snapshot

2026-03-19 13:45:14 -06:00
parent 5922d2bb08
commit b2239d5414
9 changed files with 614 additions and 202 deletions
--- a/mtik_cert_pusher/cert_util.py
+++ b/mtik_cert_pusher/cert_util.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+# dlitz 2026
+import base64
+import re
+
+CERT_REGEXP = re.compile(
+    r"""
+    (?P<cert>
+        ^-----BEGIN\ CERTIFICATE-----\n
+        (?P<b64data>
+            [0-9A-Za-z/+\n]+?   # base64 characters and newlines
+            ={0,2}\n            # base64 padding
+        )
+        ^-----END\ CERTIFICATE-----(?:\n|\Z)
+    )
+    """,
+    re.S | re.M | re.X,
+)
+
+
+def split_certs(pem_data: str, *, strict: bool = True) -> list[str]:
+    r = CERT_REGEXP
+    if not strict:
+        return [m["cert"] for m in r.finditer(pem_data)]
+    certs = []
+    pos = 0
+    for m in r.finditer(pem_data):
+        if strict and m.start() != pos:
+            raise ValueError(
+                f"certificate data contains extra junk at (position {pos})"
+            )
+        cert = m["cert"]
+        if strict:
+            # Try decoding the base64 data
+            base64.b64decode(m["b64data"])
+        certs.append(cert)
+        pos = m.end()
+    if strict and pos != len(pem_data):
+        raise ValueError(f"extra junk after certificate data (at position {pos})")
+    return certs
+
+
+if __name__ == "__main__":
+    from pathlib import Path
+
+    # print(split_certs(Path("threecerts.pem").read_text(), strict=False))
+    # print(split_certs(Path("threecerts.pem").read_text(), strict=True))
+    print(split_certs("-----BEGIN CERTIFICATE-----\nAAA=\n-----END CERTIFICATE-----\n"))