From 061497697a85a56e77e01aeeaaa7dd17c6dd9dbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=85smund=20V=C3=A5ge=20Fannemel?=
 <34712686+asmfstatoil@users.noreply.github.com>
Date: Mon, 25 Aug 2025 11:08:10 +0200
Subject: [PATCH] feat: added new ways to detect if running on equinor
 environment

---
 tagreader/utils.py | 85 ++++++++++++++++++++++++++++++++++++----------
 1 file changed, 67 insertions(+), 18 deletions(-)

diff --git a/tagreader/utils.py b/tagreader/utils.py
index 6c9b0a6f..89c69444 100644
--- a/tagreader/utils.py
+++ b/tagreader/utils.py
@@ -1,7 +1,7 @@
 import enum
 import hashlib
-import logging
 import platform
+import socket
 import ssl
 from datetime import datetime, tzinfo
 from enum import Enum
@@ -33,7 +33,6 @@ def is_linux() -> bool:
     import winreg
 
 if is_mac():
-    import socket
     import subprocess
 
 
@@ -145,6 +144,7 @@ def add_equinor_root_certificate() -> bool:
     with open(ca_file, "ab") as f:
         f.write(bytes(certificate, "ascii"))
     logger.debug("Equinor Root Certificate added to certifi store")
+    return True
 
 
 def find_local_equinor_root_certificate() -> str:
@@ -153,7 +153,7 @@ def find_local_equinor_root_certificate() -> str:
 
     if is_windows():
         logger.debug("Checking for Equinor Root CA in Windows certificate store")
-        for cert in ssl.enum_certificates("CA"):
+        for cert in ssl.enum_certificates("CA"):  # type: ignore
             found_cert = cert[0]
             # deepcode ignore InsecureHash: <Only hashes to compare with known hash>
             if hashlib.sha1(found_cert).hexdigest().upper() == equinor_root_pem_hash:
@@ -189,6 +189,9 @@ def get_macos_equinor_certificates():
     import ssl
     import tempfile
 
+    if not is_mac():
+        raise OSError("Function only works on MacOS")
+
     ca_search = "Equinor Root CA"
 
     ctx = ssl.create_default_context()
@@ -210,38 +213,84 @@ def is_equinor() -> bool:
     If Windows host:
     Finds host's domain in Windows Registry at
     HKLM\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters\\Domain
+    or check if hostname starts with eqdev or eqpc
     If mac os host:
-    Finds statoil.net as AD hostname in certificates
+    Finds statoil.net as AD hostname in certificates or
+    Finds statoil.net, client.statoil.net or equinor.com in dns search domains
     If Linux host:
-    Checks whether statoil.no is search domain
+    Checks whether statoil.no is dns search domains
 
     Returns:
         bool: True if Equinor
     """
+
+    hostname = socket.gethostname()
+
     if is_windows():
-        with winreg.OpenKey(
-            winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\ControlSet001\Services\Tcpip\Parameters"
+        if hostname.lower().startswith("eqdev") or hostname.lower().startswith("eqpc"):
+            return True
+        with winreg.OpenKey(  # type: ignore
+            winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\ControlSet001\Services\Tcpip\Parameters"  # type: ignore
         ) as key:
-            domain = winreg.QueryValueEx(key, "Domain")
-        if "statoil" in domain[0]:
+            domain = winreg.QueryValueEx(key, "Domain")  # type: ignore
+            if "statoil" in domain[0] or "equinor" in domain[0]:
+                return True
+    elif is_linux() or is_mac():
+        with open("/etc/resolv.conf", "r") as f:
+            if any(
+                domain in f.read()
+                for domain in ["client.statoil.net", "statoil.net", "equinor.com"]
+            ):
+                return True
+
+        if is_mac():
+
+            def get_mac_dns_search_list():
+                """
+                Retrieves the DNS search list configured on macOS.
+                """
+                try:
+                    # Execute the scutil command to get DNS configuration
+                    result = subprocess.run(
+                        ["scutil", "--dns"], capture_output=True, text=True, check=True
+                    )
+                    output = result.stdout
+
+                    search_list = []
+                    # Parse the output to find the search domains
+                    for line in output.splitlines():
+                        if "search domain" in line:
+                            # Extract the domain from the line
+                            parts = line.split(":")
+                            if len(parts) > 1:
+                                domain = parts[1].strip()
+                                # Remove any leading/trailing quotes if present
+                                domain = domain.strip('"')
+                                search_list.append(domain)
+                    return search_list
+                except subprocess.CalledProcessError as e:
+                    print(f"Error executing scutil: {e}")
+                    return []
+                except Exception as e:
+                    print(f"An unexpected error occurred: {e}")
+                    return []
+
+        if any(
+            domain in get_mac_dns_search_list()
+            for domain in ["client.statoil.net", "statoil.net", "equinor.com"]
+        ):
             return True
-    elif is_mac():
+
         s = subprocess.run(
             ["security", "find-certificate", "-a", "-c" "client.statoil.net"],
             stdout=subprocess.PIPE,
         ).stdout
 
-        host = socket.gethostname()
-
         # deepcode ignore IdenticalBranches: Not an error. First test is just more precise.
-        if host + ".client.statoil.net" in str(s):
+        if hostname + ".client.statoil.net" in str(s):
             return True
-        elif "client.statoil.net" in host and host in str(s):
+        elif "client.statoil.net" in hostname and hostname in str(s):
             return True
-    elif is_linux():
-        with open("/etc/resolv.conf", "r") as f:
-            if "statoil.no" in f.read():
-                return True
     else:
         raise OSError(
             f"Unsupported system: {platform.system()}. Please report this as an issue."