diff options
author | kali <kali@leap.se> | 2012-10-19 09:05:14 +0900 |
---|---|---|
committer | kali <kali@leap.se> | 2012-10-19 09:05:14 +0900 |
commit | 634030e5bba3fe7c2ea3632fff252a60b471487a (patch) | |
tree | aea7b41368d54bf306ff99635e1de59bccd6893f /src/leap/crypto | |
parent | 2a01c969e0f8dff575007043996c3b0489e20e75 (diff) |
ca cert fingerprint check + api cert verification
Diffstat (limited to 'src/leap/crypto')
-rw-r--r-- | src/leap/crypto/certs.py | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py index ac9bd357..8908865d 100644 --- a/src/leap/crypto/certs.py +++ b/src/leap/crypto/certs.py @@ -2,6 +2,7 @@ import ctypes import socket import gnutls.connection +import gnutls.crypto import gnutls.library @@ -19,10 +20,19 @@ def get_https_cert_from_domain(domain): return cert -def get_https_cert_fingerprint(domain, hash_type="SHA256", sep=":"): +def get_cert_from_file(filepath): + with open(filepath) as f: + cert = gnutls.crypto.X509Certificate(f.read()) + return cert + + +def get_cert_fingerprint(domain=None, filepath=None, + hash_type="SHA256", sep=":"): """ @param domain: a domain name to get a fingerprint from @type domain: str + @param filepath: path to a file containing a PEM file + @type filepath: str @param hash_type: the hash function to be used in the fingerprint. must be one of SHA1, SHA224, SHA256, SHA384, SHA512 @type hash_type: str @@ -30,7 +40,10 @@ def get_https_cert_fingerprint(domain, hash_type="SHA256", sep=":"): containing the fingerprint. @rtype: string """ - cert = get_https_cert_from_domain(domain) + if domain: + cert = get_https_cert_from_domain(domain) + if filepath: + cert = get_cert_from_file(filepath) _buffer = ctypes.create_string_buffer(64) buffer_length = ctypes.c_size_t(64) @@ -56,6 +69,3 @@ def get_https_cert_fingerprint(domain, hash_type="SHA256", sep=":"): hex_fpr = sep.join(u"%02X" % ord(char) for char in fpr) return hex_fpr - -#if __name__ == "__main__": - #print get_https_cert_fingerprint('springbok') |