This repository has been archived by the owner on Sep 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy patheligiblevoters.py
72 lines (60 loc) · 2.37 KB
/
eligiblevoters.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env python2
# Based on python-esteid by Martin Paljak, MIT license
# Modified by Andres Erbsen, distributed under MIT license
from hashlib import sha256
import ldap
from sys import stdin
import os.path
import OpenSSL.crypto, datetime
MID = "ESTEID (MOBIIL-ID)"
DIGI = "ESTEID (DIGI-ID)"
IDCARD = "ESTEID"
AUTH = "Authentication"
SIGN = "Digital Signature"
LDAP_SERVER = "ldap://ldap.sk.ee"
class LdapError(Exception):
pass
def todatetime(time):
ret = None
try:
ret = datetime.datetime.strptime(time, "%Y%m%d%H%M%SZ")
except ValueError:
ret = datetime.datetime.strptime(time, "%Y%m%d%H%M%S%z")
return ret
def get_esteid_cert(idcode, cert_type, chip_type):
"""
Fetches the certificate of the idcode owner from SK LDAP.
"""
assert idcode.isdigit() and len(idcode) == 11
server = ldap.initialize(LDAP_SERVER)
q = server.search('ou=%s,o=%s,c=EE' % (cert_type, chip_type),
ldap.SCOPE_SUBTREE,
'serialNumber=%s' % idcode,
['userCertificate;binary'])
result = server.result(q, timeout=10)
if result[0] != ldap.RES_SEARCH_RESULT:
raise LdapError("Unexpected result type.")
if not result[1]:
raise LdapError("No results from LDAP query.")
valid_cert = None
for response in result[1]:
if len(response) != 2 or not isinstance(response[1], dict) \
or not response[1].has_key('userCertificate;binary') \
or not response[1]['userCertificate;binary'] \
or not isinstance(response[1]['userCertificate;binary'], list):
raise LdapError("Unexpected result format.")
for cert_string in response[1]['userCertificate;binary']:
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_ASN1, cert_string)
if todatetime(cert.get_notBefore()) <= datetime.datetime.now() \
and todatetime(cert.get_notAfter()) >= datetime.datetime.now():
if valid_cert != None:
raise LdapError("Too many certificates")
valid_cert = cert_string
if valid_cert == None:
raise LdapError("No valid certificates")
return valid_cert
if __name__ == '__main__':
os.makedirs('voters')
for idcode in stdin.read().split():
cert = get_esteid_cert(idcode, AUTH, IDCARD)
open(os.path.join('voters', idcode+'.cer'),'w+').write(cert)