security/manager/ssl/tests/unit/crlite_enrollment_id.py

   1 #!/usr/bin/python
   2
   3 # Given a PEM encoded X.509 certificate, outputs
   4 #   base64(SHA256(subject || spki))
   5 # where `subject` is the RFC 5280 RDNSequence encoding
   6 # the certificate's subject, and `spki` is the RFC 5280
   7 # SubjectPublicKeyInfo field encoding the certificate's
   8 # public key.
   9
  10 import sys
  11 import base64
  12
  13 from cryptography import x509
  14 from cryptography.hazmat.primitives import serialization
  15 from cryptography.hazmat.primitives import hashes
  16
  17 if len(sys.argv) != 2:
  18     print(f"Usage: {sys.argv[0]} <path to pem cert>")
  19     sys.exit(1)
  20
  21 with open(sys.argv[1], "r") as f:
  22     cert = x509.load_pem_x509_certificate(f.read().encode("utf-8"), backend=None)
  23
  24 subj = cert.subject.public_bytes()
  25 spki = cert.public_key().public_bytes(
  26     format=serialization.PublicFormat.SubjectPublicKeyInfo,
  27     encoding=serialization.Encoding.DER,
  28 )
  29
  30 digest = hashes.Hash(hashes.SHA256(), backend=None)
  31 digest.update(subj)
  32 digest.update(spki)
  33 print(base64.b64encode(digest.finalize()).decode("utf-8"))