add pycert to system-toolbox

2024-04-05 12:46:04 +02:00 · 2024-04-05 12:46:04 +02:00 · 213a7e2a3f
commit 213a7e2a3f
parent 8c86d9aaf3
2 changed files with 88 additions and 6 deletions
--- a/system-toolbox/Containerfile
+++ b/system-toolbox/Containerfile
@ -1,4 +1,4 @@
-FROM registry.fedoraproject.org/fedora:39
+FROM registry.fedoraproject.org/fedora-minimal

 USER root

@ -6,7 +6,7 @@ ENV HISTSIZE=10000
 ENV HISTTIMEFORMAT="%d/%m/%y %T "
 ENV HISTFILESIZE=20000

-ENV PKGS_BASE="fzf bash-completion"
+ENV PKGS_BASE="fzf bash-completion python3-cryptography"

 ENV PKGS_GENERAL="htop \
    btop \
@ -37,12 +37,12 @@ ENV PKGS_NETWORK="bind-utils \
    iptraf-ng \
    mtr"

-RUN dnf clean all && \
-    dnf install -y ${PKGS_BASE} ${PKGS_GENERAL} ${PKGS_PROCESSES} ${PKGS_NETWORK} && \
-    dnf -y autoremove && \
-    dnf -y clean all
+RUN dnf5 install -y ${PKGS_BASE} ${PKGS_GENERAL} ${PKGS_PROCESSES} ${PKGS_NETWORK} && \
+    dnf5 -y autoremove && \
+    dnf5 -y clean all

 COPY help-toolbox.sh /usr/bin/help-toolbox
+COPY ./bin /usr/local/bin

 RUN chmod 555 /usr/bin/help-toolbox && \
    echo $'[ -f /usr/share/fzf/shell/key-bindings.bash ] && source /usr/share/fzf/shell/key-bindings.bash;\
--- a/system-toolbox/bin/pycert
+++ b/system-toolbox/bin/pycert
@ -0,0 +1,82 @@
+#!/usr/bin/env python3
+import argparse
+import socket
+import ssl
+from cryptography import x509
+
+parser = argparse.ArgumentParser(description='Show ssl certificate info')
+parser.add_argument(type=str,
+                    dest='host',
+                    help='Address on which ssl cert is served.')
+parser.add_argument('-H',
+                    '--hostname',
+                    type=str,
+                    required=False,
+                    default=None,
+                    dest='hostname',
+                    help='Hostname to be used in ssl context.')
+
+args = parser.parse_args()
+
+address: list[str] = args.host.split(':')
+HOST: str = address[0]
+HOSTNAME: str
+if args.hostname:
+    HOSTNAME = args.hostname
+else:
+    HOSTNAME = HOST
+
+PORT: int
+if len(address) > 1:
+    PORT = int(address[1])
+else:
+    PORT = 443
+
+context: ssl.SSLContext = ssl.create_default_context()
+context.check_hostname = False
+context.verify_mode = ssl.CERT_NONE
+
+conn: ssl.SSLSocket
+with context.wrap_socket(socket.socket(socket.AF_INET),
+                         server_hostname=HOSTNAME,
+                         do_handshake_on_connect=True) as conn:
+
+    conn.settimeout(5.0)
+    conn.connect((HOST, PORT))
+    cert_pem = ssl.DER_cert_to_PEM_cert(conn.getpeercert(binary_form=True))
+    cert: x509.Certificate = x509.load_pem_x509_certificate(cert_pem.encode())
+
+    key: x509.Extension
+    san = ""
+    for key in cert.extensions:
+        if key.oid._name == 'subjectAltName':
+            san = f"subjectAltName: {key.value}"
+
+    print(f"""
+Issuer: {cert.issuer}
+Subject: {cert.subject}
+{san}
+Not valid before: {cert.not_valid_before}
+Not valid after: {cert.not_valid_after}
+Public key type: {cert.public_key().__class__.__name__}
+Public key size: {cert.public_key().key_size}
+Version: {cert.version}
+Serial number: {cert.serial_number}
+Signature algorithm: {cert.signature_algorithm_oid._name}
+Signature hash: {cert.signature_hash_algorithm.name}
+""")
+
+    key: x509.Extension
+    for key in cert.extensions:
+        print(f'{key.oid._name}: {key.value}')
+
+    print(f"""
+SSL connection context info:
+    SSL/TLS version: {conn.version()}
+    Ciphers: {conn.cipher()}
+    Hostname: {conn.server_hostname}
+""")
+
+    print(f"""PEM cert:
+    {cert_pem}
+    """)