Skip to content

Commit

Permalink
RiiR cert updater (#44)
Browse files Browse the repository at this point in the history
* RiiR cert updater

Part of #39
  • Loading branch information
tshepang authored Dec 27, 2023
1 parent 0479b6e commit 1c0e15b
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 21 deletions.
21 changes: 0 additions & 21 deletions src/tests/verification_real_world/update_valid_ee_certs.bash

This file was deleted.

43 changes: 43 additions & 0 deletions src/tests/verification_real_world/update_valid_ee_certs.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
#!/usr/bin/env -S cargo +nightly -Z script
```cargo
package.edition = "2021"
dependencies.anyhow = "1"
dependencies.reqwest.version = "0.11"
dependencies.reqwest.default-features = false
dependencies.reqwest.features = ["blocking", "rustls-tls-webpki-roots"]
```

use std::{fs, path::Path};

fn main() -> anyhow::Result<()> {
for (domain, output_path) in [
("my.1password.com", "1password_com_valid_1.crt"),
("agilebits.com", "agilebits_com_valid_1.crt"),
("lencr.org", "letsencrypt_org_valid_1.crt"),
] {
query(domain, output_path)?;
}
Ok(())
}

fn query(domain: &str, path: &str) -> anyhow::Result<()> {
let url = format!("https://{domain}");
let response = reqwest::blocking::Client::builder()
.tls_info(true)
// avoids agilebits.com redirect, which will result in the wrong cert...
// we want the cert of agilebits.com, not of 1password.com
.redirect(reqwest::redirect::Policy::none())
.build()?
.get(url)
.send()?;
let Some(tls_info): Option<&reqwest::tls::TlsInfo> = response.extensions().get() else {
anyhow::bail!("no TLS info found");
};
let Some(der) = tls_info.peer_certificate() else {
anyhow::bail!("no TLS certificate found");
};
let path = Path::new(env!("CARGO_MANIFEST_DIR")).join(path);
eprintln!("writing DER of {domain} to {}", path.display());
fs::write(path, der)?;
Ok(())
}

0 comments on commit 1c0e15b

Please sign in to comment.