def create_appdata_from_peercert(peercert: X509):
"""Pull the peercert from the connection and then massage it into the proper appdata
Returns:
appdata: Combination of the hashed cert and some metadata
Raises:
UnsupportedAlgorithm: If the cert's signature hash algorithm is not a single hash
"""
# We convert to the cryptography library's object representation of a cert so that we have more functionality.
# Specifically we want the signature_hash_algorithm
crypto_peercert = peercert.to_cryptography()
try:
hash_algo = crypto_peercert.signature_hash_algorithm
except UnsupportedAlgorithm as e:
raise e
if isinstance(hash_algo, (hashes.MD5, hashes.SHA1)):
# https://tools.ietf.org/html/rfc5929#section-4.1
hash_algo = hashes.SHA256()
hashed_cert = crypto_peercert.fingerprint(hash_algo)
return "tls-server-end-point:".encode("ASCII") + hashed_cert
