mmolloy/nscertkeycreate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nscertkeycreate/legacy/certctl/san.py
deamonkai fc94008530 initial
2026-01-23 12:11:21 -06:00

53 lines
1.3 KiB
Python
Raw Permalink Blame History

"""SAN parsing/normalization.
Accepts inputs like:
- "DNS:example.com,DNS:www.example.com"
- "example.com, www.example.com" (bare hostnames treated as DNS)
- "IP:10.0.0.1, 10.0.0.2" (bare IPs treated as IP)
Returns a list suitable for OpenSSL: ["DNS:...", "IP:...", ...].
"""
from __future__ import annotations
import ipaddress
from typing import List
def normalize_san_list(san_raw: str) -> List[str]:
if not san_raw:
return []
items = [x.strip() for x in san_raw.split(",") if x.strip()]
out: List[str] = []
for item in items:
if ":" in item:
k, v = item.split(":", 1)
k = k.strip().upper()
v = v.strip()
if not v:
continue
if k in {"DNS", "IP", "URI", "EMAIL", "RID"}:
out.append(f"{k}:{v}")
continue
# Unknown prefix: treat whole thing as DNS if it isn't an IP
item = v
# Bare value: detect IP vs DNS
try:
ipaddress.ip_address(item)
out.append(f"IP:{item}")
except ValueError:
out.append(f"DNS:{item}")
# de-dupe but preserve order
seen = set()
deduped: List[str] = []
for x in out:
k = x.upper()
if k not in seen:
seen.add(k)
deduped.append(x)
return deduped
Reference in New Issue View Git Blame Copy Permalink