From 73d0c7a96df2212d5a3ee6289fc286f3e6459028 Mon Sep 17 00:00:00 2001 From: "kali kaneko (leap communications)" Date: Fri, 9 Oct 2020 18:53:11 +0200 Subject: [pkg] refactor vendor init/check --- branding/scripts/check-ca-crt.py | 61 ---------------------------------------- 1 file changed, 61 deletions(-) delete mode 100755 branding/scripts/check-ca-crt.py (limited to 'branding/scripts/check-ca-crt.py') diff --git a/branding/scripts/check-ca-crt.py b/branding/scripts/check-ca-crt.py deleted file mode 100755 index dbf9b40..0000000 --- a/branding/scripts/check-ca-crt.py +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env python3 -import re -import sys -import configparser -import urllib.request - -SCRIPT_NAME = 'check-ca-crt.py' - -USAGE = '''Check that the stored provider CA matches the one announced online. -Usage: {name} - -Example: {name} riseup branding/config/vendor.conf'''.format(name=SCRIPT_NAME) - - -def getLocalCert(provider): - sanitized = re.sub(r'[^\w\s-]', '', provider).strip().lower() - with open('branding/config/' - '{provider}-ca.crt'.format(provider=sanitized)) as crt: - return crt.read().strip() - - -def getRemoteCert(uri): - print("... checking cert from", uri) - fp = urllib.request.urlopen(uri) - remote_cert = fp.read().decode('utf-8').strip() - fp.close() - return remote_cert - - -def getUriForProvider(provider, configfile): - c = configparser.ConfigParser() - c.read(configfile) - return c[provider]['caURL'] - - -if __name__ == '__main__': - - if len(sys.argv) != 3: - print('[!] Not enough arguments') - print(USAGE) - sys.exit(1) - - provider = sys.argv[1] - config = sys.argv[2] - - try: - uri = getUriForProvider(provider, config) - except IndexError: - print('[!] Misconfigured provider') - sys.exit(1) - - local = getLocalCert(provider) - remote = getRemoteCert(uri) - - try: - assert local == remote - except AssertionError: - print('[!] ERROR: remote and local CA certs do not match') - sys.exit(1) - else: - print('OK: local CA matches what provider announces') -- cgit v1.2.3