cert_audit: Calculate identifier for X.509 objects

The identifier is calculated SHA1 hex string from the DER encoding of each X.509 objects. It's useful for finding out the identical X.509 objects. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2025-02-28 09:39:53 +00:00 · 2023-05-05 16:53:37 +08:00 · 2023-05-05 16:53:37 +08:00 · 13f2ef4949
commit 13f2ef4949
parent fd72d9f556
1 changed files with 11 additions and 0 deletions
--- a/tests/scripts/audit-validity-dates.py
+++ b/tests/scripts/audit-validity-dates.py
@ -31,6 +31,7 @@ import argparse
 import datetime
 import glob
 import logging
+import hashlib
 from enum import Enum

 # The script requires cryptography >= 35.0.0 which is only available
@ -69,10 +70,20 @@ class AuditData:
        self.locations = [] # type: typing.List[str]
        self.fill_validity_duration(x509_obj)
        self._obj = x509_obj
+        encoding = cryptography.hazmat.primitives.serialization.Encoding.DER
+        self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest()

    def __eq__(self, __value) -> bool:
        return self._obj == __value._obj

+    @property
+    def identifier(self):
+        """
+        Identifier of the underlying X.509 object, which is consistent across
+        different runs.
+        """
+        return self._identifier
+
    def fill_validity_duration(self, x509_obj):
        """Read validity period from an X.509 object."""
        # Certificate expires after "not_valid_after"