Change certificate fingerprint to use url-safe base64 encoding

2020-06-01 14:56:44 -04:00 · 2020-06-01 14:56:44 -04:00 · af41d12157
parent 0c1483c9d5
commit af41d12157
4 changed files with 12 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,14 @@
 # Jetforce Changelog

+### v0.3.1
+
+#### Bugfixes
+
+- The client certificate fingerprint hash is now encoded using a URL-safe
+  version of the base64 algorithm (urlsafe_b64encode)[https://docs.python.org/3/library/base64.html#base64.urlsafe_b64encode].
+  This is intended to make it simpler for applications and CGI scripts to
+  use the certificate fingerprint in URL paths.
+
 ### v0.3.0

 This release brings some major improvements and necessary refactoring of the
--- a/jetforce/version.py
+++ b/jetforce/version.py
@ -1 +1 @@
-__version__ = "0.3.0"
+__version__ = "0.3.1"
--- a/jetforce/tls.py
+++ b/jetforce/tls.py
@ -23,7 +23,7 @@ def inspect_certificate(cert: x509) -> dict:
    common_name = name_attrs[0].value if name_attrs else ""

    fingerprint_bytes = cert.fingerprint(hashes.SHA256())
-    fingerprint = base64.b64encode(fingerprint_bytes).decode()
+    fingerprint = base64.urlsafe_b64encode(fingerprint_bytes).decode()

    not_before = cert.not_valid_before.strftime("%Y-%m-%dT%H:%M:%SZ")
    not_after = cert.not_valid_after.strftime("%Y-%m-%dT%H:%M:%SZ")
--- a/setup.py
+++ b/setup.py
@ -10,7 +10,7 @@ def long_description():

 setuptools.setup(
    name="Jetforce",
-    version="0.3.0",
+    version="0.3.1",
    url="https://github.com/michael-lazar/jetforce",
    license="Other/Proprietary License",
    author="Michael Lazar",