From aad7a3c71eb313e1e71083c1bf3b3906d1fae18d Mon Sep 17 00:00:00 2001
From: Laurent <laurent@staxriver.com>
Date: Mon, 15 Jan 2024 16:41:50 +0100
Subject: [PATCH] more fix

---
 subscriptions/views.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/subscriptions/views.py b/subscriptions/views.py
index c4fcc32..c79bad7 100644
--- a/subscriptions/views.py
+++ b/subscriptions/views.py
@@ -5,6 +5,7 @@ from .models import ASSNotification
 from django.conf import settings
 import json, jwt
 import base64
+import os
 
 from OpenSSL.crypto import (
   X509Store,
@@ -78,5 +79,21 @@ def _decode_jws(token, root_cert_path, algorithms):
   except (ValueError, KeyError, jwt.exceptions.PyJWTError, X509StoreContextError) as err:
     raise InvalidTokenError from err
 
+def _get_root_cert(root_cert_path):
+
+  fn = os.environ.get("APPLE_ROOT_CA")
+  if fn is None:
+    fn = root_cert_path or "AppleRootCA-G3.cer"
+
+  fn = os.path.expanduser(fn)
+  with open(fn, "rb") as f:
+    data = f.read()
+    root_cert = load_certificate(FILETYPE_ASN1, data)
+
+  return root_cert
+
+class InvalidTokenError(Exception):
+  pass
+
 def add_labels(key: str) -> bytes:
   return ("-----BEGIN CERTIFICATE-----\n" + key + "\n-----END CERTIFICATE-----").encode()