def store_node_certificate(self, certificate: Certificate):
checksum_address = read_certificate_pseudonym(certificate=certificate)
self.__certificates[checksum_address] = certificate
self._write_tls_certificate(certificate=certificate)
filepath = self.generate_certificate_filepath(
checksum_address=checksum_address)
return filepath
def __read_node_tls_certificate(self, filepath: str = None, checksum_address: str = None) -> Certificate:
"""Deserialize an X509 certificate from a filepath"""
if not bool(filepath) ^ bool(checksum_address):
raise ValueError("Either pass filepath or checksum_address; Not both.")
if not filepath and checksum_address is not None:
filepath = self.generate_certificate_filepath(checksum_address)
try:
with open(filepath, 'rb') as certificate_file:
certificate = x509.load_pem_x509_certificate(certificate_file.read(), backend=default_backend())
# Sanity check:
# Validate the checksum address inside the cert as a consistency check against
# nodes that may have been altered on the disk somehow.
read_certificate_pseudonym(certificate=certificate)
return certificate
except FileNotFoundError:
raise FileNotFoundError("No SSL certificate found at {}".format(filepath))