From d7adf9ad8b6ae2740a82361e20f0734f9640fa6c Mon Sep 17 00:00:00 2001
From: overcuriousity <overcuriousity@posteo.org>
Date: Sun, 14 Sep 2025 20:22:09 +0200
Subject: [PATCH] it

---
 providers/crtsh_provider.py | 42 +++++++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/providers/crtsh_provider.py b/providers/crtsh_provider.py
index e24edce..c2aea01 100644
--- a/providers/crtsh_provider.py
+++ b/providers/crtsh_provider.py
@@ -52,6 +52,39 @@ class CrtShProvider(BaseProvider):
         """
         return True
     
+    def _parse_issuer_organization(self, issuer_dn: str) -> str:
+        """
+        Parse the issuer Distinguished Name to extract just the organization name.
+        
+        Args:
+            issuer_dn: Full issuer DN string (e.g., "C=US, O=Let's Encrypt, CN=R11")
+            
+        Returns:
+            Organization name (e.g., "Let's Encrypt") or original string if parsing fails
+        """
+        if not issuer_dn:
+            return issuer_dn
+        
+        try:
+            # Split by comma and look for O= component
+            components = [comp.strip() for comp in issuer_dn.split(',')]
+            
+            for component in components:
+                if component.startswith('O='):
+                    # Extract the value after O=
+                    org_name = component[2:].strip()
+                    # Remove quotes if present
+                    if org_name.startswith('"') and org_name.endswith('"'):
+                        org_name = org_name[1:-1]
+                    return org_name
+            
+            # If no O= component found, return the original string
+            return issuer_dn
+            
+        except Exception as e:
+            self.logger.logger.debug(f"Failed to parse issuer DN '{issuer_dn}': {e}")
+            return issuer_dn
+    
     def _parse_certificate_date(self, date_string: str) -> datetime:
         """
         Parse certificate date from crt.sh format.
@@ -129,10 +162,15 @@ class CrtShProvider(BaseProvider):
         Returns:
             Comprehensive certificate metadata dictionary
         """
+        # Parse the issuer name to get just the organization
+        raw_issuer_name = cert_data.get('issuer_name', '')
+        parsed_issuer_name = self._parse_issuer_organization(raw_issuer_name)
+        
         metadata = {
             'certificate_id': cert_data.get('id'),
             'serial_number': cert_data.get('serial_number'),
-            'issuer_name': cert_data.get('issuer_name'),
+            'issuer_name': parsed_issuer_name,  # Use parsed organization name
+            #'issuer_name_full': raw_issuer_name,  # deliberately left out, because its not useful in most cases
             'issuer_ca_id': cert_data.get('issuer_ca_id'),
             'common_name': cert_data.get('common_name'),
             'not_before': cert_data.get('not_before'),
@@ -339,7 +377,7 @@ class CrtShProvider(BaseProvider):
         expired_count = len(certificates) - valid_count
         expires_soon_count = sum(1 for cert in certificates if cert.get('expires_soon'))
         
-        # Get unique issuers
+        # Get unique issuers (using parsed organization names)
         unique_issuers = list(set(cert.get('issuer_name') for cert in certificates if cert.get('issuer_name')))
         
         # Find the most recent certificate