File indexing completed on 2024-11-24 04:44:41
0001 #!/usr/bin/env python3 0002 # SPDX-FileCopyrightText: 2021 Volker Krause <vkrause@kde.org> 0003 # SPDX-License-Identifier: LGPL-2.0-or-later 0004 0005 import argparse 0006 import base64 0007 import json 0008 import os 0009 import requests 0010 import subprocess 0011 0012 def runOpenSsl(args, data = None): 0013 proc = subprocess.Popen(f"openssl {args}", shell=True, stdout=subprocess.PIPE, stdin=subprocess.PIPE) 0014 if data != None: 0015 proc.stdin.write(data) 0016 proc.stdin.close() 0017 return proc.stdout.read() 0018 0019 0020 parser = argparse.ArgumentParser(description='Download certificates for validating EU DGCs') 0021 parser.add_argument('--output', type=str, required=True, help='Path to which the output should be written to') 0022 arguments = parser.parse_args() 0023 0024 os.makedirs(arguments.output, exist_ok = True) 0025 0026 req = requests.get('https://de.dscg.ubirch.com/trustList/DSC/') 0027 # TODO figure out how to validate the signature at the start of this data 0028 jsonStart = str(req.content).index('{') 0029 certs = json.loads(str(req.content)[jsonStart:-1]) 0030 0031 # remove all existing certs so we clean up revoked/expired ones 0032 for certFile in os.listdir(arguments.output): 0033 if certFile.endswith(".pem") or certFile.endswith('.der'): 0034 os.remove(os.path.join(arguments.output, certFile)) 0035 0036 derFileNames = [] 0037 for cert in certs['certificates']: 0038 pemData = f"-----BEGIN CERTIFICATE-----\n{cert['rawData']}\n-----END CERTIFICATE-----" 0039 0040 derFileName = base64.b64decode(cert['kid']).hex() + ".der" 0041 derPath = os.path.join(arguments.output, derFileName) 0042 runOpenSsl(f"x509 -outform der -out {derPath}", pemData.encode('utf-8')) 0043 derFileNames.append(derFileName) 0044 0045 derFileNames.sort() 0046 0047 # write out qrc file 0048 qrcFile = open(os.path.join(arguments.output, 'eu-dgc-certs.qrc'), 'w') 0049 qrcFile.write("""<!-- 0050 SPDX-FileCopyrightText: none 0051 SPDX-License-Identifier: CC0-1.0 0052 --> 0053 <RCC> 0054 <qresource prefix="/org.kde.khealthcertificate/eu-dgc/certs"> 0055 """) 0056 for derFileName in derFileNames: 0057 qrcFile.write(f" <file>{derFileName}</file>\n") 0058 qrcFile.write(""" </qresource> 0059 </RCC>""") 0060 qrcFile.close()