mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-10 15:30:55 +00:00
71 lines
1.8 KiB
Python
Executable File
71 lines
1.8 KiB
Python
Executable File
#!/usr/bin/python3
|
|
|
|
from base64 import b64decode
|
|
from hashlib import sha256
|
|
import requests
|
|
|
|
|
|
REPO = 'certifi/python-certifi'
|
|
|
|
|
|
def fetch_certdata():
|
|
r = requests.get('https://api.github.com/repos/%s/git/refs/heads/master' % REPO)
|
|
assert(r.status_code == 200)
|
|
commithash = r.json()['object']['sha']
|
|
|
|
r = requests.get('https://raw.githubusercontent.com/%s/%s/certifi/cacert.pem' % (REPO, commithash))
|
|
assert(r.status_code == 200)
|
|
certdata = r.text
|
|
|
|
return commithash, certdata
|
|
|
|
|
|
def process_certdata(data):
|
|
certs = {}
|
|
lines = [x.strip() for x in data.split('\n')]
|
|
label = None
|
|
value = None
|
|
for line in lines:
|
|
if line.startswith('# Label: '):
|
|
assert(label is None)
|
|
assert(value is None)
|
|
label = line.split('"')[1]
|
|
elif line == '-----BEGIN CERTIFICATE-----':
|
|
assert(label is not None)
|
|
assert(value is None)
|
|
value = ''
|
|
elif line == '-----END CERTIFICATE-----':
|
|
assert(label is not None)
|
|
assert(value is not None)
|
|
certs[label] = b64decode(value)
|
|
label, value = None, None
|
|
else:
|
|
if value is not None:
|
|
value += line
|
|
|
|
return certs
|
|
|
|
|
|
def main():
|
|
commithash, certdata = fetch_certdata()
|
|
|
|
print('# fetched from https://github.com/%s' % REPO)
|
|
print('# commit %s' % commithash)
|
|
|
|
certs = process_certdata(certdata)
|
|
|
|
size = sum([len(x) for x in certs.values()])
|
|
print('# certs: %d | digests size: %d | total size: %d' % (len(certs), len(certs) * 32, size))
|
|
|
|
print('cert_bundle = [')
|
|
for k, v in certs.items():
|
|
h = sha256(v)
|
|
print(' # %s' % k)
|
|
print(' # %s' % h.hexdigest())
|
|
print(' %s,' % h.digest())
|
|
print(']')
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|