From af41d121572066dcbf83b2b1db8a4b32535b280c Mon Sep 17 00:00:00 2001 From: Michael Lazar Date: Mon, 1 Jun 2020 14:56:44 -0400 Subject: [PATCH] Change certificate fingerprint to use url-safe base64 encoding --- CHANGELOG.md | 9 +++++++++ jetforce/__version__.py | 2 +- jetforce/tls.py | 2 +- setup.py | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 64a943b..8f722f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Jetforce Changelog +### v0.3.1 + +#### Bugfixes + +- The client certificate fingerprint hash is now encoded using a URL-safe + version of the base64 algorithm (urlsafe_b64encode)[https://docs.python.org/3/library/base64.html#base64.urlsafe_b64encode]. + This is intended to make it simpler for applications and CGI scripts to + use the certificate fingerprint in URL paths. + ### v0.3.0 This release brings some major improvements and necessary refactoring of the diff --git a/jetforce/__version__.py b/jetforce/__version__.py index 493f741..260c070 100644 --- a/jetforce/__version__.py +++ b/jetforce/__version__.py @@ -1 +1 @@ -__version__ = "0.3.0" +__version__ = "0.3.1" diff --git a/jetforce/tls.py b/jetforce/tls.py index 1e741c4..0cbbef7 100644 --- a/jetforce/tls.py +++ b/jetforce/tls.py @@ -23,7 +23,7 @@ def inspect_certificate(cert: x509) -> dict: common_name = name_attrs[0].value if name_attrs else "" fingerprint_bytes = cert.fingerprint(hashes.SHA256()) - fingerprint = base64.b64encode(fingerprint_bytes).decode() + fingerprint = base64.urlsafe_b64encode(fingerprint_bytes).decode() not_before = cert.not_valid_before.strftime("%Y-%m-%dT%H:%M:%SZ") not_after = cert.not_valid_after.strftime("%Y-%m-%dT%H:%M:%SZ") diff --git a/setup.py b/setup.py index b7be16f..e69faaf 100644 --- a/setup.py +++ b/setup.py @@ -10,7 +10,7 @@ def long_description(): setuptools.setup( name="Jetforce", - version="0.3.0", + version="0.3.1", url="https://github.com/michael-lazar/jetforce", license="Other/Proprietary License", author="Michael Lazar",