cert_audit: Calculate identifier for X.509 objects
The identifier is calculated SHA1 hex string from
the DER encoding of each X.509 objects. It's useful
for finding out the identical X.509 objects.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py
index 35ea93c..73509e1 100755
--- a/tests/scripts/audit-validity-dates.py
+++ b/tests/scripts/audit-validity-dates.py
@@ -31,6 +31,7 @@
import datetime
import glob
import logging
+import hashlib
from enum import Enum
# The script requires cryptography >= 35.0.0 which is only available
@@ -69,10 +70,20 @@
self.locations = [] # type: typing.List[str]
self.fill_validity_duration(x509_obj)
self._obj = x509_obj
+ encoding = cryptography.hazmat.primitives.serialization.Encoding.DER
+ self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest()
def __eq__(self, __value) -> bool:
return self._obj == __value._obj
+ @property
+ def identifier(self):
+ """
+ Identifier of the underlying X.509 object, which is consistent across
+ different runs.
+ """
+ return self._identifier
+
def fill_validity_duration(self, x509_obj):
"""Read validity period from an X.509 object."""
# Certificate expires after "not_valid_after"