Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[resotolib][chore] Refactor CA bundle generation #1788

Merged
merged 6 commits into from
Oct 2, 2023
Merged

[resotolib][chore] Refactor CA bundle generation #1788

Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1a35f21
[resotolib][chore] Refactor CA bundle generation
lloesche Oct 2, 2023
9e2ff49
Update
lloesche Oct 2, 2023
b29b48e
Update
lloesche Oct 2, 2023
b583688
Update
lloesche Oct 2, 2023
e73c41e
Allow multiple certs in bundle
lloesche Oct 2, 2023
fceb2b2
black
lloesche Oct 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 21 additions & 15 deletions resotolib/resotolib/x509.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,24 +186,30 @@ def write_cert_to_file(cert: Certificate, cert_path: str, rename: bool = True) -
os.rename(tmp_cert_path, cert_path)


def generate_ca_bundle_bytes(cert: Certificate, include_certifi: bool = True) -> bytes:
content = bytearray()
if include_certifi:
content.extend(certifi.contents().encode())
content.extend("\n".encode())
content.extend(f"# Issuer: {cert.issuer.rfc4514_string()}\n".encode())
content.extend(f"# Subject: {cert.subject.rfc4514_string()}\n".encode())
label: str = cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value # type: ignore
content.extend(f"# Label: {label}\n".encode())
content.extend(f"# Serial: {cert.serial_number}\n".encode())
md5 = cert_fingerprint(cert, "MD5")
sha1 = cert_fingerprint(cert, "SHA1")
sha256 = cert_fingerprint(cert, "SHA256")
content.extend(f"# MD5 Fingerprint: {md5}\n".encode())
content.extend(f"# SHA1 Fingerprint: {sha1}\n".encode())
content.extend(f"# SHA256 Fingerprint: {sha256}\n".encode())
content.extend(cert_to_bytes(cert))
return bytes(content)


def write_ca_bundle(cert: Certificate, cert_path: str, include_certifi: bool = True, rename: bool = True) -> None:
tmp_cert_path = f"{cert_path}.tmp" if rename else cert_path
with open(tmp_cert_path, "wb") as f:
if include_certifi:
f.write(certifi.contents().encode())
f.write("\n".encode())
f.write(f"# Issuer: {cert.issuer.rfc4514_string()}\n".encode())
f.write(f"# Subject: {cert.subject.rfc4514_string()}\n".encode())
label: str = cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value # type: ignore
f.write(f"# Label: {label}\n".encode())
f.write(f"# Serial: {cert.serial_number}\n".encode())
md5 = cert_fingerprint(cert, "MD5")
sha1 = cert_fingerprint(cert, "SHA1")
sha256 = cert_fingerprint(cert, "SHA256")
f.write(f"# MD5 Fingerprint: {md5}\n".encode())
f.write(f"# SHA1 Fingerprint: {sha1}\n".encode())
f.write(f"# SHA256 Fingerprint: {sha256}\n".encode())
f.write(cert_to_bytes(cert))
f.write(generate_ca_bundle_bytes(cert, include_certifi))
if rename:
os.rename(tmp_cert_path, cert_path)

Expand Down
Loading