|
||||
f.write("x-distrusted: true\n")
|
||||
f.write("\n\n")
|
||||
f.close()
|
||||
print " -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags)
|
||||
print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags))
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/python
|
||||
#!/usr/bin/python3
|
||||
|
||||
# Expected input is a file, where blocks of lines are separated by newline.
|
||||
# Blocks will be sorted.
|
||||
@ -9,7 +9,7 @@ import sys
|
||||
import string
|
||||
|
||||
if (len(sys.argv) != 2):
|
||||
print "syntax: " + sys.argv[0] + " input-filename"
|
||||
print("syntax: " + sys.argv[0] + " input-filename")
|
||||
sys.exit(1)
|
||||
|
||||
filename = sys.argv[1]
|
||||
@ -31,4 +31,4 @@ with open(filename, 'r') as f:
|
||||
block_list.sort()
|
||||
|
||||
for block in block_list:
|
||||
print block
|
||||
print(block)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user