Test Cert by Python

Source: Internet
Author: User
Import re
Import socket
Import sys
Import urllib2
Import SSL
 
Class invalidcertificateexception (httplib. httpexception, urllib2.urlerror ):
Def _ init _ (self, host, cert, reason ):
Httplib. httpexception. _ init _ (Self)
Self. Host = Host
Self. Cert = Cert
Self. Reason = reason
 
Def _ STR _ (Self ):
Return ('host % s returned an invalid certificate (% s) % s \ n' %
(Self. Host, self. Reason, self. Cert ))
 
Class certvalidatinghttpsconnection (httplib. httpconnection ):
Default_port = httplib. https_port
 
Def _ init _ (self, host, Port = none, key_file = none, cert_file = none,
Ca_certs = none, strict = none, ** kwargs ):
Httplib. httpconnection. _ init _ (self, host, port, strict, ** kwargs)
Self. key_file = key_file
Self. cert_file = cert_file
Self. ca_certs = ca_certs
If self. ca_certs:
Self. cert_reqs = SSL. cert_required
Else:
Self. cert_reqs = SSL. cert_none
 
Def _ getvalidhostsforcert (self, Cert ):
If 'subjectaltname' in CERT:
Return [x [1] for X in CERT ['subjectaltname']
If X [0]. Lower () = 'dns']
Else:
Return [x [0] [1] for X in CERT ['subobject']
If X [0] [0]. Lower () = 'commonname']
 
Def _ validatecertificatehostname (self, cert, hostname ):
Hosts = self. _ getvalidhostsforcert (CERT)
For host in hosts:
Host_re = host. Replace ('.', '\.'). Replace ('*', '[^.] *')
If Re. Search ('^ % S $' % (host_re,), hostname, re. I ):
Return true
Return false
 
Def connect (Self ):
Sock = socket. create_connection (self. Host, self. Port ))
Self. Sock = SSL. wrap_socket (sock, Keyfile = self. key_file,
Certfile = self. cert_file,
Cert_reqs = self. cert_reqs,
Ca_certs = self. ca_certs)
If self. cert_reqs & SSL. cert_required:
CERT = self. Sock. getpeercert ()
Hostname = self. Host. Split (':', 0) [0]
If not self. _ validatecertificatehostname (CERT, hostname ):
Raise invalidcertificateexception (hostname, cert,
'Hostname mismatch ')
 
 
Class verifiedhttpshandler (urllib2.httpshandler ):
Def _ init _ (self, ** kwargs ):
Urllib2.abstracthttphandler. _ init _ (Self)
Self. _ connection_args = kwargs
 
Def https_open (self, req ):
Def http_class_wrapper (host, ** kwargs ):
Full_kwargs = dict (self. _ connection_args)
Full_kwargs.update (kwargs)
Return certvalidatinghttpsconnection (host, ** full_kwargs)
 
Try:
Return self. do_open (http_class_wrapper, req)
Failed t urllib2.urlerror, E:
If type (E. Reason) = SSL. sslerror and E. Reason. ARGs [0] = 1:
Raise invalidcertificateexception (req. Host ,'',
E. Reason. ARGs [1])
Raise
 
Https_request = urllib2.httpshandler. do_request _
 
If _ name _ = "_ main __":
If Len (SYS. argv )! = 3:
Print "Usage: Python % s ca_cert URL" % SYS. argv [0]
Exit (2)
 
Handler = verifiedhttpshandler (ca_certs = SYS. argv [1])
Opener = urllib2.build _ opener (handler)
Print opener. Open (SYS. argv [2]). Read ()
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.