Readme Documentation Examples

[justincandoit]

Examples in the readme are not fully contained examples. For instance there are references to functions not defined in this repo load_root_certificates

[alexanderjordanbaker]

Yes, you could access these via environment variables, load from a file, make a network call, so the specific implementation is left up to the implementer.

[justincandoit]

Are there any examples of implementing these options?

[rkotzy]

Here's an example loading certificates from file. Just input your PATH_TO_CERTIFICATES.

import os

def load_certificates(certificates_path=PATH_TO_CERTIFICATES):
    cer_files = [f for f in os.listdir(certificates_path) if f.endswith(".cer")]

    certificate_contents = []

    for cer_file in cer_files:
        with open(os.path.join(certificates_path, cer_file), "rb") as file:
            certificate_contents.append(file.read())

    return certificate_contents

[alexanderjordanbaker]

In our unit tests we have (recently added) examples of created a signedDataVerifier using a CA file https://github.com/apple/app-store-server-library-python/blob/7c7c8ea6b5404ff43242d0408fc3f952a43951d9/tests/util.py#L39-L40

[efroemling]

Just chiming in that the root-certificates stuff was a bit of a stumbling block for me. For instance on an Ubuntu server I'm seeing a bunch of .pem files in /etc/ssl/certs or a bunch of .crt files in /usr/share/ca-certificates/mozilla, but plugging those in here didn't seem to work (it seems to want .der formatted stuff specifically?). I also tried using the certifi root ca bundle, but that also is a .pem. I tried converting things to a .der using an openssl command and plugging that in but hit errors there as well. Would it be possible to expand this to support a wider variety of inputs?

[alexanderjordanbaker]

Please use Apple root CAs, not the built in root CAs to the OS Also, our WWDC talk walks through this entire process https://developer.apple.com/videos/play/wwdc2023/10143/