summaryrefslogtreecommitdiff
path: root/src/leap/crypto/certs.py
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-10-19 09:05:14 +0900
committerkali <kali@leap.se>2012-10-19 09:05:14 +0900
commit634030e5bba3fe7c2ea3632fff252a60b471487a (patch)
treeaea7b41368d54bf306ff99635e1de59bccd6893f /src/leap/crypto/certs.py
parent2a01c969e0f8dff575007043996c3b0489e20e75 (diff)
ca cert fingerprint check + api cert verification
Diffstat (limited to 'src/leap/crypto/certs.py')
-rw-r--r--src/leap/crypto/certs.py20
1 files changed, 15 insertions, 5 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
index ac9bd357..8908865d 100644
--- a/src/leap/crypto/certs.py
+++ b/src/leap/crypto/certs.py
@@ -2,6 +2,7 @@ import ctypes
import socket
import gnutls.connection
+import gnutls.crypto
import gnutls.library
@@ -19,10 +20,19 @@ def get_https_cert_from_domain(domain):
return cert
-def get_https_cert_fingerprint(domain, hash_type="SHA256", sep=":"):
+def get_cert_from_file(filepath):
+ with open(filepath) as f:
+ cert = gnutls.crypto.X509Certificate(f.read())
+ return cert
+
+
+def get_cert_fingerprint(domain=None, filepath=None,
+ hash_type="SHA256", sep=":"):
"""
@param domain: a domain name to get a fingerprint from
@type domain: str
+ @param filepath: path to a file containing a PEM file
+ @type filepath: str
@param hash_type: the hash function to be used in the fingerprint.
must be one of SHA1, SHA224, SHA256, SHA384, SHA512
@type hash_type: str
@@ -30,7 +40,10 @@ def get_https_cert_fingerprint(domain, hash_type="SHA256", sep=":"):
containing the fingerprint.
@rtype: string
"""
- cert = get_https_cert_from_domain(domain)
+ if domain:
+ cert = get_https_cert_from_domain(domain)
+ if filepath:
+ cert = get_cert_from_file(filepath)
_buffer = ctypes.create_string_buffer(64)
buffer_length = ctypes.c_size_t(64)
@@ -56,6 +69,3 @@ def get_https_cert_fingerprint(domain, hash_type="SHA256", sep=":"):
hex_fpr = sep.join(u"%02X" % ord(char) for char in fpr)
return hex_fpr
-
-#if __name__ == "__main__":
- #print get_https_cert_fingerprint('springbok')