feat: cleanup remove unused statoil certificate

chore: update manual.md
equinor · May 6, 2024 · 1c8a036 · 1c8a036
1 parent bb2d180
commit 1c8a036
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 28 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: '🧪 Build & test code'
+name: "🧪 Build & test code"
 
 on:
   workflow_dispatch:
@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11']
+        python-version: ["3.8", "3.9", "3.10", "3.11"]
         os: [windows-latest, ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -29,7 +29,7 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: ${{matrix.python-version}}
-          cache: 'poetry'
+          cache: "poetry"
 
       - name: Check pyproject.toml validity
         run: poetry check --no-interaction

diff --git a/docs/manual.md b/docs/manual.md
@@ -59,8 +59,8 @@ pip install --upgrade tagreader
 The Web APIs are queried with the requests package. Requests does not utilize the system certificate store, but instead relies on the certifi bundle. In order to avoid SSL verification errors, we need to either turn off SSL verification (optional input argument `verifySSL=False` for relevant function calls) or, strongly preferred, add the certificate to the certifi bundle. To do this, simply activate the virtual environment where you installed tagreader, and run the following snippet:
 
 ``` python
-from tagreader.utils import add_statoil_root_certificate
-add_statoil_root_certificate()
+from tagreader.utils import add_equinor_root_certificate
+    add_equinor_root_certificate()
 ```
 
 The output should inform you that the certificate was successfully added. This needs to be repeated whenever certifi is upgraded in your python virtual environment. It is safe to run more than once: If the function detects that the certificate has already been added to your current certifi installation, the certificate will not be duplicated.

diff --git a/tagreader/__init__.py b/tagreader/__init__.py
@@ -2,13 +2,13 @@
 from tagreader.utils import (
     IMSType,
     ReaderType,
-    add_statoil_root_certificate,
+    add_equinor_root_certificate,
     is_equinor,
     is_mac,
     is_windows,
 )
 
 if is_equinor():
-    add_statoil_root_certificate()
+    add_equinor_root_certificate()
 
 from tagreader.__version__ import version as __version__
diff --git a/tagreader/utils.py b/tagreader/utils.py
@@ -129,11 +129,7 @@ class ReaderType(enum.IntEnum):
     SNAPSHOT = FINAL = LAST = enum.auto()  # Last sampled value
 
 
-def add_statoil_root_certificate() -> bool:
-    return add_equinor_root_certificate(True) and add_equinor_root_certificate(False)
-
-
-def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
+def add_equinor_root_certificate() -> bool:
     """
     This is a utility function for Equinor employees on Equinor managed machines.
 
@@ -152,15 +148,8 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
 
     import certifi
 
-    STATOIL_ROOT_PEM_HASH = "ce7bb185ab908d2fea28c7d097841d9d5bbf2c76"
     EQUINOR_root_PEM_HASH = "5A206332CE73CED1D44C8A99C4C43B7CEE03DF5F"
-
-    if get_equinor:
-        used_hash = EQUINOR_root_PEM_HASH.upper()
-        ca_search = "Equinor Root CA"
-    else:
-        used_hash = STATOIL_ROOT_PEM_HASH.upper()
-        ca_search = "Statoil Root CA"
+    ca_search = "Equinor Root CA"
 
     found = False
     der = None
@@ -172,7 +161,7 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
         for cert in ssl.enum_certificates("CA"):
             der = cert[0]
             # deepcode ignore InsecureHash: <Only hashes to compare with known hash>
-            if hashlib.sha1(der).hexdigest().upper() == used_hash:
+            if hashlib.sha1(der).hexdigest().upper() == EQUINOR_root_PEM_HASH:
                 found = True
                 logger.debug("CA certificate found!")
                 break
@@ -182,11 +171,11 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
             stdout=subprocess.PIPE,
         ).stdout
 
-        if used_hash in str(macos_ca_certs).upper():
+        if EQUINOR_root_PEM_HASH in str(macos_ca_certs).upper():
             c = get_macos_equinor_certificates()
             for cert in c:
                 # deepcode ignore InsecureHash: <Only hashes to compare with known hash>
-                if hashlib.sha1(cert).hexdigest().upper() == used_hash:
+                if hashlib.sha1(cert).hexdigest().upper() == EQUINOR_root_PEM_HASH:
                     der = cert
                     found = True
                     break
@@ -209,14 +198,11 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
     return found
 
 
-def get_macos_equinor_certificates(get_equinor: bool = True):
+def get_macos_equinor_certificates():
     import ssl
     import tempfile
 
-    if get_equinor:
-        ca_search = "Equinor Root CA"
-    else:
-        ca_search = "Statoil Root CA"
+    ca_search = "Equinor Root CA"
 
     ctx = ssl.create_default_context()
     macos_ca_certs = subprocess.run(