pygost/asn1schemas/cert-dane-hash.py

   1 #!/usr/bin/env python3
   2 """DANE's SPKI hash calculator
   3 """
   4
   5 from base64 import standard_b64decode
   6 from hashlib import sha256
   7 import sys
   8
   9 from pygost.asn1schemas.x509 import Certificate
  10
  11
  12 lines = sys.stdin.read().split("-----")
  13 idx = lines.index("BEGIN CERTIFICATE")
  14 if idx == -1:
  15     raise ValueError("PEM has no CERTIFICATE")
  16 cert_raw = standard_b64decode(lines[idx + 1])
  17 cert = Certificate().decod(cert_raw)
  18 print(sha256(cert["tbsCertificate"]["subjectPublicKeyInfo"].encode()).hexdigest())