fix: remove cryptography import, cleanup error handling

2020-10-16 13:56:36 -07:00 · 2020-10-16 13:56:36 -07:00 · adaac3066c
commit adaac3066c
parent 7e3c21c396
2 changed files with 15 additions and 6 deletions
--- a/tools/pycert_bearssl/cert_util.py
+++ b/tools/pycert_bearssl/cert_util.py
@ -20,7 +20,6 @@ import socket
 import textwrap
 import math
 import os
-import cryptography

 CERT_PATTERN = re.compile("^\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-[a-z,A-Z,0-9,\n,\/,+]+={0,2}\n\-\-\-\-\-END CERTIFICATE-\-\-\-\-", re.MULTILINE)

@ -291,7 +290,8 @@ def x509_to_header(x509Certs, cert_var, cert_length_var, output_file, keep_dupes
        # next, the RSA public numbers
        pubkey = cert.get_pubkey()
        numbers = pubkey.to_cryptography_key().public_numbers()
-        if type(numbers) is cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers:
+        numbers_typename = type(numbers).__name__
+        if 'RSA' in numbers_typename:
            # starting with the modulous
            n_bytes_str = bytes_to_c_data(numbers.n.to_bytes(pubkey.bits() // 8, byteorder="big"))
            static_arrays.append(CRAY_TEMPLATE.format(
@ -309,7 +309,7 @@ def x509_to_header(x509Certs, cert_var, cert_length_var, output_file, keep_dupes
                ta_dn_name=DN_PRE + str(cert_index), 
                rsa_number_name=RSA_N_PRE + str(cert_index), 
                rsa_exp_name=RSA_E_PRE + str(cert_index)))
-        elif type(numbers) is cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers:
+        elif 'Elliptic' in numbers_typename:
            # starting with the modulous
            curve_bytes = b'\x04' + numbers.x.to_bytes(pubkey.bits() // 8, byteorder="big") + numbers.y.to_bytes(
                pubkey.bits() // 8, byteorder="big")
@ -325,6 +325,8 @@ def x509_to_header(x509Certs, cert_var, cert_length_var, output_file, keep_dupes
                ec_number_name=EC_CURVE_PRE + str(cert_index),
                ec_curve_name=EC_CURVE_NAME_PRE + curve_name
            ))
+        else:
+            raise Exception(f'Unknown public key type {numbers_typename}')
    # concatonate it all into the big header file template
    # cert descriptions
    cert_desc_out = '\n * \n'.join(cert_desc)
--- a/tools/pycert_bearssl/pycert_bearssl.py
+++ b/tools/pycert_bearssl/pycert_bearssl.py
@ -86,7 +86,11 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom
        # append cert to array
        down_certs.append(cert)
    # Combine PEMs and write output header.
-    cert_util.x509_to_header(down_certs, cert_var, cert_length_var, output, keep_dupes, domains=domain)
+    try:
+      cert_util.x509_to_header(down_certs, cert_var, cert_length_var, output, keep_dupes, domains=domain)
+    except Exception as E:
+      click.echo(f'Recieved error when converting certificate to header: {E}')
+      exit(1)


@pycert_bearssl.command(short_help='Convert PEM certs into a C header.')
@ -144,8 +148,11 @@ def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_search,
        else:
          root_certs.append(cert_dict[cn_hash])
    # Combine PEMs and write output header.
-    cert_util.x509_to_header(root_certs, cert_var, cert_length_var, output, keep_dupes)
-
+    try:
+      cert_util.x509_to_header(root_certs, cert_var, cert_length_var, output, keep_dupes)
+    except Exception as E:
+      click.echo(f'Recieved error when converting certificate to header: {E}')
+      exit(1)

 if __name__ == '__main__':
    pycert_bearssl()