ruben/sort_certificate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Handle case in when both an intermediate and a root cert with the same name is present in our input

Browse Source
This commit is contained in:
Ruben van Staveren 2019-08-20 12:09:45 +02:00
parent 5adfd4ef66
commit ccd93d8027
No known key found for this signature in database
GPG Key ID: 63424959ACCADD9C
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sort_certificate.py
View File

@ -130,6 +130,18 @@ def order_x509(x509_objects, root_issuers):
root_crt = [x for x in x509_objects if x.get_subject() == x.get_issuer()] root_crt = [x for x in x509_objects if x.get_subject() == x.get_issuer()]
if root_crt: if root_crt:
root_crt = x509_objects.pop(x509_objects.index(root_crt[0])) root_crt = x509_objects.pop(x509_objects.index(root_crt[0]))
logging.warning('Found root certificate %s in input',
str(root_crt.get_subject()))
# Double check if our self signed root certificate is not also present
# as an intermediate:
# - It is probably invalid input, and doesn't make sense
# - It confuses the ordering process
if next((x for x in x509_objects
if x.get_subject() != x.get_issuer()
and x.get_subject() == root_crt.get_subject()), None):
raise Exception('Both present as intermediate '
'and root certificate: %s' %
str(root_crt.get_subject()))
else: else:
# Get intermediate cert signed by any root from bundle as anchor, and # Get intermediate cert signed by any root from bundle as anchor, and
# make that our root # make that our root