dyson.com and dyson.cn use the same CA now

[seanrees]

The intermediate CA cert is named "DigiCert TLS RSA SHA256 2021 CA1", so rename the chain file to incorporate that name to make it obvious what it is.

Verified with:

  for tld in 'com' 'cn'; do
    host=appapi.cp.dyson.${tld}
    echo $host
    echo "HEAD / HTTP/1.0" | \
      openssl s_client -servername $host -connect $host:443 -CAfile DigiCert-TLS-RSA-SHA256-2020-CA1_chain.crt | \
      grep -i verif
  done

[codecov[bot]]

Codecov Report

Merging #16 (699df1a) into main (70d8902) will not change coverage. The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main      #16   +/-   ##
=======================================
  Coverage   99.05%   99.05%           
=======================================
  Files          21       21           
  Lines         948      948           
=======================================
  Hits          939      939           
  Misses          9        9           

Impacted Files	Coverage Δ
libdyson/cloud/account.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 70d8902...699df1a. Read the comment docs.

[seanrees]

Gentle ping on this? :-)

[brad07x]

@seanrees It looks like the US API endpoint is now protected by CloudFlare as of 11/15/21:

for tld in 'com' 'cn'; do
     host=appapi.cp.dyson.${tld}
     echo $host
     echo "HEAD / HTTP/1.0" | \
       openssl s_client -servername $host -connect $host:443 -CAfile DigiCert-TLS-RSA-SHA256-2020-CA1_chain.crt | \
       grep -i verif
   done

appapi.cp.dyson.com
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.com
verify return:1
DONE
Verification error: unable to get local issuer certificate
Verify return code: 20 (unable to get local issuer certificate)
appapi.cp.dyson.cn
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C = GB, L = Malmesbury, O = Dyson Limited, CN = *.dyson.cn
verify return:1
DONE
Verification: OK
Verify return code: 0 (ok)`

[seanrees]

@brad07x yep, you're correct. This PR is rather moot now, will close it out.

I think there might be a small job here to either update the intermediate cert with libdyson, or potentially remove it. I don't have the cycles for this right this moment to have a look (and truth be told not sure @shenxn is around to merge a PR :/)

% openssl s_client -servername appapi.cp.dyson.cn -connect appapi.cp.dyson.cn:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.cn
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.cn
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

% openssl s_client -servername appapi.cp.dyson.com -connect appapi.cp.dyson.com:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.com
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

[Kakise]

@brad07x yep, you're correct. This PR is rather moot now, will close it out.

I think there might be a small job here to either update the intermediate cert with libdyson, or potentially remove it. I don't have the cycles for this right this moment to have a look (and truth be told not sure @shenxn is around to merge a PR :/)

% openssl s_client -servername appapi.cp.dyson.cn -connect appapi.cp.dyson.cn:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.cn
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.cn
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

% openssl s_client -servername appapi.cp.dyson.com -connect appapi.cp.dyson.com:443
CONNECTED(00000003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = cp.dyson.com
   i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
 1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
   i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root

I took over the maintenance of this repo as of earlier today, I'll have a look at the new certs and try to push a fix this weekend ! =)