mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-29 19:08:12 +00:00
tools.codegen: use certifi in gen_cert_bundle.py
This commit is contained in:
parent
f806488536
commit
30b0863725
@ -1,20 +1,20 @@
|
|||||||
#!/usr/bin/python3
|
#!/usr/bin/python3
|
||||||
|
|
||||||
from pyblake2 import blake2s
|
from base64 import b64decode
|
||||||
|
from hashlib import sha256
|
||||||
|
import pem
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
|
|
||||||
CERTDATA = 'https://hg.mozilla.org/releases/mozilla-beta'
|
REPO = 'certifi/python-certifi'
|
||||||
CERTDATA_HASH = CERTDATA + '/?cmd=lookup&key=tip'
|
|
||||||
CERTDATA_TXT = CERTDATA + '/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt'
|
|
||||||
|
|
||||||
|
|
||||||
def fetch_certdata():
|
def fetch_certdata():
|
||||||
r = requests.get(CERTDATA_HASH)
|
r = requests.get('https://api.github.com/repos/%s/git/refs/heads/master' % REPO)
|
||||||
assert(r.status_code == 200)
|
assert(r.status_code == 200)
|
||||||
commithash = r.text.strip().split(' ')[1]
|
commithash = r.json()['object']['sha']
|
||||||
|
|
||||||
r = requests.get(CERTDATA_TXT)
|
r = requests.get('https://raw.githubusercontent.com/%s/%s/certifi/cacert.pem' % (REPO, commithash))
|
||||||
assert(r.status_code == 200)
|
assert(r.status_code == 200)
|
||||||
certdata = r.text
|
certdata = r.text
|
||||||
|
|
||||||
@ -27,26 +27,30 @@ def process_certdata(data):
|
|||||||
label = None
|
label = None
|
||||||
value = None
|
value = None
|
||||||
for line in lines:
|
for line in lines:
|
||||||
if line == 'END':
|
if line.startswith('# Label: '):
|
||||||
if label is not None and value is not None:
|
assert(label is None)
|
||||||
certs[label] = bytes([int(x, 8) for x in value.split('\\')[1:]])
|
assert(value is None)
|
||||||
label = None
|
|
||||||
value = None
|
|
||||||
elif line.startswith('CKA_LABEL UTF8 '):
|
|
||||||
label = line.split('"')[1]
|
label = line.split('"')[1]
|
||||||
elif line == 'CKA_VALUE MULTILINE_OCTAL':
|
elif line == '-----BEGIN CERTIFICATE-----':
|
||||||
assert(label is not None)
|
assert(label is not None)
|
||||||
|
assert(value is None)
|
||||||
value = ''
|
value = ''
|
||||||
elif value is not None:
|
elif line == '-----END CERTIFICATE-----':
|
||||||
assert(label is not None)
|
assert(label is not None)
|
||||||
|
assert(value is not None)
|
||||||
|
certs[label] = b64decode(value)
|
||||||
|
label, value = None, None
|
||||||
|
else:
|
||||||
|
if value is not None:
|
||||||
value += line
|
value += line
|
||||||
|
|
||||||
return certs
|
return certs
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
commithash, certdata = fetch_certdata()
|
commithash, certdata = fetch_certdata()
|
||||||
|
|
||||||
print('# fetched from %s (default branch)' % CERTDATA)
|
print('# fetched from https://github.com/%s' % REPO)
|
||||||
print('# commit %s' % commithash)
|
print('# commit %s' % commithash)
|
||||||
|
|
||||||
certs = process_certdata(certdata)
|
certs = process_certdata(certdata)
|
||||||
@ -56,8 +60,10 @@ def main():
|
|||||||
|
|
||||||
print('cert_bundle = [')
|
print('cert_bundle = [')
|
||||||
for k, v in certs.items():
|
for k, v in certs.items():
|
||||||
|
h = sha256(v)
|
||||||
print(' # %s' % k)
|
print(' # %s' % k)
|
||||||
print(' %s,' % blake2s(v).digest())
|
print(' # %s' % h.hexdigest())
|
||||||
|
print(' %s,' % h.digest())
|
||||||
print(']')
|
print(']')
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user