diff options
author | Kali Kaneko (leap communications) <kali@leap.se> | 2019-07-01 19:37:46 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2019-08-05 11:46:00 -0400 |
commit | 3cb8f572154d00c742f3a114f08374f09b5103d3 (patch) | |
tree | a29f6cf5eac5062c451d1d9be4d1d598245edace /branding/scripts/check-ca-crt.py | |
parent | 336cae5cdf073b74df702c6220504ea0a463469b (diff) |
[refactor] rename things
Diffstat (limited to 'branding/scripts/check-ca-crt.py')
-rwxr-xr-x | branding/scripts/check-ca-crt.py | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/branding/scripts/check-ca-crt.py b/branding/scripts/check-ca-crt.py new file mode 100755 index 0000000..6462467 --- /dev/null +++ b/branding/scripts/check-ca-crt.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python3 +import re +import sys +import urllib.request + +SCRIPT_NAME = 'check-ca-crt.py' + +USAGE = '''Check that the stored provider CA matches the one announced online. +Usage: {name} <provider> <uri> + +Example: {name} riseup black.riseup.net'''.format(name=SCRIPT_NAME) + + +def getLocalCert(provider): + sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower() + with open('config/{provider}-ca.crt'.format(provider=sanitized)) as crt: + return crt.read().strip() + + +def getRemoteCert(uri): + fp = urllib.request.urlopen('https://' + uri + '/ca.crt') + remote_cert = fp.read().decode('utf-8').strip() + fp.close() + return remote_cert + + +if __name__ == '__main__': + + if len(sys.argv) != 3: + print('[!] Not enough arguments') + print(USAGE) + sys.exit(1) + + provider = sys.argv[1] + uri = sys.argv[2] + + local = getLocalCert(provider) + remote = getRemoteCert(uri) + + try: + assert local == remote + except AssertionError: + print('[!] ERROR: remote and local CA certs do not match') + sys.exit(1) + else: + print('OK') |