Sourcery refactored main branch #11
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Comment on lines
-27
to
+29
| parser = argparse.ArgumentParser(description='Get Certificate Chain v' + scriptVersion) | ||
| parser = argparse.ArgumentParser( | ||
| description=f'Get Certificate Chain v{scriptVersion}' | ||
| ) |
Author
There was a problem hiding this comment.
Function parseArguments refactored with the following changes:
- Use f-string instead of string concatenation (
use-fstring-for-concatenation)
Comment on lines
-139
to
+141
| # Make sure the filename string is lower case | ||
| newNormalizedName = ''.join(commonName).lower() | ||
|
|
||
| # Return newNormalizedName | ||
| return newNormalizedName | ||
| return ''.join(commonName).lower() |
Author
There was a problem hiding this comment.
Function normalizeSubject refactored with the following changes:
- Inline variable that is immediately returned (
inline-immediately-returned-variable)
This removes the following comments ( why? ):
# Make sure the filename string is lower case
# Return newNormalizedName
| return certSKI | ||
| return __sslCertificate.extensions.get_extension_for_oid( | ||
| ExtensionOID.SUBJECT_KEY_IDENTIFIER | ||
| ) |
Author
There was a problem hiding this comment.
Function returnCertSKI refactored with the following changes:
- Inline variable that is immediately returned (
inline-immediately-returned-variable)
Comment on lines
-236
to
+239
| dataAIA = [x for x in certValue or []] | ||
| for item in dataAIA: | ||
| if item.access_method._name == "caIssuers": | ||
| aiaUriList.append(item.access_location._value) | ||
|
|
||
| dataAIA = list(certValue or []) | ||
| aiaUriList.extend( | ||
| item.access_location._value | ||
| for item in dataAIA | ||
| if item.access_method._name == "caIssuers" | ||
| ) |
Author
There was a problem hiding this comment.
Function returnCertAIAList refactored with the following changes:
- Replace identity comprehension with call to collection constructor (
identity-comprehension) - Replace a for append loop with list extend (
for-append-to-extend)
Comment on lines
-253
to
+309
| if __depth <= maxDepth: | ||
| # Retrive the AKI from the certificate. | ||
| certAKI = returnCertAKI(__sslCertificate) | ||
| # Retrieve the SKI from the certificate. | ||
| certSKI = returnCertSKI(__sslCertificate) | ||
| if __depth > maxDepth: | ||
| return | ||
| # Retrive the AKI from the certificate. | ||
| certAKI = returnCertAKI(__sslCertificate) | ||
| # Retrieve the SKI from the certificate. | ||
| certSKI = returnCertSKI(__sslCertificate) | ||
|
|
||
| # Sometimes the AKI can be none. Lets handle this accordingly. | ||
| if certAKI is not None: | ||
| certAKIValue = certAKI._value.key_identifier | ||
| else: | ||
| certAKIValue = None | ||
|
|
||
| # Get the value of the SKI from certSKI | ||
| certSKIValue = certSKI._value.digest | ||
|
|
||
| # Sometimes the AKI can be none. Lets handle this accordingly. | ||
| if certAKIValue is not None: | ||
| aiaUriList = returnCertAIAList(__sslCertificate) | ||
| if aiaUriList != []: | ||
| # Iterate through the aiaUriList list. | ||
| for item in aiaUriList: | ||
| # get the certificate for the item element. | ||
| nextCert = getCertificateFromUri(item) | ||
|
|
||
| # If the certificate is not none (great), append it to the certChain, increase the __depth and run the walkTheChain subroutine again. | ||
| if nextCert is not None: | ||
| certChain.append(nextCert) | ||
| __depth += 1 | ||
| walkTheChain(nextCert, __depth) | ||
| else: | ||
| print("Could not retrieve certificate.") | ||
| sys.exit(1) | ||
| else: | ||
| """Now we have to go on a hunt to find the root from a standard root store.""" | ||
| print("Certificate didn't have AIA...ruh roh.") | ||
|
|
||
| # Load the Root CA Cert Chain. | ||
| caRootStore = loadRootCACertChain("cacert.pem") | ||
|
|
||
| # Assume we cannot find a Root CA | ||
| rootCACN = None | ||
|
|
||
| # Iterate through the caRootStore object. | ||
| for rootCA in caRootStore: | ||
| try: | ||
| rootCACertificatePEM = caRootStore[rootCA] | ||
| rootCACertificate = x509.load_pem_x509_certificate(rootCACertificatePEM.encode('ascii')) | ||
| rootCASKI = returnCertSKI(rootCACertificate) | ||
| rootCASKI_Value = rootCASKI._value.digest | ||
| if rootCASKI_Value == certAKIValue: | ||
| rootCACN = rootCA | ||
| print(f"Root CA Found - {rootCACN}") | ||
| certChain.append(rootCACertificate) | ||
| break | ||
| except x509.extensions.ExtensionNotFound: | ||
| # Apparently some Root CA's don't have a SKI? | ||
| pass | ||
|
|
||
| if rootCACN is None: | ||
| print("ERROR - Root CA NOT found.") | ||
| certAKIValue = certAKI._value.key_identifier if certAKI is not None else None | ||
| # Get the value of the SKI from certSKI | ||
| certSKIValue = certSKI._value.digest | ||
|
|
||
| # Sometimes the AKI can be none. Lets handle this accordingly. | ||
| if certAKIValue is not None: | ||
| aiaUriList = returnCertAIAList(__sslCertificate) | ||
| if aiaUriList != []: | ||
| # Iterate through the aiaUriList list. | ||
| for item in aiaUriList: | ||
| # get the certificate for the item element. | ||
| nextCert = getCertificateFromUri(item) | ||
|
|
||
| # If the certificate is not none (great), append it to the certChain, increase the __depth and run the walkTheChain subroutine again. | ||
| if nextCert is not None: | ||
| certChain.append(nextCert) | ||
| __depth += 1 | ||
| walkTheChain(nextCert, __depth) | ||
| else: | ||
| print("Could not retrieve certificate.") | ||
| sys.exit(1) | ||
| else: | ||
| """Now we have to go on a hunt to find the root from a standard root store.""" | ||
| print("Certificate didn't have AIA...ruh roh.") | ||
|
|
||
| # Load the Root CA Cert Chain. | ||
| caRootStore = loadRootCACertChain("cacert.pem") | ||
|
|
||
| # Assume we cannot find a Root CA | ||
| rootCACN = None | ||
|
|
||
| # Iterate through the caRootStore object. | ||
| for rootCA in caRootStore: | ||
| try: | ||
| rootCACertificatePEM = caRootStore[rootCA] | ||
| rootCACertificate = x509.load_pem_x509_certificate(rootCACertificatePEM.encode('ascii')) | ||
| rootCASKI = returnCertSKI(rootCACertificate) | ||
| rootCASKI_Value = rootCASKI._value.digest | ||
| if rootCASKI_Value == certAKIValue: | ||
| rootCACN = rootCA | ||
| print(f"Root CA Found - {rootCACN}") | ||
| certChain.append(rootCACertificate) | ||
| break | ||
| except x509.extensions.ExtensionNotFound: | ||
| # Apparently some Root CA's don't have a SKI? | ||
| pass | ||
|
|
||
| if rootCACN is None: | ||
| print("ERROR - Root CA NOT found.") | ||
| sys.exit(1) |
Author
There was a problem hiding this comment.
Function walkTheChain refactored with the following changes:
- Add guard clause (
last-if-guard) - Replace if statement with if expression (
assign-if-exp)
Comment on lines
-337
to
+333
| sslCertificateFilename = str(len(__certificateChain) - 1 - counter) + '-' + normalizedSubject + '.crt' | ||
| sslCertificateFilename = f'{str(len(__certificateChain) - 1 - counter)}-{normalizedSubject}.crt' |
Author
There was a problem hiding this comment.
Function writeChainToFile refactored with the following changes:
- Use f-string instead of string concatenation [×3] (
use-fstring-for-concatenation)
Comment on lines
-347
to
+348
| # If the ':' is in the hostname argument, then we'll assume it's meant to be a port following the ':'. | ||
| if ":" in args.hostname: | ||
| tmpLine = args.hostname.split(':') | ||
| hostnameQuery = {"hostname": tmpLine[0], "port": int(tmpLine[1])} | ||
|
|
||
| else: | ||
| if ":" not in args.hostname: | ||
| # If no ':' is found, then set default port 443. | ||
| hostnameQuery = {"hostname": args.hostname, "port": 443} | ||
| return {"hostname": args.hostname, "port": 443} | ||
|
|
||
| return hostnameQuery | ||
| tmpLine = args.hostname.split(':') | ||
| return {"hostname": tmpLine[0], "port": int(tmpLine[1])} |
Author
There was a problem hiding this comment.
Function checkHostname refactored with the following changes:
- Lift return into if (
lift-return-into-if) - Swap if/else branches (
swap-if-else-branches) - Remove unnecessary else after guard condition (
remove-unnecessary-else)
This removes the following comments ( why? ):
# If the ':' is in the hostname argument, then we'll assume it's meant to be a port following the ':'.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Branch
mainrefactored by Sourcery.If you're happy with these changes, merge this Pull Request using the Squash and merge strategy.
See our documentation here.
Run Sourcery locally
Reduce the feedback loop during development by using the Sourcery editor plugin:
Review changes via command line
To manually merge these changes, make sure you're on the
mainbranch, then run:Help us improve this pull request!