From ab17569f2a3ad8151774df5379ad55872154a7ee Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Mon, 26 May 2025 17:42:01 +0900
Subject: Encode CA names in base64

---
 src/scadere/check.py  | 4 +++-
 src/scadere/listen.py | 9 ++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/scadere/check.py b/src/scadere/check.py
index ee230bb..a042b9a 100644
--- a/src/scadere/check.py
+++ b/src/scadere/check.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+from base64 import urlsafe_b64encode as base64
 from email.utils import parsedate_to_datetime as parsedate
 from itertools import chain
 from socket import AF_INET, socket
@@ -50,5 +51,6 @@ def check(netlocs, after, output):
                 stderr.write(f'will expire at {not_after.isoformat()}\n')
                 print(not_before.isoformat(), not_after.isoformat(),
                       # As unique identifier
-                      hostname, port, cert['serialNumber'], ca,
+                      hostname, port, cert['serialNumber'],
+                      base64(ca.encode()).decode() or '\0',
                       file=output)
diff --git a/src/scadere/listen.py b/src/scadere/listen.py
index aebd409..4a9ee46 100644
--- a/src/scadere/listen.py
+++ b/src/scadere/listen.py
@@ -15,7 +15,7 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 from asyncio import start_server
-from base64 import urlsafe_b64encode as base64
+from base64 import urlsafe_b64decode as from_base64
 from datetime import datetime
 from functools import partial
 from urllib.parse import parse_qs, urljoin, urlsplit
@@ -30,8 +30,7 @@ __all__ = ['listen']
 
 def path(hostname, port, issuer, serial):
     """Return the relative URL for the given certificate's details."""
-    issuer_b64 = base64(issuer.encode()).decode()
-    return f'{hostname}/{port}/{issuer_b64}/{serial}'
+    return f'{hostname}/{port}/{issuer}/{serial}'
 
 
 def body(not_before, not_after, hostname, port, serial, issuer):
@@ -40,7 +39,7 @@ def body(not_before, not_after, hostname, port, serial, issuer):
             ('dl',
              ('dt', 'Domain'), ('dd', hostname),
              ('dt', 'Port'), ('dd', port),
-             ('dt', 'Issuer'), ('dd', issuer),
+             ('dt', 'Issuer'), ('dd', from_base64(issuer.encode()).decode()),
              ('dt', 'Serial number'), ('dd', serial),
              ('dt', 'Valid from'), ('dd', not_before),
              ('dt', 'Valid until'), ('dd', not_after)))
@@ -51,7 +50,7 @@ def entry(base_url, cert):
     not_before, not_after, hostname, port, serial, issuer = cert
     url = urljoin(base_url, path(hostname, port, issuer, serial))
     return ('entry',
-            ('author', ('name', issuer)),
+            ('author', ('name', from_base64(issuer.encode()).decode())),
             ('content', {'type': 'xhtml'},
              ('div', {'xmlns': 'http://www.w3.org/1999/xhtml'}, *body(*cert))),
             ('id', url),
-- 
cgit 1.4.1