-
Notifications
You must be signed in to change notification settings - Fork 5.6k
/
Copy pathwindows_castore_cleanup.py
46 lines (37 loc) · 1.45 KB
/
windows_castore_cleanup.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import re
import subprocess
import sys
def findMongoCertsFromStore(store):
command = ["certutil", "-store", store]
subject_pattern = re.compile(r"Subject:.*O=MongoDB")
cn_pattern = re.compile(r"CN=([^,]+)")
cns = []
try:
output = subprocess.check_output(command, shell=True).decode("utf-8")
except subprocess.CalledProcessError as e:
print(f"Command {command} failed with error: {e}", file=sys.stderr)
sys.exit(1)
filtered = [s for s in output.splitlines() if re.match(subject_pattern, s)]
for line in filtered:
cn_match = re.search(cn_pattern, line)
if cn_match:
cns.append(cn_match.group(1))
return cns
def deleteCertsByCNFromStore(store, cns):
command = ["certutil", "-delstore", "-f", store, "cn"]
for cn in cns:
command[4] = cn
try:
print(
f"Deleting 'CN={cn}' from the '{store}' certificate store:\n\t{' ' .join(command)}"
)
subprocess.check_call(command, shell=True)
except subprocess.CalledProcessError as e:
print(f"Command {command} failed with error: {e}", file=sys.stderr)
sys.exit(1)
my_cns = findMongoCertsFromStore("My")
root_cns = findMongoCertsFromStore("Root")
if my_cns + root_cns:
print("Unexpected MongoDB certs found on host. Clearing them from the system cert stores.")
deleteCertsByCNFromStore("My", my_cns)
deleteCertsByCNFromStore("Root", root_cns)