moepman
/
acertmgr
mirror of https://github.com/moepman/acertmgr.git
1
0
Fork 0
Code Releases Activity

tools: update the get_cert_domain function 

Add all domains for SAN certificates and convert IDNA values to the
correct representation
This commit is contained in:
Kishi85 2019-04-04 13:21:15 +02:00
parent b63a0bc424
commit 79791c53bc
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
acertmgr/tools.py
View File

@ -189,15 +189,14 @@ def download_issuer_ca(cert):
# @brief determine all san domains on a given certificate
def get_cert_domains(cert):
if cert is None:
log("None-certificate has no domains. You have found a bug. Congratulations!", warning=True)
return []
san_cert = cert.extensions.get_extension_for_oid(ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
domains = set()
domains.add(cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value)
if san_cert:
return [d.value for d in san_cert.value]
else:
return [cert.subject.rfc4514_string()[3:], ] # strip CN= from the result and return as 1 item list
for d in san_cert.value:
domains.add(d.value)
# Convert IDNA domain to correct representation and return the list
return [x.encode('idna').decode('ascii') if any(ord(c) >= 128 for c in x) else x for x in domains]
# @brief determine certificate cn