(cert: Certificate)
| 156 | |
| 157 | |
| 158 | def _public_key_hash(cert: Certificate) -> bytes: |
| 159 | public_key = cert.public_key() |
| 160 | # https://tools.ietf.org/html/rfc2560#section-4.2.1 |
| 161 | # "KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key |
| 162 | # (excluding the tag and length fields)" |
| 163 | # https://stackoverflow.com/a/46309453/600498 |
| 164 | if isinstance(public_key, _RSAPublicKey): |
| 165 | pbytes = public_key.public_bytes(_Encoding.DER, _PublicFormat.PKCS1) |
| 166 | elif isinstance(public_key, _EllipticCurvePublicKey): |
| 167 | pbytes = public_key.public_bytes(_Encoding.X962, _PublicFormat.UncompressedPoint) |
| 168 | else: |
| 169 | pbytes = public_key.public_bytes(_Encoding.DER, _PublicFormat.SubjectPublicKeyInfo) |
| 170 | digest = _Hash(_SHA1(), backend=_default_backend()) # noqa: S303 |
| 171 | digest.update(pbytes) |
| 172 | return digest.finalize() |
| 173 | |
| 174 | |
| 175 | def _get_certs_by_key_hash( |
no test coverage detected