diff --git a/.travis.yml b/.travis.yml index 7cbd98a..ca09dfa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,4 @@ install: - docker build -t $TRAVIS_BUILD_NUMBER $TRAVIS_BUILD_DIR/ script: - - docker run -d -p 8069:8069 --name openssl-exec-$TRAVIS_BUILD_NUMBER -t $TRAVIS_BUILD_NUMBER - - sleep 10 - - curl --fail http://localhost:8080/ + - docker run -t $TRAVIS_BUILD_NUMBER openssl version diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..8699922 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +FROM laslabs/clouder-python-exec:latest +MAINTAINER Dave Lasley + +RUN apk add --no-cache libffi-dev \ + openssl \ + openssl-dev \ + python3-dev + +RUN pip install cryptography + +RUN apk del build-base \ + libffi-dev \ + openssl-dev \ + python3-dev + +COPY ./bin/* /usr/bin/ +COPY ./docker-entrypoint.sh / + +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["openssl"] diff --git a/README.md b/README.md index eba0a0e..b3391d6 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ pleasure: Known Issues / Roadmap ====================== -* +* Add a test for `parse_cfssl` Bug Tracker =========== diff --git a/bin/parse_cert b/bin/parse_cert new file mode 100755 index 0000000..2cbaac1 --- /dev/null +++ b/bin/parse_cert @@ -0,0 +1,62 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# Copyright 2016 LasLabs Inc. +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). + +from __future__ import print_function + +import argparse +import pickle + +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives.serialization import Encoding +from cryptography.hazmat.primitives import hashes +from cryptography import x509 + + +def parse_cert(self, cert): + """ It parses a PEM encoded certificate and returns the attrs. """ + cert = x509.load_pem_x509_certificate( + cert, + default_backend(), + ) + enc_pem = Encoding('PEM') + extensions = {} + for extension in cert.extensions: + public_props = ( + n for n in dir(extension.value) if not n.startswith('_') + ) + extensions[extension.oid._name] = { + 'oid': extension.oid.dotted_string, + } + for prop in public_props: + if prop == 'oid': + continue + try: + value = getattr(extension.value, prop) + except ValueError: + continue + if callable(value): + continue + extensions[extension.oid._name][prop] = value + return { + 'serial': cert.serial, + 'fingerprint': cert.fingerprint(hashes.SHA256()), + 'public_key': cert.public_bytes(enc_pem), + 'not_valid_before': cert.not_valid_before, + 'not_valid_after': cert.not_valid_after, + 'extensions': extensions, + } + + +if __name__ == '__main__': + + parser = argparse.ArgumentParser(description='Cert Parse CLI') + parser.add_argument('cert', + help='PEM encoded certificate string to parse', + ) + args = parser.parse_args() + cert_info = parse_cert(args.cert) + print( + pickle.dumps(cert_info.encode('base64')), + ) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 0000000..d180126 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/ash +# Copyright 2016 LasLabs Inc. +# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html). + +set -e + +# Add openssl as command if needed +if [ "${1:0:1}" = '-' ]; then + set -- openssl "$@" +fi + +# As argument is not related to openssl, +# then assume that user wants to run their own process, +# for example a `bash` shell to explore this image +exec "$@"