1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-29 09:38:08 +00:00
trezor-firmware/tools/codegen/gen_cert_bundle.py

71 lines
1.8 KiB
Python
Executable File

#!/usr/bin/python3
from base64 import b64decode
from hashlib import sha256
import requests
REPO = 'certifi/python-certifi'
def fetch_certdata():
r = requests.get('https://api.github.com/repos/%s/git/refs/heads/master' % REPO)
assert(r.status_code == 200)
commithash = r.json()['object']['sha']
r = requests.get('https://raw.githubusercontent.com/%s/%s/certifi/cacert.pem' % (REPO, commithash))
assert(r.status_code == 200)
certdata = r.text
return commithash, certdata
def process_certdata(data):
certs = {}
lines = [x.strip() for x in data.split('\n')]
label = None
value = None
for line in lines:
if line.startswith('# Label: '):
assert(label is None)
assert(value is None)
label = line.split('"')[1]
elif line == '-----BEGIN CERTIFICATE-----':
assert(label is not None)
assert(value is None)
value = ''
elif line == '-----END CERTIFICATE-----':
assert(label is not None)
assert(value is not None)
certs[label] = b64decode(value)
label, value = None, None
else:
if value is not None:
value += line
return certs
def main():
commithash, certdata = fetch_certdata()
print('# fetched from https://github.com/%s' % REPO)
print('# commit %s' % commithash)
certs = process_certdata(certdata)
size = sum([len(x) for x in certs.values()])
print('# certs: %d | digests size: %d | total size: %d' % (len(certs), len(certs) * 32, size))
print('cert_bundle = [')
for k, v in certs.items():
h = sha256(v)
print(' # %s' % k)
print(' # %s' % h.hexdigest())
print(' %s,' % h.digest())
print(']')
if __name__ == '__main__':
main()