--- /dev/null
+{'issuer': ((('countryName', 'XY'),),
+ (('localityName', 'Castle Anthrax'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('commonName', 'localhost'),)),
+ 'notAfter': 'Jan 24 04:21:36 2043 GMT',
+ 'notBefore': 'Nov 25 04:21:36 2023 GMT',
+ 'serialNumber': '53E14833F7546C29256DD0F034F776C5E983004C',
+ 'subject': ((('countryName', 'XY'),),
+ (('localityName', 'Castle Anthrax'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('commonName', 'localhost'),)),
+ 'subjectAltName': (('DNS', 'localhost'),),
+ 'version': 3}
--- /dev/null
+{'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
+ 'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
+ 'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
+ 'issuer': ((('countryName', 'XY'),),
+ (('organizationName', 'Python Software Foundation CA'),),
+ (('commonName', 'our-ca-server'),)),
+ 'notAfter': 'Oct 28 14:23:16 2037 GMT',
+ 'notBefore': 'Aug 29 14:23:16 2018 GMT',
+ 'serialNumber': 'CB2D80995A69525C',
+ 'subject': ((('countryName', 'XY'),),
+ (('localityName', 'Castle Anthrax'),),
+ (('organizationName', 'Python Software Foundation'),),
+ (('commonName', 'localhost'),)),
+ 'subjectAltName': (('DNS', 'localhost'),),
+ 'version': 3}
\ No newline at end of file
"""Make the custom certificate and private key files used by test_ssl
and friends."""
+import argparse
import os
import pprint
import shutil
from subprocess import *
startdate = "20180829142316Z"
-enddate = "20371028142316Z"
+enddate_default = "20371028142316Z"
+days_default = "7000"
req_template = """
[ default ]
default_startdate = {startdate}
enddate = {enddate}
default_enddate = {enddate}
- default_days = 7000
- default_crl_days = 7000
+ default_days = {days}
+ default_crl_days = {days}
certificate = pycacert.pem
private_key = pycakey.pem
serial = $dir/serial
here = os.path.abspath(os.path.dirname(__file__))
-def make_cert_key(hostname, sign=False, extra_san='',
+def make_cert_key(cmdlineargs, hostname, sign=False, extra_san='',
ext='req_x509_extensions_full', key='rsa:3072'):
print("creating cert for " + hostname)
tempnames = []
hostname=hostname,
extra_san=extra_san,
startdate=startdate,
- enddate=enddate
+ enddate=cmdlineargs.enddate,
+ days=cmdlineargs.days
)
with open(req_file, 'w') as f:
f.write(req)
- args = ['req', '-new', '-nodes', '-days', '7000',
+ args = ['req', '-new', '-nodes', '-days', cmdlineargs.days,
'-newkey', key, '-keyout', key_file,
'-extensions', ext,
'-config', req_file]
def unmake_ca():
shutil.rmtree(TMP_CADIR)
-def make_ca():
+def make_ca(cmdlineargs):
os.mkdir(TMP_CADIR)
with open(os.path.join('cadir','index.txt'),'a+') as f:
pass # empty file
hostname='our-ca-server',
extra_san='',
startdate=startdate,
- enddate=enddate
+ enddate=cmdlineargs.enddate,
+ days=cmdlineargs.days
)
t.write(req)
t.flush()
shutil.copy('capath/ceff1710.0', 'capath/b1930218.0')
-def print_cert(path):
+def write_cert_reference(path):
import _ssl
- pprint.pprint(_ssl._test_decode_cert(path))
+ refdata = pprint.pformat(_ssl._test_decode_cert(path))
+ print(refdata)
+ with open(path + '.reference', 'w') as f:
+ print(refdata, file=f)
if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description='Make the custom certificate and private key files used by test_ssl and friends.')
+ parser.add_argument('--days', default=days_default)
+ parser.add_argument('--enddate', default=enddate_default)
+ cmdlineargs = parser.parse_args()
+
os.chdir(here)
- cert, key = make_cert_key('localhost', ext='req_x509_extensions_simple')
+ cert, key = make_cert_key(cmdlineargs, 'localhost', ext='req_x509_extensions_simple')
with open('ssl_cert.pem', 'w') as f:
f.write(cert)
with open('ssl_key.pem', 'w') as f:
f.write(cert)
# For certificate matching tests
- make_ca()
- cert, key = make_cert_key('fakehostname', ext='req_x509_extensions_simple')
+ make_ca(cmdlineargs)
+ cert, key = make_cert_key(cmdlineargs, 'fakehostname', ext='req_x509_extensions_simple')
with open('keycert2.pem', 'w') as f:
f.write(key)
f.write(cert)
- cert, key = make_cert_key('localhost', sign=True)
+ cert, key = make_cert_key(cmdlineargs, 'localhost', sign=True)
with open('keycert3.pem', 'w') as f:
f.write(key)
f.write(cert)
- cert, key = make_cert_key('fakehostname', sign=True)
+ cert, key = make_cert_key(cmdlineargs, 'fakehostname', sign=True)
with open('keycert4.pem', 'w') as f:
f.write(key)
f.write(cert)
cert, key = make_cert_key(
- 'localhost-ecc', sign=True, key='param:secp384r1.pem'
+ cmdlineargs, 'localhost-ecc', sign=True, key='param:secp384r1.pem'
)
with open('keycertecc.pem', 'w') as f:
f.write(key)
'RID.1 = 1.2.3.4.5',
]
- cert, key = make_cert_key('allsans', sign=True, extra_san='\n'.join(extra_san))
+ cert, key = make_cert_key(cmdlineargs, 'allsans', sign=True, extra_san='\n'.join(extra_san))
with open('allsans.pem', 'w') as f:
f.write(key)
f.write(cert)
]
# IDN SANS, signed
- cert, key = make_cert_key('idnsans', sign=True, extra_san='\n'.join(extra_san))
+ cert, key = make_cert_key(cmdlineargs, 'idnsans', sign=True, extra_san='\n'.join(extra_san))
with open('idnsans.pem', 'w') as f:
f.write(key)
f.write(cert)
- cert, key = make_cert_key('nosan', sign=True, ext='req_x509_extensions_nosan')
+ cert, key = make_cert_key(cmdlineargs, 'nosan', sign=True, ext='req_x509_extensions_nosan')
with open('nosan.pem', 'w') as f:
f.write(key)
f.write(cert)
unmake_ca()
- print("update Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py")
- print_cert('keycert.pem')
- print_cert('keycert3.pem')
+ print("Writing out reference data for Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py")
+ write_cert_reference('keycert.pem')
+ write_cert_reference('keycert3.pem')
import unittest
import weakref
import warnings
+from ast import literal_eval
from unittest import mock
from http.server import HTTPServer
ONLYKEY = data_file('certdata', 'ssl_key.pem')
SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem')
SIGNING_CA = data_file('certdata', 'pycacert.pem')
-PEERCERT = {
- 'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
- 'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
- 'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
- 'issuer': ((('countryName', 'XY'),),
- (('organizationName', 'Python Software Foundation CA'),),
- (('commonName', 'our-ca-server'),)),
- 'notAfter': 'Oct 28 14:23:16 2037 GMT',
- 'notBefore': 'Aug 29 14:23:16 2018 GMT',
- 'serialNumber': 'CB2D80995A69525C',
- 'subject': ((('countryName', 'XY'),),
- (('localityName', 'Castle Anthrax'),),
- (('organizationName', 'Python Software Foundation'),),
- (('commonName', 'localhost'),)),
- 'subjectAltName': (('DNS', 'localhost'),),
- 'version': 3
-}
-
+with open(data_file('certdata', 'keycert3.pem.reference')) as file:
+ PEERCERT = literal_eval(file.read())
def simple_server_sslcontext():
server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
import sys
import unittest
import unittest.mock
+from ast import literal_eval
from test import support
from test.support import import_helper
from test.support import os_helper
CAFILE_NEURONIO = data_file("capath", "4e1295a3.0")
CAFILE_CACERT = data_file("capath", "5ed36f99.0")
-CERTFILE_INFO = {
- 'issuer': ((('countryName', 'XY'),),
- (('localityName', 'Castle Anthrax'),),
- (('organizationName', 'Python Software Foundation'),),
- (('commonName', 'localhost'),)),
- 'notAfter': 'Jan 24 04:21:36 2043 GMT',
- 'notBefore': 'Nov 25 04:21:36 2023 GMT',
- 'serialNumber': '53E14833F7546C29256DD0F034F776C5E983004C',
- 'subject': ((('countryName', 'XY'),),
- (('localityName', 'Castle Anthrax'),),
- (('organizationName', 'Python Software Foundation'),),
- (('commonName', 'localhost'),)),
- 'subjectAltName': (('DNS', 'localhost'),),
- 'version': 3
-}
+with open(data_file('keycert.pem.reference')) as file:
+ CERTFILE_INFO = literal_eval(file.read())
# empty CRL
CRLFILE = data_file("revocation.crl")
SINGED_CERTFILE_ONLY = data_file("cert3.pem")
SIGNED_CERTFILE_HOSTNAME = 'localhost'
-SIGNED_CERTFILE_INFO = {
- 'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
- 'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
- 'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
- 'issuer': ((('countryName', 'XY'),),
- (('organizationName', 'Python Software Foundation CA'),),
- (('commonName', 'our-ca-server'),)),
- 'notAfter': 'Oct 28 14:23:16 2037 GMT',
- 'notBefore': 'Aug 29 14:23:16 2018 GMT',
- 'serialNumber': 'CB2D80995A69525C',
- 'subject': ((('countryName', 'XY'),),
- (('localityName', 'Castle Anthrax'),),
- (('organizationName', 'Python Software Foundation'),),
- (('commonName', 'localhost'),)),
- 'subjectAltName': (('DNS', 'localhost'),),
- 'version': 3
-}
+with open(data_file('keycert3.pem.reference')) as file:
+ SIGNED_CERTFILE_INFO = literal_eval(file.read())
SIGNED_CERTFILE2 = data_file("keycert4.pem")
SIGNED_CERTFILE2_HOSTNAME = 'fakehostname'
--- /dev/null
+``make_ssl_certs``, the script that prepares certificate data for the
+test suite, now allows specifying expiration dates.
projects / thirdparty / Python / cpython.git / commitdiff
