Closed justincandoit closed 10 months ago
Yes, you could access these via environment variables, load from a file, make a network call, so the specific implementation is left up to the implementer.
Are there any examples of implementing these options?
Here's an example loading certificates from file. Just input your PATH_TO_CERTIFICATES.
import os
def load_certificates(certificates_path=PATH_TO_CERTIFICATES):
cer_files = [f for f in os.listdir(certificates_path) if f.endswith(".cer")]
certificate_contents = []
for cer_file in cer_files:
with open(os.path.join(certificates_path, cer_file), "rb") as file:
certificate_contents.append(file.read())
return certificate_contents
In our unit tests we have (recently added) examples of created a signedDataVerifier using a CA file https://github.com/apple/app-store-server-library-python/blob/7c7c8ea6b5404ff43242d0408fc3f952a43951d9/tests/util.py#L39-L40
Just chiming in that the root-certificates stuff was a bit of a stumbling block for me. For instance on an Ubuntu server I'm seeing a bunch of .pem files in /etc/ssl/certs or a bunch of .crt files in /usr/share/ca-certificates/mozilla, but plugging those in here didn't seem to work (it seems to want .der formatted stuff specifically?). I also tried using the certifi root ca bundle, but that also is a .pem. I tried converting things to a .der using an openssl command and plugging that in but hit errors there as well. Would it be possible to expand this to support a wider variety of inputs?
Please use Apple root CAs, not the built in root CAs to the OS Also, our WWDC talk walks through this entire process https://developer.apple.com/videos/play/wwdc2023/10143/
Examples in the readme are not fully contained examples. For instance there are references to functions not defined in this repo
load_root_certificates