def validate_with_repository(
certs_repo: RootCertificatesRepository,
fingerprint_hash_algorithm: Union[hashes.SHA1, hashes.SHA256],
parsed_root_records: List[Tuple[str, bytes]],
) -> Set[RootCertificateRecord]:
validated_root_records = set()
# For each (subj_name, fingerprint) try to find the corresponding certificate in the supplied cert repo
for scraped_subj_name, fingerprint in parsed_root_records:
try:
cert = certs_repo.lookup_certificate_with_fingerprint(
fingerprint, fingerprint_hash_algorithm)
validated_root_records.add(
RootCertificateRecord.from_certificate(cert))
except CertificateNotFoundError:
# We have never seen this certificate - use whatever name we scraped from the page
logging.error(
f'Could not find certificate "{scraped_subj_name}" in local repository'
)
record = RootCertificateRecord.from_scraped_record(
scraped_subj_name, fingerprint)
validated_root_records.add(record)
except ValueError as e:
if 'Unsupported ASN1 string type' in e.args[0]:
# Could not parse the certificate: https://github.com/pyca/cryptography/issues/3542
logging.error(
f'Parsing error for certificate "{scraped_subj_name}"')
# Give up and just use the scraped name
record = RootCertificateRecord.from_scraped_record(
scraped_subj_name, fingerprint)
validated_root_records.add(record)
else:
raise
return validated_root_records
def export_trusted_certificates_as_pem(self, certs_repository: RootCertificatesRepository) -> str:
# Lookup each certificate in the folders we use as the repository of all root certs
all_certs_as_pem = []
for cert_record in self.trusted_certificates:
cert = certs_repository.lookup_certificate_with_fingerprint(cert_record.fingerprint)
# Export each certificate as PEM
all_certs_as_pem.append(cert.public_bytes(Encoding.PEM).decode('ascii'))
return '\n'.join(all_certs_as_pem)