####################################################
#
-# Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2018 - 2023 Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# description : Generates, on stdout, tab-separated data on certificates from different sources,
# possibly outputting merged list to specified dir;
# the output dir has to exist and preferably, be empty;
-# certs are stored with filename being openssl-generated subject hash.
-# usage: gen-certs-info.py <certs directory path1> ... <certs directory pathN> [--merged=<output merged certs dir>]
+# certs are stored with filename being openssl-generated subject hash;
+# script can remove expired certs from output dir if option is used.
+# usage: gen-certs-info.py <certs directory path1> ... <certs directory pathN> [--merged=<output merged certs dir>] [--remove-expired]
#
#
####################################################
import sys
import os
import os.path
-
+from time import strptime
+from datetime import datetime
####################################################
# Executes command and returns list of output lines
retcode = process.wait()
if retcode != 0:
return []
- return lines
+ ret = []
+ for l in lines:
+ ret.append(l.decode())
+ return ret
+
+####################################################
+# Returns certificate start date or empty string on error
+####################################################
+def getStartDate(path):
+ output = consoleCommand("openssl x509 -in " + path + " -startdate -noout | sed -e 's/^notBefore=//g' | sed -e 's/[0-9][0-9]:[0-9][0-9]:[0-9][0-9] //g' | sed -e 's/ GMT$//g'")
+ if len(output) > 0:
+ return output[0].strip()
+ return ""
+
+####################################################
+# Returns certificate end date or empty string on error
+####################################################
+def getEndDate(path):
+ output = consoleCommand("openssl x509 -in " + path + " -enddate -noout | sed -e 's/^notAfter=//g' | sed -e 's/[0-9][0-9]:[0-9][0-9]:[0-9][0-9] //g' | sed -e 's/ GMT$//g'")
+ if len(output) > 0:
+ return output[0].strip()
+ return ""
####################################################
# Returns true if path points to certificate file
def isCert(path):
return len(consoleCommand("openssl x509 -in " + path + " -subject_hash_old -noout")) > 0;
+####################################################
+# Returns true if certificate under path is not expired
+####################################################
+def isCertValid(path):
+ endDate = datetime.strptime(getEndDate(path), "%b %d %Y")
+ return endDate > datetime.now()
+
####################################################
# Returns sha1 fingerprint of DER or PEM cert, empty string on error
####################################################
return output[0].strip()
return ""
-####################################################
-# Returns certificate start date or emtpy string on error
-####################################################
-def getStartDate(path):
- output = consoleCommand("openssl x509 -in " + path + " -startdate -noout | sed -e 's/^notBefore=//g' | sed -e 's/[0-9][0-9]:[0-9][0-9]:[0-9][0-9] //g' | sed -e 's/ GMT$//g'")
- if len(output) > 0:
- return output[0].strip()
- return ""
-
-####################################################
-# Returns certificate end date or emtpy string on error
-####################################################
-def getEndDate(path):
- output = consoleCommand("openssl x509 -in " + path + " -enddate -noout | sed -e 's/^notAfter=//g' | sed -e 's/[0-9][0-9]:[0-9][0-9]:[0-9][0-9] //g' | sed -e 's/ GMT$//g'")
- if len(output) > 0:
- return output[0].strip()
- return ""
-
####################################################
# Main
####################################################
if len(sys.argv) == 1:
- print "Usage: gen-certs-info.py <certs directory path1> ... <certs directory pathN> [--merged=<output merged certs dir>]"
+ print ("Usage: merge-certs-info.py <certs directory path1> ... <certs directory pathN> [--merged=<output merged certs dir>] [--remove-expired]")
sys.exit(1)
+removeExpired = False
outputDir = ""
directories = []
arg = sys.argv[i]
if arg.find("--merged=") == 0:
outputDir = arg.split("=")[1].strip()
+ elif arg.strip() == "--remove-expired":
+ removeExpired = True
else:
directories.append(arg.strip());
while os.path.exists(outputDir + "/" + newName + "." + str(i)):
i = i + 1
newName = newName + "." + str(i)
- consoleCommand("cp " + path + " " + outputDir + "/" + newName)
+ if not removeExpired or isCertValid(path):
+ consoleCommand("cp " + path + " " + outputDir + "/" + newName)
allSha1ToNewName[sha1] = newName
line = ""
if outputDir != "":
line = line + outputDir + "\t"
line = line + "SUBJECT\tISSUER\tFINGERPRINT\tFINGERPRINT SHA256\tSTART DATE\tEND DATE"
-print line
+print (line)
for sha1 in allSha1ToAnyPath:
line = ""
startDate = getStartDate(allSha1ToAnyPath[sha1])
endDate = getEndDate(allSha1ToAnyPath[sha1])
line = line + subject + "\t" + issuer + "\t" + sha1 + "\t" + sha256 + "\t" + startDate + "\t" + endDate
- print line
+ print (line)
projects / platform / core / security / ca-certificates.git / commitdiff