thirdparty/ca-certificates
2
0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Python 3 support to ca-certificates.

Browse source 
Thanks to Andrew Wilcox for the patch!  Closes: #789753
This commit is contained in:
Michael Shuler 2015-10-22 15:33:15 -05:00
parent d4790d2832
commit a2fa9a1381
2 changed files with 24 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

7
debian/changelog vendored
View file

@ -1,10 +1,13 @@
ca-certificates (20150709) UNRELEASED; urgency=medium
ca-certificates (20151022) UNRELEASED; urgency=medium
* debian/postinst:
Handle /usr/local/share/ca-certificates permissions and ownership on
upgrade. Closes: #611501
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.5.
* mozilla/certdata2pem.py:
Add Python 3 support to ca-certificates.
Thanks to Andrew Wilcox for the patch! Closes: #789753
TODO: verify adds/removes
The following certificate authorities were added (+):
+ "Certinomis - Root CA"
@ -17,7 +20,7 @@ TODO: verify adds/removes
- "TC TrustCenter Universal CA I"
- "TURKTRUST Certificate Services Provider Root 1"
-- Michael Shuler <michael@pbandjelly.org> Thu, 09 Jul 2015 16:02:11 -0500
-- Michael Shuler <michael@pbandjelly.org> Thu, 22 Oct 2015 15:32:23 -0500
ca-certificates (20150426) unstable; urgency=medium

32
mozilla/certdata2pem.py
View file

@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'):
if type == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
value += chr(int(i.group(1), 8))
value.append(int(i.group(1), 8))
else:
value += line
continue
@ -70,13 +70,13 @@ for line in open('certdata.txt', 'r'):
field, type = line_parts
value = None
else:
raise NotImplementedError, 'line_parts < 2 not supported.'
raise NotImplementedError('line_parts < 2 not supported.')
if type == 'MULTILINE_OCTAL':
in_multiline = True
value = ""
value = bytearray()
continue
obj[field] = value
if len(obj.items()) > 0:
if len(obj) > 0:
objects.append(obj)
# Read blacklist.
@ -95,7 +95,7 @@ for obj in objects:
if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
continue
if obj['CKA_LABEL'] in blacklist:
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
'CKT_NSS_TRUSTED_DELEGATOR'):
trust[obj['CKA_LABEL']] = True
@ -104,13 +104,13 @@ for obj in objects:
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
'CKT_NSS_NOT_TRUSTED'):
print '!'*74
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
print '!'*74
print('!'*74)
print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
print('!'*74)
else:
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
obj['CKA_TRUST_EMAIL_PROTECTION'])
obj['CKA_TRUST_EMAIL_PROTECTION']))
for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
@ -121,13 +121,19 @@ for obj in objects:
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_')
bname = bname.decode('string_escape')
# this is the only way to decode the way NSS stores multi-byte UTF-8
if bytes != str:
bname = bname.encode('utf-8')
bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8')
fname = bname + '.crt'
if os.path.exists(fname):
print "Found duplicate certificate name %s, renaming." % bname
print("Found duplicate certificate name %s, renaming." % bname)
fname = bname + '_2.crt'
f = open(fname, 'w')
f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
f.write("\n".join(textwrap.wrap(encoded, 64)))
f.write("\n-----END CERTIFICATE-----\n")