From 13f2ef4949c3f7decb158aa4478d880242c5e05d Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Fri, 5 May 2023 16:53:37 +0800
Subject: [PATCH] cert_audit: Calculate identifier for X.509 objects

The identifier is calculated SHA1 hex string from
the DER encoding of each X.509 objects. It's useful
for finding out the identical X.509 objects.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 tests/scripts/audit-validity-dates.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py
index 35ea93c0d9..73509e1543 100755
--- a/tests/scripts/audit-validity-dates.py
+++ b/tests/scripts/audit-validity-dates.py
@@ -31,6 +31,7 @@ import argparse
 import datetime
 import glob
 import logging
+import hashlib
 from enum import Enum
 
 # The script requires cryptography >= 35.0.0 which is only available
@@ -69,10 +70,20 @@ class AuditData:
         self.locations = [] # type: typing.List[str]
         self.fill_validity_duration(x509_obj)
         self._obj = x509_obj
+        encoding = cryptography.hazmat.primitives.serialization.Encoding.DER
+        self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest()
 
     def __eq__(self, __value) -> bool:
         return self._obj == __value._obj
 
+    @property
+    def identifier(self):
+        """
+        Identifier of the underlying X.509 object, which is consistent across
+        different runs.
+        """
+        return self._identifier
+
     def fill_validity_duration(self, x509_obj):
         """Read validity period from an X.509 object."""
         # Certificate expires after "not_valid_after"