12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 |
- #!/usr/bin/env python3
- import hashlib
- import logging
- import ssl
- import socket
- import click
- logging.basicConfig(level=logging.INFO,
- format='[%(levelname)-4s] %(message)s',
- datefmt='%Y-%m-%d %H:%M')
- logger = logging.getLogger('certo')
- def establish_conn(addr, port, starttls):
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.settimeout(1)
- try:
- if starttls:
- logger.debug("Using STARTTLS")
- logger.debug("Connecting to %s:%s" % (addr, port))
- sock.connect((addr, port))
- sock.send(b"STARTTLS\n")
- sock.recv(1000)
- wrapped_socket = ssl.wrap_socket(sock)
- else:
- wrapped_socket = ssl.wrap_socket(sock)
- wrapped_socket.connect((addr, port))
- return wrapped_socket.getpeercert(True)
- finally:
- wrapped_socket.close()
- def get_cert(addr, port, starttls):
- cert = establish_conn(addr, port, starttls)
- pem_cert = ssl.DER_cert_to_PEM_cert(cert)
- logger.debug("The certificate is:\n%s" % pem_cert)
- return cert
- def capitalize_and_colons(in_hash):
- in_hash = in_hash.upper()
- new_hash = in_hash[0:2]
- for i in range(2, len(in_hash), 2):
- new_hash += ":" + in_hash[i:i+2]
- return new_hash
- def compute_fingerprints(cert, with_colons):
- thumb_md5 = hashlib.md5(cert).hexdigest()
- thumb_sha1 = hashlib.sha1(cert).hexdigest()
- thumb_sha256 = hashlib.sha256(cert).hexdigest()
- logger.info("MD5: " + thumb_md5)
- if with_colons:
- logger.info(" " + capitalize_and_colons(thumb_md5))
- logger.info("SHA1: " + thumb_sha1)
- if with_colons:
- logger.info(" " + capitalize_and_colons(thumb_sha1))
- logger.info("SHA256: " + thumb_sha256)
- if with_colons:
- logger.info(" " + capitalize_and_colons(thumb_sha256))
- @click.command()
- @click.argument('address')#, help="address to be used to retrieve the certificate")
- @click.option('-p', '--port', default=443, type=click.IntRange(1,65535), help="The port to connect to.")
- @click.option('--starttls', is_flag=True, flag_value=True, help="Whether to use starttls on connection.")
- @click.option('--debug/--nodebug', is_flag=True, flag_value=False, help="Debug output.")
- @click.option('-o', '--output', help="Path to save the certificate to.")
- @click.option('--colons/--nocolons', is_flag=True, flag_value=False, help="Whether to output also hashed with colons")
- def doit(address, port, starttls, debug, output, colons):
- if debug:
- logger.setLevel(logging.DEBUG)
- cert = get_cert(address, port, starttls)
- if output:
- with open(output, 'w') as f:
- logger.debug("Opening file %s" % output)
- f.write(ssl.DER_cert_to_PEM_cert(cert))
- logger.info("The certificate has been saved to %s" % output)
- compute_fingerprints(cert, colons)
- if __name__ == '__main__':
- doit()
|