tools: add codegen/gen_cert_bundle.py

7 years ago · 8dd5edb4a1
parent b98a1db6ee
commit 8dd5edb4a1
1 changed files with 26 additions and 0 deletions
--- a/tools/codegen/gen_cert_bundle.py
+++ b/tools/codegen/gen_cert_bundle.py
@ -0,0 +1,26 @@
+#!/usr/bin/python3
+import pem
+from cryptography import x509
+from cryptography.x509.oid import NameOID
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes, serialization
+
+bundle = '/var/lib/ca-certificates/ca-bundle.pem'
+
+certs = pem.parse_file(bundle)
+
+def process_cert(cert):
+    cert = x509.load_pem_x509_certificate(cert.as_bytes(), default_backend())
+    i = cert.issuer
+    f = cert.fingerprint(hashes.BLAKE2s(32))
+    try:
+        i = i.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value
+    except:
+        i = i.get_attributes_for_oid(NameOID.ORGANIZATION_NAME)[0].value
+    print('  # %s' % i)
+    print('  %s,' % f)
+
+print('cert_bundle = [')
+for c in certs:
+    process_cert(c)
+print(']')