annotate Resources/RetrieveCACertificates.py @ 3725:8060880d5e66

fix openssl
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 06 Mar 2020 10:56:24 +0100
parents 94f4a18a79cc
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1534
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 #!/usr/bin/python
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 # Orthanc - A Lightweight, RESTful DICOM Store
1900
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 1534
diff changeset
4 # Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
1534
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5 # Department, University Hospital of Liege, Belgium
3640
94f4a18a79cc upgrade to year 2020
Sebastien Jodogne <s.jodogne@gmail.com>
parents: 3060
diff changeset
6 # Copyright (C) 2017-2020 Osimis S.A., Belgium
1534
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 #
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 # This program is free software: you can redistribute it and/or
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 # modify it under the terms of the GNU General Public License as
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 # published by the Free Software Foundation, either version 3 of the
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 # License, or (at your option) any later version.
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 #
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 # In addition, as a special exception, the copyright holders of this
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 # program give permission to link the code of its release with the
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 # OpenSSL project's "OpenSSL" library (or with modified versions of it
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 # that use the same license as the "OpenSSL" library), and distribute
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 # the linked executables. You must obey the GNU General Public License
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 # in all respects for all of the code used other than "OpenSSL". If you
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 # modify file(s) with this exception, you may extend this exception to
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 # your version of the file(s), but you are not obligated to do so. If
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 # you do not wish to do so, delete this exception statement from your
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 # version. If you delete this exception statement from all source files
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 # in the program, then also delete it here.
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 #
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 # This program is distributed in the hope that it will be useful, but
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 # WITHOUT ANY WARRANTY; without even the implied warranty of
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 # General Public License for more details.
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29 #
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 # You should have received a copy of the GNU General Public License
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31 # along with this program. If not, see <http://www.gnu.org/licenses/>.
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 import re
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35 import sys
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 import subprocess
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 import urllib2
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40 if len(sys.argv) <= 2:
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41 print('Download a set of CA certificates, convert them to PEM, then format them as a C macro')
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42 print('Usage: %s [Macro] [Certificate1] <Certificate2>...' % sys.argv[0])
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43 print('')
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44 print('Example: %s BITBUCKET_CERTIFICATES https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt' % sys.argv[0])
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45 print('')
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 sys.exit(-1)
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48 MACRO = sys.argv[1]
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
49
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
50 sys.stdout.write('#define %s ' % MACRO)
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
51
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
52 for url in sys.argv[2:]:
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
53 # Download the certificate from the CA authority, in the DES format
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
54 des = urllib2.urlopen(url).read()
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
55
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
56 # Convert DES to PEM
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
57 p = subprocess.Popen([ 'openssl', 'x509', '-inform', 'DES', '-outform', 'PEM' ],
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
58 stdin = subprocess.PIPE,
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
59 stdout = subprocess.PIPE)
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
60 pem = p.communicate(input = des)[0]
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
61 pem = re.sub(r'\r', '', pem) # Remove any carriage return
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
62 pem = re.sub(r'\\', r'\\\\', pem) # Escape any backslash
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
63 pem = re.sub(r'"', r'\\"', pem) # Escape any quote
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
64
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
65 # Write the PEM data into the macro
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
66 for line in pem.split('\n'):
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
67 sys.stdout.write(' \\\n')
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
68 sys.stdout.write('"%s\\n" ' % line)
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
69
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
70 sys.stdout.write('\n')
95b3b0260240 Options to validate peers against CA certificates in HTTPS requests
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
71 sys.stderr.write('Done!\n')