Pretty-print server certificate in uadiscover

opcua/crypto/uacrypto.py

@@ -156,6 +156,23 @@ def p_sha1(secret, seed, sizes=()):
     return tuple(parts)
 
 
+def x509_name_to_string(name):
+    parts = ["{}={}".format(attr.oid._name, attr.value) for attr in name]
+    return ', '.join(parts)
+
+
+def x509_to_string(cert):
+    """
+    Convert x509 certificate to human-readable string
+    """
+    if cert.subject == cert.issuer:
+        issuer = ' (self-signed)'
+    else:
+        issuer = ', issuer: {}'.format(x509_name_to_string(cert.issuer))
+    # TODO: show more information
+    return "{}{}, {} - {}".format(x509_name_to_string(cert.subject), issuer, cert.not_valid_before, cert.not_valid_after)
+
+
 if __name__ == "__main__":
     # Convert from PEM to DER
     cert = load_certificate("../examples/server_cert.pem")

opcua/tools.py

@@ -403,11 +403,22 @@ def application_to_strings(app):
     return result  # ['{}: {}'.format(n, v) for (n, v) in result]
 
 
+def cert_to_string(der):
+    if not der:
+        return '[no certificate]'
+    try:
+        from opcua.crypto import uacrypto
+    except ImportError:
+        return "{} bytes".format(len(der))
+    cert = uacrypto.x509_from_der(der)
+    return uacrypto.x509_to_string(cert)
+
+
 def endpoint_to_strings(ep):
     result = [('Endpoint URL', ep.EndpointUrl)]
     result += application_to_strings(ep.Server)
     result += [
-        ('Server Certificate', len(ep.ServerCertificate)),
+        ('Server Certificate', cert_to_string(ep.ServerCertificate)),
         ('Security Mode', str(ep.SecurityMode)),
         ('Security Policy URI', ep.SecurityPolicyUri)]
     for tok in ep.UserIdentityTokens: