def create_appdata_from_peercert(peercert: X509): """Pull the peercert from the connection and then massage it into the proper appdata Returns: appdata: Combination of the hashed cert and some metadata Raises: UnsupportedAlgorithm: If the cert's signature hash algorithm is not a single hash """ # We convert to the cryptography library's object representation of a cert so that we have more functionality. # Specifically we want the signature_hash_algorithm crypto_peercert = peercert.to_cryptography() try: hash_algo = crypto_peercert.signature_hash_algorithm except UnsupportedAlgorithm as e: raise e if isinstance(hash_algo, (hashes.MD5, hashes.SHA1)): # https://tools.ietf.org/html/rfc5929#section-4.1 hash_algo = hashes.SHA256() hashed_cert = crypto_peercert.fingerprint(hash_algo) return "tls-server-end-point:".encode("ASCII") + hashed_cert