| 1693 | |
| 1694 | #[pymethod] |
| 1695 | fn get_ca_certs(&self, args: GetCertArgs, vm: &VirtualMachine) -> PyResult<PyListRef> { |
| 1696 | let binary_form = args.binary_form.unwrap_or(false); |
| 1697 | let ca_certs_der = self.ca_certs_der.read(); |
| 1698 | |
| 1699 | let mut certs = Vec::new(); |
| 1700 | for cert_der in ca_certs_der.iter() { |
| 1701 | // Parse certificate to check if it's a CA and get info |
| 1702 | match x509_parser::parse_x509_certificate(cert_der) { |
| 1703 | Ok((_, cert)) => { |
| 1704 | // Check if this is a CA certificate (BasicConstraints: CA=TRUE) |
| 1705 | let is_ca = if let Ok(Some(bc_ext)) = cert.basic_constraints() { |
| 1706 | bc_ext.value.ca |
| 1707 | } else { |
| 1708 | false |
| 1709 | }; |
| 1710 | |
| 1711 | // Only include CA certificates |
| 1712 | if !is_ca { |
| 1713 | continue; |
| 1714 | } |
| 1715 | |
| 1716 | if binary_form { |
| 1717 | // Return DER-encoded certificate as bytes |
| 1718 | certs.push(vm.ctx.new_bytes(cert_der.clone()).into()); |
| 1719 | } else { |
| 1720 | // Return certificate as dict (use helper from _test_decode_cert) |
| 1721 | let dict = self.cert_der_to_dict(vm, cert_der)?; |
| 1722 | certs.push(dict); |
| 1723 | } |
| 1724 | } |
| 1725 | Err(_) => { |
| 1726 | // Skip invalid certificates |
| 1727 | continue; |
| 1728 | } |
| 1729 | } |
| 1730 | } |
| 1731 | |
| 1732 | Ok(PyListRef::from(vm.ctx.new_list(certs))) |
| 1733 | } |
| 1734 | |
| 1735 | #[pymethod] |
| 1736 | fn load_dh_params(&self, filepath: PyObjectRef, vm: &VirtualMachine) -> PyResult<()> { |