1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
from Tools.domain_extract import Extracter
import pandas as pd
import eventlet
import dns.resolver
import ssl
import OpenSSL
import rsa
from cryptography import x509
from concurrent.futures import ThreadPoolExecutor, wait, FIRST_COMPLETED, ALL_COMPLETED
import os
from Tools.domain_extract import Extracter
import eventlet
import collections
import time
class CertResolver:
def __init__(self):
self.port = 443
def getCertObj(self, hostname):
with eventlet.Timeout(5, False):
cert = ssl.get_server_certificate((hostname, self.port)).encode()
cert_obj = x509.load_pem_x509_certificate(cert)
return cert_obj
def get_CRL_OSCP(self, resource_url):
"""
get the CRL and OCSP from the certificate of certain hostname
"""
hostname, domain = Extracter.extract(resource_url)
try:
cert_obj = self.getCertObj(hostname)
except Exception as e:
print("Error:", e)
return e
# 组织
issuer = cert_obj.issuer
# 获取SAN集合
san_set = set()
SAN = cert_obj.extensions.get_extension_for_class(x509.SubjectAlternativeName)
for item in SAN.value:
san_set.add(item.value)
# 获取CRL
crl = []
CRL = cert_obj.extensions.get_extension_for_class(x509.CRLDistributionPoints)
for i in CRL.value:
for j in i.full_name:
crl.append(j.value)
# 获取OCSP和ISSUER
ca_url, ocsp = None, None
OCSP = cert_obj.extensions.get_extension_for_class(x509.AuthorityInformationAccess)
for i in OCSP.value:
item = i.access_location.value
if item.endswith(".crt") or item.endswith(".der"):
ca_url = item
else:
ocsp = item
return ca_url, issuer, ocsp, crl
if __name__ == "__main__":
c = CertResolver()
print(c.get_CRL_OSCP("https://www.baidu.com"))
|
