diff Resources/RetrieveCACertificates.py @ 1534:95b3b0260240

Options to validate peers against CA certificates in HTTPS requests
author Sebastien Jodogne <s.jodogne@gmail.com>
date Thu, 13 Aug 2015 12:42:32 +0200
parents
children b1291df2f780
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Resources/RetrieveCACertificates.py	Thu Aug 13 12:42:32 2015 +0200
@@ -0,0 +1,70 @@
+#!/usr/bin/python
+
+# Orthanc - A Lightweight, RESTful DICOM Store
+# Copyright (C) 2012-2015 Sebastien Jodogne, Medical Physics
+# Department, University Hospital of Liege, Belgium
+#
+# This program is free software: you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# In addition, as a special exception, the copyright holders of this
+# program give permission to link the code of its release with the
+# OpenSSL project's "OpenSSL" library (or with modified versions of it
+# that use the same license as the "OpenSSL" library), and distribute
+# the linked executables. You must obey the GNU General Public License
+# in all respects for all of the code used other than "OpenSSL". If you
+# modify file(s) with this exception, you may extend this exception to
+# your version of the file(s), but you are not obligated to do so. If
+# you do not wish to do so, delete this exception statement from your
+# version. If you delete this exception statement from all source files
+# in the program, then also delete it here.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+import re
+import sys
+import subprocess
+import urllib2
+
+
+if len(sys.argv) <= 2:
+    print('Download a set of CA certificates, convert them to PEM, then format them as a C macro')
+    print('Usage: %s [Macro] [Certificate1] <Certificate2>...' % sys.argv[0])
+    print('')
+    print('Example: %s BITBUCKET_CERTIFICATES https://www.digicert.com/CACerts/DigiCertHighAssuranceEVRootCA.crt' % sys.argv[0])
+    print('')
+    sys.exit(-1)
+
+MACRO = sys.argv[1]
+
+sys.stdout.write('#define %s ' % MACRO)
+
+for url in sys.argv[2:]:
+    # Download the certificate from the CA authority, in the DES format
+    des = urllib2.urlopen(url).read()
+
+    # Convert DES to PEM
+    p = subprocess.Popen([ 'openssl', 'x509', '-inform', 'DES', '-outform', 'PEM' ],
+                         stdin = subprocess.PIPE,
+                         stdout = subprocess.PIPE)
+    pem = p.communicate(input = des)[0]
+    pem = re.sub(r'\r', '', pem)       # Remove any carriage return
+    pem = re.sub(r'\\', r'\\\\', pem)  # Escape any backslash
+    pem = re.sub(r'"', r'\\"', pem)    # Escape any quote
+
+    # Write the PEM data into the macro
+    for line in pem.split('\n'):
+        sys.stdout.write(' \\\n')
+        sys.stdout.write('"%s\\n" ' % line)
+
+sys.stdout.write('\n')
+sys.stderr.write('Done!\n')