zhuyujia-webhopper/Infra_analyzer/caLookup.py

from Tools.domain_extract import Extracter
import pandas as pd
import eventlet
import dns.resolver
import ssl
import OpenSSL
import rsa
from cryptography import x509
from concurrent.futures import ThreadPoolExecutor, wait, FIRST_COMPLETED, ALL_COMPLETED
import os
from Tools.domain_extract import Extracter
import eventlet
import collections
import time


class CertResolver:
    def __init__(self):
        self.port = 443

    def getCertObj(self, hostname):
        with eventlet.Timeout(5, False):
            cert = ssl.get_server_certificate((hostname, self.port)).encode()
            cert_obj = x509.load_pem_x509_certificate(cert)
            return cert_obj

    def get_CRL_OSCP(self, resource_url):
        """
        get the CRL and OCSP from the certificate of certain hostname
        """
        hostname, domain = Extracter.extract(resource_url)
        try:
            cert_obj = self.getCertObj(hostname)
        except Exception as e:
            print("Error:", e)
            return e

        # 组织
        issuer = cert_obj.issuer

        # 获取SAN集合
        san_set = set()
        SAN = cert_obj.extensions.get_extension_for_class(x509.SubjectAlternativeName)
        for item in SAN.value:
            san_set.add(item.value)

        # 获取CRL
        crl = []
        CRL = cert_obj.extensions.get_extension_for_class(x509.CRLDistributionPoints)
        for i in CRL.value:
            for j in i.full_name:
                crl.append(j.value)

        # 获取OCSP和ISSUER
        ca_url, ocsp = None, None
        OCSP = cert_obj.extensions.get_extension_for_class(x509.AuthorityInformationAccess)
        for i in OCSP.value:
            item = i.access_location.value
            if item.endswith(".crt") or item.endswith(".der"):
                ca_url = item
            else:
                ocsp = item

        return ca_url, issuer, ocsp, crl


if __name__ == "__main__":
    c = CertResolver()
    print(c.get_CRL_OSCP("https://www.baidu.com"))