Spaces:
Running
Running
Upload 2 files
Browse files
app.py
ADDED
@@ -0,0 +1,48 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
import gradio as gr
|
2 |
+
from cryptography import x509
|
3 |
+
from cryptography.hazmat.backends import default_backend
|
4 |
+
from decode import decode_ssl_certificate
|
5 |
+
|
6 |
+
def decode(cert):
|
7 |
+
cert = cert.encode()
|
8 |
+
try:
|
9 |
+
decoded_cert = x509.load_pem_x509_certificate(cert, default_backend())
|
10 |
+
if decoded_cert:
|
11 |
+
status = "Success"
|
12 |
+
message = "Certificate decoded successfully."
|
13 |
+
decoded_data = decode_ssl_certificate(decoded_cert)
|
14 |
+
return {
|
15 |
+
"status": status,
|
16 |
+
"message": message,
|
17 |
+
"data": decoded_data
|
18 |
+
}
|
19 |
+
else:
|
20 |
+
return {
|
21 |
+
"status": status,
|
22 |
+
"message": message,
|
23 |
+
"data": None
|
24 |
+
}
|
25 |
+
except Exception as e:
|
26 |
+
status = "Failed"
|
27 |
+
message = "Failed to decode certificate. Please make sure you have uploaded a valid certificate file."
|
28 |
+
return {
|
29 |
+
"status": status,
|
30 |
+
"message": message,
|
31 |
+
"data": e
|
32 |
+
}
|
33 |
+
|
34 |
+
def app():
|
35 |
+
with gr.Blocks(title="Project Gatekeeper - Get free SSL Certificates") as webui:
|
36 |
+
with gr.Row():
|
37 |
+
ssl = gr.Textbox(label="Enter Domains", type="text", interactive=True)
|
38 |
+
with gr.Row():
|
39 |
+
decoded_data = gr.Textbox(label="Enter Domains", type="text", interactive=False, show_copy_button=True)
|
40 |
+
btn = gr.Button(value="Generate SSL Certificate")
|
41 |
+
btn.click(decode, inputs=ssl, outputs=decoded_data)
|
42 |
+
try:
|
43 |
+
webui.queue(default_concurrency_limit=15).launch()
|
44 |
+
except Exception as e:
|
45 |
+
print(f"Error: {e}")
|
46 |
+
|
47 |
+
if __name__ == "__main__":
|
48 |
+
app()
|
decode.py
ADDED
@@ -0,0 +1,167 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
import os
|
2 |
+
import subprocess
|
3 |
+
from cryptography import x509
|
4 |
+
from cryptography.hazmat.backends import default_backend
|
5 |
+
from cryptography.hazmat.primitives import hashes, serialization
|
6 |
+
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
|
7 |
+
from cryptography.hazmat.primitives.asymmetric import ec, rsa
|
8 |
+
from datetime import datetime
|
9 |
+
import pytz
|
10 |
+
|
11 |
+
def get_date(date):
|
12 |
+
date = datetime.fromisoformat(date)
|
13 |
+
timezone = pytz.timezone('Asia/Kolkata')
|
14 |
+
local_datetime = date.astimezone(timezone)
|
15 |
+
formatted_date = local_datetime.strftime('%d %B, %Y %H:%M:%S %z')
|
16 |
+
day = local_datetime.day
|
17 |
+
ordinal_suffix = 'th' if 4 <= day <= 20 else {1: 'st', 2: 'nd', 3: 'rd'}.get(day % 10, 'th')
|
18 |
+
formatted_date_with_suffix = formatted_date.replace(f"{day}", f"{day}{ordinal_suffix}")
|
19 |
+
return formatted_date_with_suffix
|
20 |
+
|
21 |
+
def check_expiry(date):
|
22 |
+
date = datetime.fromisoformat(date)
|
23 |
+
timezone = pytz.timezone('Asia/Kolkata')
|
24 |
+
current_date = datetime.now(timezone)
|
25 |
+
days_left = (date - current_date).days
|
26 |
+
if days_left > 0:
|
27 |
+
return f"No ({days_left} days till expiration)"
|
28 |
+
else:
|
29 |
+
return f"Yes ({abs(days_left)} days since expired)"
|
30 |
+
|
31 |
+
def get_key_data(public_key):
|
32 |
+
if isinstance(public_key, ec.EllipticCurvePublicKey):
|
33 |
+
public_key_curve = public_key.curve.name
|
34 |
+
public_key_size = public_key.curve.key_size
|
35 |
+
data = {
|
36 |
+
"type": f"ECDSA ({public_key_curve})",
|
37 |
+
"size": f"{public_key_size} bits"
|
38 |
+
}
|
39 |
+
elif isinstance(public_key, rsa.RSAPublicKey):
|
40 |
+
public_key_size = public_key.key_size
|
41 |
+
data = {
|
42 |
+
"type": "RSA",
|
43 |
+
"size": f"{public_key_size} bits"
|
44 |
+
}
|
45 |
+
else:
|
46 |
+
data = {
|
47 |
+
"type": "Unknown",
|
48 |
+
"size": "Unknown"
|
49 |
+
}
|
50 |
+
return data
|
51 |
+
|
52 |
+
def general_info(cert, public_key):
|
53 |
+
subject = None
|
54 |
+
sans = None
|
55 |
+
not_valid_after = None
|
56 |
+
not_valid_before = None
|
57 |
+
expiry = None
|
58 |
+
key_data = None
|
59 |
+
signature_algorithm = None
|
60 |
+
serial_number = None
|
61 |
+
subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if subject else None
|
62 |
+
sans = cert.extensions.get_extension_for_class(x509.SubjectAlternativeName).value.get_values_for_type(x509.DNSName) if sans else None
|
63 |
+
not_valid_after = get_date(str(cert.not_valid_after_utc)) if not_valid_after else None
|
64 |
+
not_valid_before = get_date(str(cert.not_valid_before_utc)) if not_valid_before else None
|
65 |
+
expiry = check_expiry(str(cert.not_valid_after_utc)) if expiry else None
|
66 |
+
key_data = get_key_data(public_key) if key_data else None
|
67 |
+
signature_algorithm = cert.signature_algorithm_oid._name if signature_algorithm else None
|
68 |
+
serial_number = f"{cert.serial_number} ({hex(cert.serial_number)})"
|
69 |
+
gen_info = {
|
70 |
+
"subject": subject,
|
71 |
+
"sans": sans,
|
72 |
+
"not_valid_after": not_valid_after,
|
73 |
+
"not_valid_before": not_valid_before,
|
74 |
+
"expiry": expiry,
|
75 |
+
"key_data": key_data,
|
76 |
+
"signature_algorithm": signature_algorithm,
|
77 |
+
"serial_number": serial_number
|
78 |
+
}
|
79 |
+
return gen_info
|
80 |
+
|
81 |
+
def issuer_info(cert):
|
82 |
+
issuer = None; organization = None; country = None
|
83 |
+
issuer = cert.issuer.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value if issuer else None
|
84 |
+
organization = cert.issuer.get_attributes_for_oid(x509.NameOID.ORGANIZATION_NAME)[0].value if organization else None
|
85 |
+
country = cert.issuer.get_attributes_for_oid(x509.NameOID.COUNTRY_NAME)[0].value if country else None
|
86 |
+
return {
|
87 |
+
"issuer": issuer,
|
88 |
+
"organization": organization,
|
89 |
+
"country": country
|
90 |
+
}
|
91 |
+
|
92 |
+
def extenstions_data(cert):
|
93 |
+
authorityinfo = None; ocsp_url = None; ca_issuer_url = None; subject_alt_name = None
|
94 |
+
if (tempdata1 := cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_KEY_IDENTIFIER).value.key_identifier):
|
95 |
+
authorityKeyIdentifier = ':'.join(f'{b:02X}' for b in tempdata1)
|
96 |
+
else:
|
97 |
+
authorityKeyIdentifier = None
|
98 |
+
if (subject := cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_KEY_IDENTIFIER).value.digest):
|
99 |
+
subjectKeyIdentifier = ':'.join(f'{b:02X}' for b in subject)
|
100 |
+
else:
|
101 |
+
subjectKeyIdentifier = None
|
102 |
+
if (key_usage := cert.extensions.get_extension_for_oid(x509.OID_KEY_USAGE).value):
|
103 |
+
key_usage_info = list(vars(key_usage).items())
|
104 |
+
key_usage_data =[]
|
105 |
+
for item in key_usage_info:
|
106 |
+
key_usage_data.append(f"{item[0][1:]} : {item[1]}")
|
107 |
+
key_usage_data = key_usage_data
|
108 |
+
else:
|
109 |
+
key_usage_data = None
|
110 |
+
if (ext_key_usage := cert.extensions.get_extension_for_oid(x509.OID_EXTENDED_KEY_USAGE).value):
|
111 |
+
ext_key_usage_data = [oid._name for oid in ext_key_usage]
|
112 |
+
else:
|
113 |
+
ext_key_usage_data = None
|
114 |
+
crl_distribution_points = []
|
115 |
+
try:
|
116 |
+
crl_extension = cert.extensions.get_extension_for_oid(x509.OID_CRL_DISTRIBUTION_POINTS)
|
117 |
+
for distribution_point in crl_extension.value:
|
118 |
+
# Extracting the full names (URIs)
|
119 |
+
if distribution_point.full_name:
|
120 |
+
uris = [name.value for name in distribution_point.full_name]
|
121 |
+
crl_distribution_points.extend(uris)
|
122 |
+
except x509.ExtensionNotFound:
|
123 |
+
crl_distribution_points.append("No CRL Distribution Points extension")
|
124 |
+
authorityinfo = cert.extensions.get_extension_for_oid(x509.OID_AUTHORITY_INFORMATION_ACCESS).value if authorityinfo else None
|
125 |
+
ocsp_url = authorityinfo[0].access_location.value if ocsp_url else None
|
126 |
+
ca_issuer_url = authorityinfo[1].access_location.value if ca_issuer_url else None
|
127 |
+
authority_info_data = {
|
128 |
+
"ocsp_url": ocsp_url,
|
129 |
+
"ca_issuer_url": ca_issuer_url
|
130 |
+
}
|
131 |
+
subject_alt_name = cert.extensions.get_extension_for_oid(x509.OID_SUBJECT_ALTERNATIVE_NAME).value.get_values_for_type(x509.DNSName) if subject_alt_name else None
|
132 |
+
return {
|
133 |
+
"authorityKeyIdentifier": authorityKeyIdentifier,
|
134 |
+
"subjectKeyIdentifier": subjectKeyIdentifier,
|
135 |
+
"key_usage": key_usage_data,
|
136 |
+
"extended_key_usage": ext_key_usage_data,
|
137 |
+
"crl_distribution_points": crl_distribution_points,
|
138 |
+
"authority_info": authority_info_data,
|
139 |
+
"subject_alt_name": subject_alt_name
|
140 |
+
}
|
141 |
+
|
142 |
+
def get_openssl_data(cert_file):
|
143 |
+
result1 = subprocess.run(["openssl", "x509", "-in", cert_file, "-text", "-noout"], capture_output=True, text=True)
|
144 |
+
result2 = subprocess.run(['openssl', 'asn1parse', '-in', cert_file], capture_output=True, text=True)
|
145 |
+
data = {
|
146 |
+
'raw_openssl_data': result1.stdout,
|
147 |
+
'openssl_asn1parse_data': result2.stdout
|
148 |
+
}
|
149 |
+
return data
|
150 |
+
|
151 |
+
def decode_ssl_certificate(cert):
|
152 |
+
subject = cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value
|
153 |
+
with open(f'{subject}.pem', 'wb') as cert_file:
|
154 |
+
cert_file.write(cert.public_bytes(Encoding.PEM))
|
155 |
+
public_key = cert.public_key()
|
156 |
+
general_info_data = general_info(cert, public_key)
|
157 |
+
issuer_info_data = issuer_info(cert)
|
158 |
+
extensions_data_data = extenstions_data(cert)
|
159 |
+
raw_openssl_data = get_openssl_data(f'{subject}.pem')
|
160 |
+
os.remove(f'{subject}.pem')
|
161 |
+
data = {
|
162 |
+
"general_info": general_info_data,
|
163 |
+
"issuer_info": issuer_info_data,
|
164 |
+
"extensions_data": extensions_data_data,
|
165 |
+
"raw_openssl_data": raw_openssl_data
|
166 |
+
}
|
167 |
+
return data
|