Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
# Results formatting
# Text output - certificate info
outputTxt = [self.PLUGIN_TITLE_FORMAT('Certificate - Content')]
outputTxt.extend(textFunction(x509Cert))
# Text output - trust validation
outputTxt.extend(['', self.PLUGIN_TITLE_FORMAT('Certificate - Trust')])
# Hostname validation
if self._shared_settings['sni']:
outputTxt.append(self.FIELD_FORMAT("SNI enabled with virtual domain:",
self._shared_settings['sni']))
# TODO: Use SNI name for validation when --sni was used
hostValDict = {
X509_NAME_MATCHES_SAN : 'OK - Subject Alternative Name matches',
X509_NAME_MATCHES_CN : 'OK - Common Name matches',
X509_NAME_MISMATCH : 'FAILED - Certificate does NOT match ' + host
}
outputTxt.append(self.FIELD_FORMAT("Hostname Validation:",
hostValDict[x509Cert.matches_hostname(host)]))
# Path validation that was successful
for (storeName, verifyStr) in verifyDict.iteritems():
verifyTxt = 'OK - Certificate is trusted' if (verifyStr in 'ok') else 'FAILED - Certificate is NOT Trusted: ' + verifyStr
# EV certs - Only Mozilla supported for now
if (verifyStr in 'ok') and ('Mozilla' in storeName):
if (self._is_ev_certificate(x509Cert)):
verifyTxt += ', Extended Validation'
outputTxt.append(self.FIELD_FORMAT(self.TRUST_FORMAT(storeName), verifyTxt))