Handle case in when both an intermediate and a root cert with the same name is present in our input

2019-08-20 12:09:45 +02:00 · 2019-08-20 12:09:45 +02:00 · ccd93d8027
commit ccd93d8027
parent 5adfd4ef66
1 changed files with 12 additions and 0 deletions
--- a/sort_certificate.py
+++ b/sort_certificate.py
@ -130,6 +130,18 @@ def order_x509(x509_objects, root_issuers):
    root_crt = [x for x in x509_objects if x.get_subject() == x.get_issuer()]
    if root_crt:
        root_crt = x509_objects.pop(x509_objects.index(root_crt[0]))
+        logging.warning('Found root certificate %s in input',
+                        str(root_crt.get_subject()))
+        # Double check if our self signed root certificate is not also present
+        # as an intermediate:
+        # - It is probably invalid input, and doesn't make sense
+        # - It confuses the ordering process
+        if next((x for x in x509_objects
+                 if x.get_subject() != x.get_issuer()
+                 and x.get_subject() == root_crt.get_subject()), None):
+            raise Exception('Both present as intermediate '
+                            'and root certificate: %s' %
+                            str(root_crt.get_subject()))
    else:
        # Get intermediate cert signed by any root from bundle as anchor, and
        # make that our root