mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2024-12-24 07:06:41 +00:00
Switch to URL-safe base64 for SPKI hash, for nicer usage in NURLs.
This commit is contained in:
parent
5972a13457
commit
2e934574f0
@ -3,7 +3,7 @@ Common HTTP infrastructure for the storge server.
|
||||
"""
|
||||
|
||||
from enum import Enum
|
||||
from base64 import b64encode
|
||||
from base64 import urlsafe_b64encode, b64encode
|
||||
from hashlib import sha256
|
||||
from typing import Optional
|
||||
|
||||
@ -44,8 +44,10 @@ def get_spki_hash(certificate: Certificate) -> bytes:
|
||||
"""
|
||||
Get the public key hash, as per RFC 7469: base64 of sha256 of the public
|
||||
key encoded in DER + Subject Public Key Info format.
|
||||
|
||||
We use the URL-safe base64 variant, since this is typically found in NURLs.
|
||||
"""
|
||||
public_key_bytes = certificate.public_key().public_bytes(
|
||||
Encoding.DER, PublicFormat.SubjectPublicKeyInfo
|
||||
)
|
||||
return b64encode(sha256(public_key_bytes).digest()).strip().rstrip(b"=")
|
||||
return urlsafe_b64encode(sha256(public_key_bytes).digest()).strip().rstrip(b"=")
|
||||
|
@ -42,7 +42,7 @@ class HTTPSNurlTests(SyncTestCase):
|
||||
openssl asn1parse -noout -inform pem -out public.key
|
||||
openssl dgst -sha256 -binary public.key | openssl enc -base64
|
||||
"""
|
||||
expected_hash = b"JIj6ezHkdSBlHhrnezAgIC/mrVQHy4KAFyL+8ZNPGPM"
|
||||
expected_hash = b"JIj6ezHkdSBlHhrnezAgIC_mrVQHy4KAFyL-8ZNPGPM"
|
||||
certificate_text = b"""\
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDWTCCAkECFCf+I+3oEhTfqt+6ruH4qQ4Wst1DMA0GCSqGSIb3DQEBCwUAMGkx
|
||||
|
Loading…
Reference in New Issue
Block a user