HPKPHeaderGenerator.py

import argparse
from base64 import b64decode

parser = argparse.ArgumentParser(description="Create a Public-Key-Pins header from a file containing a list of pin-sha256 hashes.")
parser.add_argument('--file', dest='filepath', action='store', required=True, metavar="FILE", help="Input file")
parser.add_argument('--max-age', dest='maxage', action='store', type=int, required=True, metavar="INT", help="Max age (in seconds)")
parser.add_argument('--report-only', dest='reportonly', action='store_true', help="Whether to add Report-Only suffix to header")
parser.add_argument('--include-sub-domains', dest='includesubdomains', action='store_true', help="Include sub domains with this header")
parser.add_argument('--report-uri', dest='reporturi', action='store', help="Report URI/URL for reporting HPKP violations.")

args = parser.parse_args()

header = "Public-Key-Pins"
if (args.reportonly):
	header=header+'-Report-Only'
try:
     file = open(args.filepath, 'r');
except IOError:
	print "File could not be read"
hashCandiates = [] # array to test if a line is a valid hash
validHashes = []
for line in file:
	hashCandiates.append(line[0:44]) # length of a SHA256 Base64'd hash
for item in hashCandiates: # is this a valid hash?
	try:
		b64decode(item);
	except TypeError:
		hashCandiates.remove(item) # remove the item
validHashes = hashCandiates
outputHeader = header + ' '
for item in validHashes:
	outputHeader = outputHeader + "pin-sha256="+"\""+ item + "\"; "
outputHeader = outputHeader + "max-age=" + str(args.maxage) + "; "
if (args.includesubdomains):
	outputHeader = outputHeader + "includeSubDomains; "
if (args.reporturi):
	outputHeader = outputHeader + "report-uri=\""+args.reporturi+"\""
print outputHeader