1 files changed, 84 insertions, 0 deletions

diff --git a/scripts/x509-dot.py b/scripts/x509-dot.py
new file mode 100644
index 00000000..a7af9dca
--- /dev/null
+++ b/scripts/x509-dot.py
@@ -0,0 +1,84 @@
+# $Id$
+
+"""
+Generate .dot description of a certificate tree.
+"""
+
+import POW, sys, glob, os
+
+class x509(object):
+
+  ski = None
+  aki = None
+
+  def __init__(self, filename):
+
+    self.filename = filename
+
+    f = open(filename, "rb")
+    text = f.read()
+    f.close()
+
+    if text.find("-----BEGIN") >= 0:
+      self.pow = POW.pemRead(POW.X509_CERTIFICATE, text)
+    else:
+      self.pow = POW.derRead(POW.X509_CERTIFICATE, text)
+
+    self.extensions = dict((e[0], e[2]) for e in (self.pow.getExtension(i) for i in xrange(self.pow.countExtensions())))
+
+    if "subjectKeyIdentifier" in self.extensions:
+      self.ski = ":".join(["%02X" % ord(i) for i in self.extensions.get("subjectKeyIdentifier")[1:]])
+
+    if "authorityKeyIdentifier" in self.extensions:
+      self.aki = ":".join(["%02X" % ord(i) for i in self.extensions.get("authorityKeyIdentifier")[3:]])
+
+    self.subject = self.pow.getSubject()
+    self.issuer  = self.pow.getIssuer()
+
+  def set_node(self, node):
+
+    self.node = node
+
+  def dot(self):
+
+    print '%s [shape = record, label = "{File %s|Issuer %s|Subject %s|AKI %s|SKI %s}"];' % (self.node, self.filename, self.issuer, self.subject, self.aki, self.ski)
+
+    issuer = subjects.get(self.issuer)
+
+    if issuer is self:
+      issuer = None
+
+    if issuer is not None and self.aki is not None and issuer.ski is not None and self.aki != issuer.ski:
+      issuer = None
+
+    if issuer is not None:
+      print "%s -> %s;" % (issuer.node, self.node)
+
+    print
+
+# Eventually this should use sys.argv[1:]
+
+#certs = [x509(filename) for filename in glob.glob("../rpkid/biz-certs/*.cer")]
+
+certs = []
+for dirpath, dirnames, filenames in os.walk("../rpkid/testbed.dir/publication"):
+  certs += [x509(dirpath + "/" + filename) for filename in filenames if filename.endswith(".cer")]
+
+for i in xrange(len(certs)):
+  certs[i].set_node("cert_%d" % i)
+
+subjects = dict((x.subject, x) for x in certs)
+
+print """\
+digraph certificates {
+
+rotate = 90; size = "11,8.5";
+splines = true;
+ratio = fill;
+
+"""
+
+for cert in certs:
+  cert.dot()
+
+print "}"