rpms/ca-certificates
7
0
Fork 0
Code Issues Pull Requests Releases Activity

certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER

Browse Source 
This allows to follow upcoming changes in certdata.txt:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613

Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2019-12-04 10:53:31 +01:00
parent 8702798203
commit 6aec97d9bd
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
certdata2pem.py
View File

@ -177,6 +177,11 @@ openssl_trust = {
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection", "CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
} }
cert_distrust_types = {
"CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
"CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
}
for tobj in objects: for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST': if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
key = tobj['CKA_LABEL'] + printable_serial(tobj) key = tobj['CKA_LABEL'] + printable_serial(tobj)
@ -369,6 +374,16 @@ for tobj in objects:
f.write("nss-mozilla-ca-policy: true\n") f.write("nss-mozilla-ca-policy: true\n")
f.write("modifiable: false\n"); f.write("modifiable: false\n");
# requires p11-kit >= 0.23.19
for t in list(cert_distrust_types.keys()):
if t in obj:
value = obj[t]
if value == 'CK_FALSE':
value = bytearray(1)
f.write(cert_distrust_types[t] + ": \"")
f.write(urllib.parse.quote(value));
f.write("\"\n")
f.write("-----BEGIN CERTIFICATE-----\n") f.write("-----BEGIN CERTIFICATE-----\n")
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE']) temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64) temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)