From 1c8a036b5b1e56986058b79fd83977d71df414b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=85smund=20V=C3=A5ge=20Fannemel?=
 <34712686+asmfstatoil@users.noreply.github.com>
Date: Thu, 11 Apr 2024 09:29:59 +0200
Subject: [PATCH] feat: cleanup remove unused statoil certificate

chore: update manual.md
---
 .github/workflows/build.yml |  6 +++---
 docs/manual.md              |  4 ++--
 tagreader/__init__.py       |  4 ++--
 tagreader/utils.py          | 28 +++++++---------------------
 4 files changed, 14 insertions(+), 28 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9ef46700..774a2b6d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: '🧪 Build & test code'
+name: "🧪 Build & test code"
 
 on:
   workflow_dispatch:
@@ -9,7 +9,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11']
+        python-version: ["3.8", "3.9", "3.10", "3.11"]
         os: [windows-latest, ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -29,7 +29,7 @@ jobs:
         uses: actions/setup-python@v4
         with:
           python-version: ${{matrix.python-version}}
-          cache: 'poetry'
+          cache: "poetry"
 
       - name: Check pyproject.toml validity
         run: poetry check --no-interaction
diff --git a/docs/manual.md b/docs/manual.md
index 3fd3c783..5a33a66d 100644
--- a/docs/manual.md
+++ b/docs/manual.md
@@ -59,8 +59,8 @@ pip install --upgrade tagreader
 The Web APIs are queried with the requests package. Requests does not utilize the system certificate store, but instead relies on the certifi bundle. In order to avoid SSL verification errors, we need to either turn off SSL verification (optional input argument `verifySSL=False` for relevant function calls) or, strongly preferred, add the certificate to the certifi bundle. To do this, simply activate the virtual environment where you installed tagreader, and run the following snippet:
 
 ``` python
-from tagreader.utils import add_statoil_root_certificate
-add_statoil_root_certificate()
+from tagreader.utils import add_equinor_root_certificate
+    add_equinor_root_certificate()
 ```
 
 The output should inform you that the certificate was successfully added. This needs to be repeated whenever certifi is upgraded in your python virtual environment. It is safe to run more than once: If the function detects that the certificate has already been added to your current certifi installation, the certificate will not be duplicated.
diff --git a/tagreader/__init__.py b/tagreader/__init__.py
index bc5307aa..f35b952c 100644
--- a/tagreader/__init__.py
+++ b/tagreader/__init__.py
@@ -2,13 +2,13 @@
 from tagreader.utils import (
     IMSType,
     ReaderType,
-    add_statoil_root_certificate,
+    add_equinor_root_certificate,
     is_equinor,
     is_mac,
     is_windows,
 )
 
 if is_equinor():
-    add_statoil_root_certificate()
+    add_equinor_root_certificate()
 
 from tagreader.__version__ import version as __version__
diff --git a/tagreader/utils.py b/tagreader/utils.py
index 330cdc4c..ed41865e 100644
--- a/tagreader/utils.py
+++ b/tagreader/utils.py
@@ -129,11 +129,7 @@ class ReaderType(enum.IntEnum):
     SNAPSHOT = FINAL = LAST = enum.auto()  # Last sampled value
 
 
-def add_statoil_root_certificate() -> bool:
-    return add_equinor_root_certificate(True) and add_equinor_root_certificate(False)
-
-
-def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
+def add_equinor_root_certificate() -> bool:
     """
     This is a utility function for Equinor employees on Equinor managed machines.
 
@@ -152,15 +148,8 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
 
     import certifi
 
-    STATOIL_ROOT_PEM_HASH = "ce7bb185ab908d2fea28c7d097841d9d5bbf2c76"
     EQUINOR_root_PEM_HASH = "5A206332CE73CED1D44C8A99C4C43B7CEE03DF5F"
-
-    if get_equinor:
-        used_hash = EQUINOR_root_PEM_HASH.upper()
-        ca_search = "Equinor Root CA"
-    else:
-        used_hash = STATOIL_ROOT_PEM_HASH.upper()
-        ca_search = "Statoil Root CA"
+    ca_search = "Equinor Root CA"
 
     found = False
     der = None
@@ -172,7 +161,7 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
         for cert in ssl.enum_certificates("CA"):
             der = cert[0]
             # deepcode ignore InsecureHash: <Only hashes to compare with known hash>
-            if hashlib.sha1(der).hexdigest().upper() == used_hash:
+            if hashlib.sha1(der).hexdigest().upper() == EQUINOR_root_PEM_HASH:
                 found = True
                 logger.debug("CA certificate found!")
                 break
@@ -182,11 +171,11 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
             stdout=subprocess.PIPE,
         ).stdout
 
-        if used_hash in str(macos_ca_certs).upper():
+        if EQUINOR_root_PEM_HASH in str(macos_ca_certs).upper():
             c = get_macos_equinor_certificates()
             for cert in c:
                 # deepcode ignore InsecureHash: <Only hashes to compare with known hash>
-                if hashlib.sha1(cert).hexdigest().upper() == used_hash:
+                if hashlib.sha1(cert).hexdigest().upper() == EQUINOR_root_PEM_HASH:
                     der = cert
                     found = True
                     break
@@ -209,14 +198,11 @@ def add_equinor_root_certificate(get_equinor: bool = True) -> bool:
     return found
 
 
-def get_macos_equinor_certificates(get_equinor: bool = True):
+def get_macos_equinor_certificates():
     import ssl
     import tempfile
 
-    if get_equinor:
-        ca_search = "Equinor Root CA"
-    else:
-        ca_search = "Statoil Root CA"
+    ca_search = "Equinor Root CA"
 
     ctx = ssl.create_default_context()
     macos_ca_certs = subprocess.run(