diff options
author | Kali Kaneko (leap communications) <kali@leap.se> | 2019-06-28 17:01:41 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2019-08-05 11:45:55 -0400 |
commit | 5d65d89e01105bc1b37995175cd9336ea2c737e0 (patch) | |
tree | b2ce2d150a7cd5cc9467f18e0039b0889846793d /branding/check-ca-crt.py | |
parent | 2160bb2351cd66639b50ff13764bb7b1442533bb (diff) |
[feat] add vendorize script to generate config
Diffstat (limited to 'branding/check-ca-crt.py')
-rwxr-xr-x | branding/check-ca-crt.py | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/branding/check-ca-crt.py b/branding/check-ca-crt.py new file mode 100755 index 0000000..6462467 --- /dev/null +++ b/branding/check-ca-crt.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +import re +import sys +import urllib.request + +SCRIPT_NAME = 'check-ca-crt.py' + +USAGE = '''Check that the stored provider CA matches the one announced online. +Usage: {name} <provider> <uri> + +Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME) + + +def getLocalCert(provider): + sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower() + with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt: + return crt.read().strip() + + +def getRemoteCert(uri): + fp = urllib.request.urlopen('https://' + uri + '/ca.crt') + remote_cert = fp.read().decode('utf-8').strip() + fp.close() + return remote_cert + + +if __name__ == '__main__': + + if len(sys.argv) != 3: + print('[!] Not enough arguments') + print(USAGE) + sys.exit(1) + + provider = sys.argv[1] + uri = sys.argv[2] + + local = getLocalCert(provider) + remote = getRemoteCert(uri) + + try: + assert local == remote + except AssertionError: + print('[!] ERROR: remote and local CA certs do not match') + sys.exit(1) + else: + print('OK') |