#!/usr/bin/env python3

""" List certificates from Windows Certificate Store """

import sys
import ssl
import socket


#: Keys to be omitted in output of get_ca_certs:
OMIT_KEYS = 'countryName', 'organizationalUnitName', 'domainComponent', \
    'stateOrProvinceName', 'localityName'


#: Standard CAs that definitely are not the one I created
STANDARD_CAS = ('digicert', 'verisign', 'globalsign', 'cybertrust', 'comodo',
                'microsoft', 'digital signature trust', 'usertrust', 'thawte',
                'sample software publishing', 'securetrust', 'unizeto sp.',
                'go daddy', 'addtrust')

#: my server that is using my certificate
MY_SERVER = 'test.fake-ca.tld'


def main():
    """
    Main function, called when running file as script

    see module doc for more info
    """
    print('get_ca_certs:')
    context = ssl.create_default_context()
    found_fake = False
    for count, ca in enumerate(context.get_ca_certs()):
        print(count+1)
        print('  Subject: ', end='')
        for info in ca['subject']:
            for key, value in info:
                if key in OMIT_KEYS:
                    continue
                print('{}={}'.format(key, value), end=',')
                if 'fake' in value.lower():
                    found_fake = True
        print()
        print('  Issuer: ', end='')
        for info in ca['issuer']:
            for key, value in info:
                if key in OMIT_KEYS:
                    continue
                print('{}={}'.format(key, value), end=',')
                if 'fake' in value.lower():
                    found_fake = True
        print()
        print()

    count = 0
    for store in 'CA', 'ROOT', 'MY':
        print('enum_certificates, store {}:'.format(store))
        for cert_bytes, encoding_type, trust in ssl.enum_certificates(store):
            count += 1
            readable = ''.join(chr(b) for b in cert_bytes if 31<b<127).lower()
            found_uninteresting = False
            if 'fake' in readable:
                found_fake = True
            for uninteresting in STANDARD_CAS:
                if uninteresting in readable:
                    print('{}: {}'.format(count, uninteresting))
                    found_uninteresting = True
                    break
            if not found_uninteresting:
                print('{}: {}'.format(count, readable))
    print()

    if found_fake:
        print('Found "fake" somewhere!')
    else:
        print('Text "fake" nowhere to be found :-(')
    print()

    # create socket
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ssl_sock = context.wrap_socket(s, server_hostname=MY_SERVER)
    ssl_sock.connect((MY_SERVER, 443))
    return 0

if __name__ == '__main__':
    sys.exit(main())