c2257d3a86
Jellyfin(8096), OrbStack(8097) 포트 충돌으로 변경. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
41 lines
1.2 KiB
Python
41 lines
1.2 KiB
Python
from __future__ import annotations
|
|
|
|
from ssl import enum_certificates # type: ignore[attr-defined]
|
|
|
|
# ROOT: Highest level of trust. Trust anchors. Self-Signed.
|
|
# MY: User installed/custom trust anchors. Self-Signed.
|
|
# CA: Intermediates CA. Not trusted directly, not self-signed.
|
|
WINDOWS_STORES: list[str] = [
|
|
"ROOT",
|
|
"MY",
|
|
"CA",
|
|
]
|
|
SERVER_AUTH_OID: str = "1.3.6.1.5.5.7.3.1"
|
|
|
|
|
|
def root_der_certificates() -> list[bytes]:
|
|
certificates = []
|
|
|
|
for system_store in WINDOWS_STORES:
|
|
try:
|
|
for cert_bytes, encoding_type, trust in enum_certificates(system_store):
|
|
if not trust:
|
|
continue # Defensive: edge case, rare one.
|
|
|
|
# if not True, then, we MUST LOOK for SERVER_AUTH oid EKU
|
|
if not isinstance(trust, bool) and SERVER_AUTH_OID not in trust:
|
|
continue
|
|
|
|
# Check it's in X.509 ASN.1 format and is trusted
|
|
if (
|
|
encoding_type == "x509_asn" # X.509 ASN.1 data
|
|
):
|
|
certificates.append(cert_bytes)
|
|
except PermissionError: # Defensive: we can't cover that scenario in CI.
|
|
continue
|
|
|
|
return certificates
|
|
|
|
|
|
__all__ = ("root_der_certificates",)
|