1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-01 19:10:58 +00:00
trezor-firmware/tools/codegen/gen_cert_bundle.py

77 lines
1.8 KiB
Python
Raw Normal View History

2018-01-02 19:59:09 +00:00
#!/usr/bin/python3
from base64 import b64decode
from hashlib import sha256
import requests
2018-07-31 09:35:09 +00:00
REPO = "certifi/python-certifi"
def fetch_certdata():
2018-07-31 09:35:09 +00:00
r = requests.get("https://api.github.com/repos/%s/git/refs/heads/master" % REPO)
assert r.status_code == 200
commithash = r.json()["object"]["sha"]
r = requests.get(
"https://raw.githubusercontent.com/%s/%s/certifi/cacert.pem"
% (REPO, commithash)
)
assert r.status_code == 200
certdata = r.text
return commithash, certdata
def process_certdata(data):
certs = {}
2018-07-31 09:35:09 +00:00
lines = [x.strip() for x in data.split("\n")]
label = None
value = None
for line in lines:
2018-07-31 09:35:09 +00:00
if line.startswith("# Label: "):
assert label is None
assert value is None
label = line.split('"')[1]
2018-07-31 09:35:09 +00:00
elif line == "-----BEGIN CERTIFICATE-----":
assert label is not None
assert value is None
value = ""
elif line == "-----END CERTIFICATE-----":
assert label is not None
assert value is not None
certs[label] = b64decode(value)
label, value = None, None
else:
if value is not None:
value += line
return certs
def main():
commithash, certdata = fetch_certdata()
2018-07-31 09:35:09 +00:00
print("# fetched from https://github.com/%s" % REPO)
print("# commit %s" % commithash)
certs = process_certdata(certdata)
size = sum([len(x) for x in certs.values()])
2018-07-31 09:35:09 +00:00
print(
"# certs: %d | digests size: %d | total size: %d"
% (len(certs), len(certs) * 32, size)
)
2018-07-31 09:35:09 +00:00
print("cert_bundle = [")
for k, v in certs.items():
h = sha256(v)
2018-07-31 09:35:09 +00:00
print(" # %s" % k)
print(" # %s" % h.hexdigest())
print(" %s," % h.digest())
print("]")
2018-07-31 09:35:09 +00:00
if __name__ == "__main__":
main()