--- a/certdata2pem.py +++ b/certdata2pem.py @@ -26,12 +26,12 @@ import re import sys import textwrap -import urllib +import urllib.request, urllib.parse, urllib.error objects = [] def printable_serial(obj): - return ".".join(map(lambda x:str(ord(x)), obj['CKA_SERIAL_NUMBER'])) + return '.'.join(map(lambda x:str(x), obj['CKA_SERIAL_NUMBER'])) # Dirty file parser. in_data, in_multiline, in_obj = False, False, False @@ -58,7 +58,7 @@ if type == 'MULTILINE_OCTAL': line = line.strip() for i in re.finditer(r'\\([0-3][0-7][0-7])', line): - value += chr(int(i.group(1), 8)) + value += bytes([int(i.group(1), 8)]) else: value += line continue @@ -75,13 +75,13 @@ field, type = line_parts value = None else: - raise NotImplementedError, 'line_parts < 2 not supported.\n' + line + raise NotImplementedError('line_parts < 2 not supported.\n' + line) if type == 'MULTILINE_OCTAL': in_multiline = True - value = "" + value = b'' continue obj[field] = value -if len(obj.items()) > 0: +if len(list(obj.items())) > 0: objects.append(obj) # Build up trust database. @@ -91,7 +91,7 @@ continue key = obj['CKA_LABEL'] + printable_serial(obj) trustmap[key] = obj - print " added trust", key + print(" added trust", key) # Build up cert database. certmap = dict() @@ -100,7 +100,7 @@ continue key = obj['CKA_LABEL'] + printable_serial(obj) certmap[key] = obj - print " added cert", key + print(" added cert", key) def obj_to_filename(obj): label = obj['CKA_LABEL'][1:-1] @@ -109,7 +109,9 @@ .replace('(', '=')\ .replace(')', '=')\ .replace(',', '_') - label = re.sub(r'\\x[0-9a-fA-F]{2}', lambda m:chr(int(m.group(0)[2:], 16)), label) + labelb = label.encode('utf-8') + labelb = re.sub(br'\\x[0-9a-fA-F]{2}', lambda m:bytes([int(m.group(0)[2:], 16)]), labelb) + label = labelb.decode('utf-8') serial = printable_serial(obj) return label + ":" + serial @@ -142,17 +144,17 @@ for tobj in objects: if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST': key = tobj['CKA_LABEL'] + printable_serial(tobj) - print "producing trust for " + key + print("producing trust for " + key) trustbits = [] distrustbits = [] openssl_trustflags = [] openssl_distrustflags = [] - for t in trust_types.keys(): - if tobj.has_key(t) and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR': + for t in list(sorted(trust_types.keys())): + if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR': trustbits.append(t) if t in openssl_trust: openssl_trustflags.append(openssl_trust[t]) - if tobj.has_key(t) and tobj[t] == 'CKT_NSS_NOT_TRUSTED': + if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED': distrustbits.append(t) if t in openssl_trust: openssl_distrustflags.append(openssl_trust[t]) @@ -178,7 +180,7 @@ if openssl_distrustflags: f.write("# openssl-distrust=" + " ".join(openssl_distrustflags) + "\n") f.write("-----BEGIN CERTIFICATE-----\n") - f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) + f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']).decode('utf-8'), 64))) f.write("\n-----END CERTIFICATE-----\n") else: f.write("[p11-kit-object-v1]\n") @@ -188,13 +190,13 @@ f.write("class: certificate\n") f.write("certificate-type: x-509\n") f.write("issuer: \""); - f.write(urllib.quote(tobj['CKA_ISSUER'])); + f.write(urllib.parse.quote(tobj['CKA_ISSUER'])); f.write("\"\n") f.write("serial-number: \""); - f.write(urllib.quote(tobj['CKA_SERIAL_NUMBER'])); + f.write(urllib.parse.quote(tobj['CKA_SERIAL_NUMBER'])); f.write("\"\n") if (tobj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_NOT_TRUSTED') or (tobj['CKA_TRUST_CODE_SIGNING'] == 'CKT_NSS_NOT_TRUSTED'): f.write("x-distrusted: true\n") f.write("\n\n") f.close() - print " -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags) + print(" -> written as '%s', trust = %s, openssl-trust = %s, distrust = %s, openssl-distrust = %s" % (fname, trustbits, openssl_trustflags, distrustbits, openssl_distrustflags))