trezor-firmware/tools/codegen/gen_cert_bundle.py

#!/usr/bin/python3

from pyblake2 import blake2s
import requests


CERTDATA_TXT = 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt'


def process_certdata(data):
    certs = {}
    lines = [x.strip() for x in data.split('\n')]
    label = None
    value = None
    for line in lines:
        if line == 'END':
            if label is not None and value is not None:
                certs[label] = bytes([int(x, 8) for x in value.split('\\')[1:]])
                label = None
                value = None
        elif line.startswith('CKA_LABEL UTF8 '):
            label = line.split('"')[1]
        elif line == 'CKA_VALUE MULTILINE_OCTAL':
            assert(label is not None)
            value = ''
        elif value is not None:
            assert(label is not None)
            value += line
    return certs


def main():
    r = requests.get(CERTDATA_TXT)
    assert(r.status_code == 200)

    certs = process_certdata(r.text)

    size = 0
    print('cert_bundle = [')
    for k, v in certs.items():
        print('  # %s' % k)
        print('  %s,' % blake2s(v).digest())
        size += len(v)
    print(']')
    print('# certs: %d | digests size: %d | total size: %d' % (len(certs), len(certs) * 32, size))


if __name__ == '__main__':
    main()
tools: add codegen/gen_cert_bundle.py 7 years ago			`#!/usr/bin/python3`
tools.codegen: rework gen_cert_bundle to use certs from Mozilla 7 years ago
			`from pyblake2 import blake2s`
			`import requests`


			`CERTDATA_TXT = 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt'`


			`def process_certdata(data):`
			`certs = {}`
			`lines = [x.strip() for x in data.split('\n')]`
			`label = None`
			`value = None`
			`for line in lines:`
			`if line == 'END':`
			`if label is not None and value is not None:`
			`certs[label] = bytes([int(x, 8) for x in value.split('\\')[1:]])`
			`label = None`
			`value = None`
			`elif line.startswith('CKA_LABEL UTF8 '):`
			`label = line.split('"')[1]`
			`elif line == 'CKA_VALUE MULTILINE_OCTAL':`
			`assert(label is not None)`
			`value = ''`
			`elif value is not None:`
			`assert(label is not None)`
			`value += line`
			`return certs`


			`def main():`
			`r = requests.get(CERTDATA_TXT)`
			`assert(r.status_code == 200)`

			`certs = process_certdata(r.text)`

tools.codegen: print nice stats at the end 7 years ago			`size = 0`
tools.codegen: rework gen_cert_bundle to use certs from Mozilla 7 years ago			`print('cert_bundle = [')`
			`for k, v in certs.items():`
			`print(' # %s' % k)`
			`print(' %s,' % blake2s(v).digest())`
tools.codegen: print nice stats at the end 7 years ago			`size += len(v)`
tools.codegen: rework gen_cert_bundle to use certs from Mozilla 7 years ago			`print(']')`
tools.codegen: print nice stats at the end 7 years ago			`print('# certs: %d \| digests size: %d \| total size: %d' % (len(certs), len(certs) * 32, size))`
tools.codegen: rework gen_cert_bundle to use certs from Mozilla 7 years ago

			`if __name__ == '__main__':`
			`main()`