mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-02 19:40:57 +00:00
77 lines
1.8 KiB
Python
Executable File
77 lines
1.8 KiB
Python
Executable File
#!/usr/bin/python3
|
|
|
|
from base64 import b64decode
|
|
from hashlib import sha256
|
|
import requests
|
|
|
|
|
|
REPO = "certifi/python-certifi"
|
|
|
|
|
|
def fetch_certdata():
|
|
r = requests.get("https://api.github.com/repos/%s/git/refs/heads/master" % REPO)
|
|
assert r.status_code == 200
|
|
commithash = r.json()["object"]["sha"]
|
|
|
|
r = requests.get(
|
|
"https://raw.githubusercontent.com/%s/%s/certifi/cacert.pem"
|
|
% (REPO, commithash)
|
|
)
|
|
assert r.status_code == 200
|
|
certdata = r.text
|
|
|
|
return commithash, certdata
|
|
|
|
|
|
def process_certdata(data):
|
|
certs = {}
|
|
lines = [x.strip() for x in data.split("\n")]
|
|
label = None
|
|
value = None
|
|
for line in lines:
|
|
if line.startswith("# Label: "):
|
|
assert label is None
|
|
assert value is None
|
|
label = line.split('"')[1]
|
|
elif line == "-----BEGIN CERTIFICATE-----":
|
|
assert label is not None
|
|
assert value is None
|
|
value = ""
|
|
elif line == "-----END CERTIFICATE-----":
|
|
assert label is not None
|
|
assert value is not None
|
|
certs[label] = b64decode(value)
|
|
label, value = None, None
|
|
else:
|
|
if value is not None:
|
|
value += line
|
|
|
|
return certs
|
|
|
|
|
|
def main():
|
|
commithash, certdata = fetch_certdata()
|
|
|
|
print("# fetched from https://github.com/%s" % REPO)
|
|
print("# commit %s" % commithash)
|
|
|
|
certs = process_certdata(certdata)
|
|
|
|
size = sum([len(x) for x in certs.values()])
|
|
print(
|
|
"# certs: %d | digests size: %d | total size: %d"
|
|
% (len(certs), len(certs) * 32, size)
|
|
)
|
|
|
|
print("cert_bundle = [")
|
|
for k, v in certs.items():
|
|
h = sha256(v)
|
|
print(" # %s" % k)
|
|
print(" # %s" % h.hexdigest())
|
|
print(" %s," % h.digest())
|
|
print("]")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|