add pycert to system-toolbox
This commit is contained in:
parent
8c86d9aaf3
commit
4974581fc6
3 changed files with 90 additions and 8 deletions
|
@ -24,7 +24,7 @@ jobs:
|
||||||
for image in ${IMAGES};
|
for image in ${IMAGES};
|
||||||
do
|
do
|
||||||
echo "building image $image";
|
echo "building image $image";
|
||||||
podman build ./$image --tag forgejo.maciej.cloud/pkg/$image:arm64;
|
podman build --ulimit nofile=10240:10240 ./$image --tag forgejo.maciej.cloud/pkg/$image:arm64;
|
||||||
echo "pushing image $image";
|
echo "pushing image $image";
|
||||||
podman push forgejo.maciej.cloud/pkg/$image:arm64;
|
podman push forgejo.maciej.cloud/pkg/$image:arm64;
|
||||||
done
|
done
|
||||||
|
@ -43,7 +43,7 @@ jobs:
|
||||||
for image in ${IMAGES};
|
for image in ${IMAGES};
|
||||||
do
|
do
|
||||||
echo "building image $image";
|
echo "building image $image";
|
||||||
podman build ./$image --tag forgejo.maciej.cloud/pkg/$image:amd64;
|
podman build --ulimit nofile=10240:10240 ./$image --tag forgejo.maciej.cloud/pkg/$image:amd64;
|
||||||
echo "pushing image $image";
|
echo "pushing image $image";
|
||||||
podman push forgejo.maciej.cloud/pkg/$image:amd64;
|
podman push forgejo.maciej.cloud/pkg/$image:amd64;
|
||||||
done
|
done
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM registry.fedoraproject.org/fedora:39
|
FROM registry.fedoraproject.org/fedora-minimal
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ ENV HISTSIZE=10000
|
||||||
ENV HISTTIMEFORMAT="%d/%m/%y %T "
|
ENV HISTTIMEFORMAT="%d/%m/%y %T "
|
||||||
ENV HISTFILESIZE=20000
|
ENV HISTFILESIZE=20000
|
||||||
|
|
||||||
ENV PKGS_BASE="fzf bash-completion"
|
ENV PKGS_BASE="fzf bash-completion python3-cryptography"
|
||||||
|
|
||||||
ENV PKGS_GENERAL="htop \
|
ENV PKGS_GENERAL="htop \
|
||||||
btop \
|
btop \
|
||||||
|
@ -37,12 +37,12 @@ ENV PKGS_NETWORK="bind-utils \
|
||||||
iptraf-ng \
|
iptraf-ng \
|
||||||
mtr"
|
mtr"
|
||||||
|
|
||||||
RUN dnf clean all && \
|
RUN dnf5 install -y ${PKGS_BASE} ${PKGS_GENERAL} ${PKGS_PROCESSES} ${PKGS_NETWORK} && \
|
||||||
dnf install -y ${PKGS_BASE} ${PKGS_GENERAL} ${PKGS_PROCESSES} ${PKGS_NETWORK} && \
|
dnf5 -y autoremove && \
|
||||||
dnf -y autoremove && \
|
dnf5 -y clean all
|
||||||
dnf -y clean all
|
|
||||||
|
|
||||||
COPY help-toolbox.sh /usr/bin/help-toolbox
|
COPY help-toolbox.sh /usr/bin/help-toolbox
|
||||||
|
COPY ./bin /usr/local/bin
|
||||||
|
|
||||||
RUN chmod 555 /usr/bin/help-toolbox && \
|
RUN chmod 555 /usr/bin/help-toolbox && \
|
||||||
echo $'[ -f /usr/share/fzf/shell/key-bindings.bash ] && source /usr/share/fzf/shell/key-bindings.bash;\
|
echo $'[ -f /usr/share/fzf/shell/key-bindings.bash ] && source /usr/share/fzf/shell/key-bindings.bash;\
|
||||||
|
|
82
system-toolbox/bin/pycert
Executable file
82
system-toolbox/bin/pycert
Executable file
|
@ -0,0 +1,82 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
import argparse
|
||||||
|
import socket
|
||||||
|
import ssl
|
||||||
|
from cryptography import x509
|
||||||
|
|
||||||
|
parser = argparse.ArgumentParser(description='Show ssl certificate info')
|
||||||
|
parser.add_argument(type=str,
|
||||||
|
dest='host',
|
||||||
|
help='Address on which ssl cert is served.')
|
||||||
|
parser.add_argument('-H',
|
||||||
|
'--hostname',
|
||||||
|
type=str,
|
||||||
|
required=False,
|
||||||
|
default=None,
|
||||||
|
dest='hostname',
|
||||||
|
help='Hostname to be used in ssl context.')
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
address: list[str] = args.host.split(':')
|
||||||
|
HOST: str = address[0]
|
||||||
|
HOSTNAME: str
|
||||||
|
if args.hostname:
|
||||||
|
HOSTNAME = args.hostname
|
||||||
|
else:
|
||||||
|
HOSTNAME = HOST
|
||||||
|
|
||||||
|
PORT: int
|
||||||
|
if len(address) > 1:
|
||||||
|
PORT = int(address[1])
|
||||||
|
else:
|
||||||
|
PORT = 443
|
||||||
|
|
||||||
|
context: ssl.SSLContext = ssl.create_default_context()
|
||||||
|
context.check_hostname = False
|
||||||
|
context.verify_mode = ssl.CERT_NONE
|
||||||
|
|
||||||
|
conn: ssl.SSLSocket
|
||||||
|
with context.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
|
server_hostname=HOSTNAME,
|
||||||
|
do_handshake_on_connect=True) as conn:
|
||||||
|
|
||||||
|
conn.settimeout(5.0)
|
||||||
|
conn.connect((HOST, PORT))
|
||||||
|
cert_pem = ssl.DER_cert_to_PEM_cert(conn.getpeercert(binary_form=True))
|
||||||
|
cert: x509.Certificate = x509.load_pem_x509_certificate(cert_pem.encode())
|
||||||
|
|
||||||
|
key: x509.Extension
|
||||||
|
san = ""
|
||||||
|
for key in cert.extensions:
|
||||||
|
if key.oid._name == 'subjectAltName':
|
||||||
|
san = f"subjectAltName: {key.value}"
|
||||||
|
|
||||||
|
print(f"""
|
||||||
|
Issuer: {cert.issuer}
|
||||||
|
Subject: {cert.subject}
|
||||||
|
{san}
|
||||||
|
Not valid before: {cert.not_valid_before}
|
||||||
|
Not valid after: {cert.not_valid_after}
|
||||||
|
Public key type: {cert.public_key().__class__.__name__}
|
||||||
|
Public key size: {cert.public_key().key_size}
|
||||||
|
Version: {cert.version}
|
||||||
|
Serial number: {cert.serial_number}
|
||||||
|
Signature algorithm: {cert.signature_algorithm_oid._name}
|
||||||
|
Signature hash: {cert.signature_hash_algorithm.name}
|
||||||
|
""")
|
||||||
|
|
||||||
|
key: x509.Extension
|
||||||
|
for key in cert.extensions:
|
||||||
|
print(f'{key.oid._name}: {key.value}')
|
||||||
|
|
||||||
|
print(f"""
|
||||||
|
SSL connection context info:
|
||||||
|
SSL/TLS version: {conn.version()}
|
||||||
|
Ciphers: {conn.cipher()}
|
||||||
|
Hostname: {conn.server_hostname}
|
||||||
|
""")
|
||||||
|
|
||||||
|
print(f"""PEM cert:
|
||||||
|
{cert_pem}
|
||||||
|
""")
|
Loading…
Reference in a new issue