From 8d8d0901f82467833382622414cdf7631ae19746 Mon Sep 17 00:00:00 2001 From: Raphael Pertl Date: Thu, 15 Oct 2020 23:03:10 +0200 Subject: [PATCH] add error-handling for unused resolvers --- extractor.py | 125 ++++++++++++++++++++++++++------------------------- 1 file changed, 64 insertions(+), 61 deletions(-) diff --git a/extractor.py b/extractor.py index 98b86da..49151ce 100644 --- a/extractor.py +++ b/extractor.py @@ -99,85 +99,88 @@ def createCerts(args): if 'Certificates' not in resolver.keys(): print('Unable to locate account or certificates in json') return - + # if Resolver is defined, but not used, return + if resolver['Certificates'] is None: + return # Loop over all certificates for c in resolver['Certificates']: + if c is not None: # pprint(c) - name = c['domain']['main'] - privatekey = c['key'] - fullchain = c['certificate'] - if 'sans' in c['domain'].keys(): - sans = c['domain']['sans'] - else: - sans = None + name = c['domain']['main'] + privatekey = c['key'] + fullchain = c['certificate'] + if 'sans' in c['domain'].keys(): + sans = c['domain']['sans'] + else: + sans = None # sans = c['Domain']['SANs'] - if (args.include and name not in args.include) or (args.exclude and name in args.exclude): - continue + if (args.include and name not in args.include) or (args.exclude and name in args.exclude): + continue # Decode private key, certificate and chain - privatekey = b64decode(privatekey).decode('utf-8') - fullchain = b64decode(fullchain).decode('utf-8') - start = fullchain.find('-----BEGIN CERTIFICATE-----', 1) - cert = fullchain[0:start] - chain = fullchain[start:] + privatekey = b64decode(privatekey).decode('utf-8') + fullchain = b64decode(fullchain).decode('utf-8') + start = fullchain.find('-----BEGIN CERTIFICATE-----', 1) + cert = fullchain[0:start] + chain = fullchain[start:] - if not args.dry: + if not args.dry: # Create domain directory if it doesn't exist - directory = Path(args.directory) - if not directory.exists(): - directory.mkdir() - - if args.flat: - # Write private key, certificate and chain to flat files - with (directory / name + '.key').open('w') as f: - f.write(privatekey) - with (directory / name + '.crt').open('w') as f: - f.write(fullchain) - with (directory / name + '.chain.pem').open('w') as f: - f.write(chain) - with (directory / name + '.fullkey.pem').open('w') as f: - f.write(fullchain + '\n' + privatekey) - - - if sans: - for name in sans: - with (directory / name + '.key').open('w') as f: - f.write(privatekey) - with (directory / name + '.crt').open('w') as f: - f.write(fullchain) - with (directory / name + '.chain.pem').open('w') as f: - f.write(chain) - with (directory / name + '.fullkey.pem').open('w') as f: - f.write(fullchain + '\n' + privatekey) - - else: - directory = directory / name + directory = Path(args.directory) if not directory.exists(): directory.mkdir() + + if args.flat: + # Write private key, certificate and chain to flat files + with (directory / name + '.key').open('w') as f: + f.write(privatekey) + with (directory / name + '.crt').open('w') as f: + f.write(fullchain) + with (directory / name + '.chain.pem').open('w') as f: + f.write(chain) + with (directory / name + '.fullkey.pem').open('w') as f: + f.write(fullchain + '\n' + privatekey) + + + if sans: + for name in sans: + with (directory / name + '.key').open('w') as f: + f.write(privatekey) + with (directory / name + '.crt').open('w') as f: + f.write(fullchain) + with (directory / name + '.chain.pem').open('w') as f: + f.write(chain) + with (directory / name + '.fullkey.pem').open('w') as f: + f.write(fullchain + '\n' + privatekey) + + else: + directory = directory / name + if not directory.exists(): + directory.mkdir() # Write private key, certificate and chain to file - with (directory / 'key.pem').open('w') as f: - f.write(privatekey) + with (directory / 'key.pem').open('w') as f: + f.write(privatekey) - with (directory / 'privkey.pem').open('w') as f: - f.write(privatekey) + with (directory / 'privkey.pem').open('w') as f: + f.write(privatekey) - with (directory / 'cert.pem').open('w') as f: - f.write(cert) + with (directory / 'cert.pem').open('w') as f: + f.write(cert) - with (directory / 'chain.pem').open('w') as f: - f.write(chain) + with (directory / 'chain.pem').open('w') as f: + f.write(chain) - with (directory / 'fullchain.pem').open('w') as f: - f.write(fullchain) + with (directory / 'fullchain.pem').open('w') as f: + f.write(fullchain) - with (directory / 'fullkey.pem').open('w') as f: - f.write(fullchain + '\n' + privatekey) + with (directory / 'fullkey.pem').open('w') as f: + f.write(fullchain + '\n' + privatekey) - print('Extracted certificate for: ' + name + - (', ' + ', '.join(sans) if sans else '')) - names.append(name) + print('Extracted certificate for: ' + name + + (', ' + ', '.join(sans) if sans else '')) + names.append(name) return names @@ -258,4 +261,4 @@ def doTheWork(self): time.sleep(1) except KeyboardInterrupt: observer.stop() - observer.join() + observer.join() \ No newline at end of file