raannakasturi commited on
Commit
a2075a8
·
verified ·
1 Parent(s): e8289cd

Upload 2 files

Browse files
Files changed (2) hide show
  1. app.py +48 -0
  2. decode.py +167 -0
app.py ADDED
@@ -0,0 +1,48 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import gradio as gr
2
+ from cryptography import x509
3
+ from cryptography.hazmat.backends import default_backend
4
+ from decode import decode_ssl_certificate
5
+
6
+ def decode(cert):
7
+ cert = cert.encode()
8
+ try:
9
+ decoded_cert = x509.load_pem_x509_certificate(cert, default_backend())
10
+ if decoded_cert:
11
+ status = "Success"
12
+ message = "Certificate decoded successfully."
13
+ decoded_data = decode_ssl_certificate(decoded_cert)
14
+ return {
15
+ "status": status,
16
+ "message": message,
17
+ "data": decoded_data
18
+ }
19
+ else:
20
+ return {
21
+ "status": status,
22
+ "message": message,
23
+ "data": None
24
+ }
25
+ except Exception as e:
26
+ status = "Failed"
27
+ message = "Failed to decode certificate. Please make sure you have uploaded a valid certificate file."
28
+ return {
29
+ "status": status,
30
+ "message": message,
31
+ "data": e
32
+ }
33
+
34
+ def app():
35
+ with gr.Blocks(title="Project Gatekeeper - Get free SSL Certificates") as webui:
36
+ with gr.Row():
37
+ ssl = gr.Textbox(label="Enter Domains", type="text", interactive=True)
38
+ with gr.Row():
39
+ decoded_data = gr.Textbox(label="Enter Domains", type="text", interactive=False, show_copy_button=True)
40
+ btn = gr.Button(value="Generate SSL Certificate")
41
+ btn.click(decode, inputs=ssl, outputs=decoded_data)
42
+ try:
43
+ webui.queue(default_concurrency_limit=15).launch()
44
+ except Exception as e:
45
+ print(f"Error: {e}")
46
+
47
+ if __name__ == "__main__":
48
+ app()
decode.py ADDED
@@ -0,0 +1,167 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ import os
2
+ import subprocess
3
+ from cryptography import x509
4
+ from cryptography.hazmat.backends import default_backend
5
+ from cryptography.hazmat.primitives import hashes, serialization
6
+ from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
7
+ from cryptography.hazmat.primitives.asymmetric import ec, rsa
8
+ from datetime import datetime
9
+ import pytz
10
+
11
+ def get_date(date):
12
+ date = datetime.fromisoformat(date)
13
+ timezone = pytz.timezone('Asia/Kolkata')
14
+ local_datetime = date.astimezone(timezone)
15
+ formatted_date = local_datetime.strftime('%d %B, %Y %H:%M:%S %z')
16
+ day = local_datetime.day
17
+ ordinal_suffix = 'th' if 4 <= day <= 20 else {1: 'st', 2: 'nd', 3: 'rd'}.get(day % 10, 'th')
18
+ formatted_date_with_suffix = formatted_date.replace(f"{day}", f"{day}{ordinal_suffix}")
19
+ return formatted_date_with_suffix
20
+
21
+ def check_expiry(date):
22
+ date = datetime.fromisoformat(date)
23
+ timezone = pytz.timezone('Asia/Kolkata')
24
+ current_date = datetime.now(timezone)
25
+ days_left = (date - current_date).days
26
+ if days_left > 0:
27
+ return f"No ({days_left} days till expiration)"
28
+ else:
29
+ return f"Yes ({abs(days_left)} days since expired)"
30
+
31
+ def get_key_data(public_key):
32
+ if isinstance(public_key, ec.EllipticCurvePublicKey):
33
+ public_key_curve = public_key.curve.name
34
+ public_key_size = public_key.curve.key_size
35
+ data = {
36
+ "type": f"ECDSA ({public_key_curve})",
37
+ "size": f"{public_key_size} bits"
38
+ }
39
+ elif isinstance(public_key, rsa.RSAPublicKey):
40
+ public_key_size = public_key.key_size
41
+ data = {
42
+ "type": "RSA",
43
+ "size": f"{public_key_size} bits"
44
+ }
45
+ else:
46
+ data = {
47
+ "type": "Unknown",
48
+ "size": "Unknown"
49
+ }
50
+ return data
51
+
52
+ def general_info(cert, public_key):
53
+ subject = None
54
+ sans = None
55
+ not_valid_after = None
56
+ not_valid_before = None
57
+ expiry = None
58
+ key_data = None
59
+ signature_algorithm = None
60
+ serial_number = None
61
+ subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if subject else None
62
+ sans = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName).value.get_values_for_type(x509.DNSName) if sans else None
63
+ not_valid_after = get_date(str(cert.not_valid_after_utc)) if not_valid_after else None
64
+ not_valid_before = get_date(str(cert.not_valid_before_utc)) if not_valid_before else None
65
+ expiry = check_expiry(str(cert.not_valid_after_utc)) if expiry else None
66
+ key_data = get_key_data(public_key) if key_data else None
67
+ signature_algorithm = cert.signature_algorithm_oid._name if signature_algorithm else None
68
+ serial_number = f"{cert.serial_number} ({hex(cert.serial_number)})"
69
+ gen_info = {
70
+ "subject": subject,
71
+ "sans": sans,
72
+ "not_valid_after": not_valid_after,
73
+ "not_valid_before": not_valid_before,
74
+ "expiry": expiry,
75
+ "key_data": key_data,
76
+ "signature_algorithm": signature_algorithm,
77
+ "serial_number": serial_number
78
+ }
79
+ return gen_info
80
+
81
+ def issuer_info(cert):
82
+ issuer = None; organization = None; country = None
83
+ issuer = cert.issuer.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if issuer else None
84
+ organization = cert.issuer.get_attributes_for_oid(x509.NameOID.ORGANIZATION_NAME)[0].value if organization else None
85
+ country = cert.issuer.get_attributes_for_oid(x509.NameOID.COUNTRY_NAME)[0].value if country else None
86
+ return {
87
+ "issuer": issuer,
88
+ "organization": organization,
89
+ "country": country
90
+ }
91
+
92
+ def extenstions_data(cert):
93
+ authorityinfo = None; ocsp_url = None; ca_issuer_url = None; subject_alt_name = None
94
+ if (tempdata1 := cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_KEY_IDENTIFIER).value.key_identifier):
95
+ authorityKeyIdentifier = ':'.join(f'{b:02X}' for b in tempdata1)
96
+ else:
97
+ authorityKeyIdentifier = None
98
+ if (subject := cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_KEY_IDENTIFIER).value.digest):
99
+ subjectKeyIdentifier = ':'.join(f'{b:02X}' for b in subject)
100
+ else:
101
+ subjectKeyIdentifier = None
102
+ if (key_usage := cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE).value):
103
+ key_usage_info = list(vars(key_usage).items())
104
+ key_usage_data =[]
105
+ for item in key_usage_info:
106
+ key_usage_data.append(f"{item[0][1:]} : {item[1]}")
107
+ key_usage_data = key_usage_data
108
+ else:
109
+ key_usage_data = None
110
+ if (ext_key_usage := cert.extensions.get_extension_for_oid(x509.OID_EXTENDED_KEY_USAGE).value):
111
+ ext_key_usage_data = [oid._name for oid in ext_key_usage]
112
+ else:
113
+ ext_key_usage_data = None
114
+ crl_distribution_points = []
115
+ try:
116
+ crl_extension = cert.extensions.get_extension_for_oid(x509.OID_CRL_DISTRIBUTION_POINTS)
117
+ for distribution_point in crl_extension.value:
118
+ # Extracting the full names (URIs)
119
+ if distribution_point.full_name:
120
+ uris = [name.value for name in distribution_point.full_name]
121
+ crl_distribution_points.extend(uris)
122
+ except x509.ExtensionNotFound:
123
+ crl_distribution_points.append("No CRL Distribution Points extension")
124
+ authorityinfo = cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_INFORMATION_ACCESS).value if authorityinfo else None
125
+ ocsp_url = authorityinfo[0].access_location.value if ocsp_url else None
126
+ ca_issuer_url = authorityinfo[1].access_location.value if ca_issuer_url else None
127
+ authority_info_data = {
128
+ "ocsp_url": ocsp_url,
129
+ "ca_issuer_url": ca_issuer_url
130
+ }
131
+ subject_alt_name = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME).value.get_values_for_type(x509.DNSName) if subject_alt_name else None
132
+ return {
133
+ "authorityKeyIdentifier": authorityKeyIdentifier,
134
+ "subjectKeyIdentifier": subjectKeyIdentifier,
135
+ "key_usage": key_usage_data,
136
+ "extended_key_usage": ext_key_usage_data,
137
+ "crl_distribution_points": crl_distribution_points,
138
+ "authority_info": authority_info_data,
139
+ "subject_alt_name": subject_alt_name
140
+ }
141
+
142
+ def get_openssl_data(cert_file):
143
+ result1 = subprocess.run(["openssl", "x509", "-in", cert_file, "-text", "-noout"], capture_output=True, text=True)
144
+ result2 = subprocess.run(['openssl', 'asn1parse', '-in', cert_file], capture_output=True, text=True)
145
+ data = {
146
+ 'raw_openssl_data': result1.stdout,
147
+ 'openssl_asn1parse_data': result2.stdout
148
+ }
149
+ return data
150
+
151
+ def decode_ssl_certificate(cert):
152
+ subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value
153
+ with open(f'{subject}.pem', 'wb') as cert_file:
154
+ cert_file.write(cert.public_bytes(Encoding.PEM))
155
+ public_key = cert.public_key()
156
+ general_info_data = general_info(cert, public_key)
157
+ issuer_info_data = issuer_info(cert)
158
+ extensions_data_data = extenstions_data(cert)
159
+ raw_openssl_data = get_openssl_data(f'{subject}.pem')
160
+ os.remove(f'{subject}.pem')
161
+ data = {
162
+ "general_info": general_info_data,
163
+ "issuer_info": issuer_info_data,
164
+ "extensions_data": extensions_data_data,
165
+ "raw_openssl_data": raw_openssl_data
166
+ }
167
+ return data