From d7a84f97695788abcd2fae6276bc91f7caf2ac5f Mon Sep 17 00:00:00 2001 From: "zacikpa@gmail.com" Date: Sun, 3 Oct 2021 15:56:42 +0200 Subject: [PATCH] Flatten the generated zip archives and include individual certs --- validation/certs/Makefile | 8 +++++++- validation/certs/utils/split_chain.py | 17 +++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 validation/certs/utils/split_chain.py diff --git a/validation/certs/Makefile b/validation/certs/Makefile index 2e386dba..8480f08e 100644 --- a/validation/certs/Makefile +++ b/validation/certs/Makefile @@ -44,6 +44,9 @@ VRESULTS_FILE=$(VDIR)/vresults.yml # port counter PORT_CTR_FILE=$(VDIR)/.port +# Chain splitting script +SPLIT_SCRIPT=$(UTILS_DIR)/split_chain.py + # All individual chain script directories CHAINS_ALL=$(notdir $(wildcard $(CHAINS_DIR)/*)) # All individual chain build folders @@ -92,7 +95,10 @@ $(VRESULTS_DIR)/%.yml: $(BUILD_DIR)/%/$(CHAIN_FILENAME) $(ARCHIVE_DIR)/%.zip: $(BUILD_DIR)/%/$(CHAIN_FILENAME) @mkdir -p $(ARCHIVE_DIR) @printf "Creating a zip archive: %-50s" $(basename $(@F)) - @cd $(BUILD_DIR) && zip --filesync --quiet ../$@ $(*F)/*.pem $(ROOT)/$(ROOT).pem + @mkdir -p ./tmp/ + @python3 $(SPLIT_SCRIPT) $< ./tmp/ + @cd $(BUILD_DIR) && zip -j --filesync --quiet ../$@ ../tmp/* ../$< $(*F)/crl*.pem $(ROOT)/$(ROOT).pem + @rm -rf ./tmp/ @printf "[ OK ]\n" clean: diff --git a/validation/certs/utils/split_chain.py b/validation/certs/utils/split_chain.py new file mode 100644 index 00000000..f476d806 --- /dev/null +++ b/validation/certs/utils/split_chain.py @@ -0,0 +1,17 @@ +import sys + +BEGIN_STR = '-----BEGIN CERTIFICATE-----' + +with open(sys.argv[1], 'r') as f: + chain = f.read() + +tmp = chain.split(BEGIN_STR) +tmp.pop(0) +certs = list(map(lambda x: BEGIN_STR + x, tmp)) + +with open(sys.argv[2] + 'endpoint.pem', 'w') as f: + f.write(certs[0]) + +for i, cert in enumerate(certs[1:]): + with open(sys.argv[2] + 'intermediate' + str(i + 1) + '.pem', 'w') as f: + f.write(cert)