Last active
July 12, 2021 10:50
-
-
Save dajiaji/888faee5afe56a41ce115ad5c92d84bb to your computer and use it in GitHub Desktop.
A simple EUDCC verifier implementation with Python CWT: refresh_trustlist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def refresh_trustlist(self): | |
| status = 200 | |
| headers = None | |
| # Get new DSCs | |
| x_resume_token = ( | |
| self._trustlist[len(self._trustlist) - 1]["x_resume_token"] | |
| if self._trustlist | |
| else "" | |
| ) | |
| while status == 200: | |
| if x_resume_token: | |
| headers = {"X-RESUME-TOKEN": x_resume_token} | |
| r = requests.get( | |
| self._base_url + "/signercertificateUpdate", headers=headers | |
| ) | |
| status = r.status_code | |
| if status == 204: | |
| break | |
| if status != 200: | |
| raise Exception(f"Received {status} from signercertificateUpdate") | |
| x_resume_token = r.headers["X-RESUME-TOKEN"] | |
| self._trustlist.append( | |
| { | |
| "x_kid": r.headers["X-KID"], | |
| "x_resume_token": x_resume_token, | |
| "dsc": r.text, | |
| } | |
| ) | |
| # Filter expired/revoked DSCs | |
| r = requests.get(self._base_url + "/signercertificateStatus") | |
| if r.status_code != 200: | |
| raise Exception(f"Received {r.status_code} from signercertificateStatus") | |
| active_kids = r.json() | |
| self._dscs = [] | |
| for v in self._trustlist: | |
| if v["x_kid"] not in active_kids: | |
| continue | |
| dsc = f"-----BEGIN CERTIFICATE-----\n{v['dsc']}\n-----END CERTIFICATE-----" | |
| self._dscs.append(load_pem_hcert_dsc(dsc)) | |
| # Update trustlist store. | |
| with open(self._trustlist_store_path, "w") as f: | |
| json.dump( | |
| [v for v in self._trustlist if v["x_kid"] in active_kids], f, indent=4 | |
| ) | |
| return |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment