Is it possible to create a SHACertificate with a sha_hash using python?

Question

https://firebase.google.com/docs/reference/admin/java/reference/com/google/firebase/projectmanagement/ShaCertificate

I see that it is possible to do so using Java, I have used PyJKS to create the keystore file which has a PrivateKeyEntry which contains the sha1 fingerprint for me to use but I don't know how to convert that into either an SHACertificate or sha_hash to upload to firebase

    key = crypto.PKey()
    key.generate_key(crypto.TYPE_RSA, 4096)

    cert = crypto.X509()
    cert.get_subject().organizationName = 'myorg'
    cert.get_subject().organizationalUnitName = alias
    cert.set_serial_number(473289472)
    cert.gmtime_adj_notBefore(0)
    cert.gmtime_adj_notAfter(365*24*60*60*100)
    cert.set_issuer(cert.get_subject())
    cert.set_pubkey(key)
    cert.sign(key, 'sha256')

    dumped_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
    dumped_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, key)
    
    pke = jks.PrivateKeyEntry.new(alias, [dumped_cert], dumped_key, 'rsa_raw')
    keystore = KeyStore.new('jks', [pke])
    keystore.save(filePath, password)

Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. — Community, Sep 13 '21 at 06:22

score 0 · Accepted Answer · answered Sep 08 '21 at 10:16

0

from cryptography.hazmat.primitives import hashes
from cryptography import x509

ks = jks.KeyStore.load(keystore, password)
    for alias, pk in ks.private_keys.items():
        cert = x509.load_der_x509_certificate((pk.cert_chain[0])[1])
        sha1 = project_management.SHACertificate(bytearray(cert.fingerprint(hashes.SHA1())).hex(), "SHA_1")

answered Sep 08 '21 at 10:16

Wayne Whitehead

45
7

Please add further details to expand on your answer, such as working code or documentation citations. – Community Sep 08 '21 at 12:23

Is it possible to create a SHACertificate with a sha_hash using python?

1 Answers1