Checks your Certificate trust store within Mac OS X to find unknown certificates

checkTrustStoreMac.py

#!/usr/bin/env python3
"""
Checks your Certificate trust store within Mac OS X to find unknown certificates for High Sierra
"""
__author__ = 'Pegleg <[email protected]>'
__license__ = 'MIT'
import requests
from bs4 import BeautifulSoup

class Certificate(object):
    def __init__(self, cert_name, issue_by, Type, key_size, sig_alg, serial_num, expires, ev_policy, fingerprint):
        self.cert_name = cert_name
        self.issue_by = issue_by
        self.Type = Type
        self.key_size = key_size
        self.sig_alg = sig_alg
        self.serial_num = serial_num
        self.expires = expires
        self.ev_policy = ev_policy
        self.fingerprint = fingerprint

    def __str__(self):
        return self.fingerprint + self.expires

    def __hash__(self):
        return hash(str(self))

    def __eq__(self, other):
        return self.fingerprint == other.fingerprint and self.expires == other.expires

def generateCerts(certs):
    results = []
    for cert in certs:
        cert_info = cert.findAll('td')
        if cert_info: #Case where td is empty due to th header
            c = []
            for i in cert_info:
                c.append(i.getText().strip())
            results.append(Certificate(c[0], c[1], c[2] ,c[3] ,c[4] ,c[5] ,c[6] ,c[7] ,c[8]))
    return results


def getAppleOfficialList():
    trusted = []
    resp = requests.get('https://support.apple.com/en-us/HT208127')
    soup = BeautifulSoup(resp.content, 'html.parser')

    trusted = soup.find(id = 'trusted').findAll('tr')
    trusted_certs = generateCerts(trusted)

    always_ask = soup.find(id = 'alwaysask').findAll('tr')
    always_ask_certs = generateCerts(always_ask)

    blocked = soup.find(id = 'blocked').findAll('tr')
    blocked_certs = generateCerts(blocked)

    return trusted_certs, always_ask_certs, blocked_certs

def getLocalhostCerts():
    with open('/System/Library/Security/Certificates.bundle/Contents/Resources/TrustStore.html', encoding='utf-8') as f:
        html_doc = f.read()
        soup = BeautifulSoup(html_doc, 'html.parser')
        tables = soup.findAll('table')

        trusted = tables[0].findAll('tr')
        trusted_certs = generateCerts(trusted)

        always_ask = tables[1].findAll('tr')
        always_ask_certs = generateCerts(always_ask)

        blocked = tables[2].findAll('tr')
        blocked_certs = generateCerts(blocked)


    return trusted_certs, always_ask_certs, blocked_certs

def compareStores(store_name, official, local):
    print(f'{store_name} sizes Official: {len(official)} Local: {len(local)}')

    local_diff = [cert for cert in local if cert not in official]
    official_diff = [cert for cert in official if cert not in local]
    if len(local_diff) == 0 and len(official_diff) == 0:
        print(f'No differences within {store_name} stores found!')
    else:
        print(f'Local {store_name} store differences\n')
        for cert in local_diff:
            print(f'{vars(cert)}\n')
        print(f'Official {store_name} store differences\n')
        for cert in official_diff:
            print(f'{vars(cert)}\n')

official_trusted, official_always_ask, official_blocked = getAppleOfficialList()
local_trusted, local_always_ask, local_blocked = getLocalhostCerts()

compareStores("Trusted", official_trusted, local_trusted)
compareStores("Always Ask", official_always_ask, local_always_ask)
compareStores("Blocked", official_blocked, local_blocked)

<script src="https://gist.github.com/P3GLEG/ab0e18e5c6a762b024c4030977230278.js"></script>