summaryrefslogtreecommitdiff
path: root/Lib/test/make_ssl_certs.py
blob: 48d2e57f4be7e9d833c7bb9ca88a5ca869fc6d29 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
"""Make the custom certificate and private key files used by test_ssl
and friends."""

import os
import sys
import tempfile
from subprocess import *

req_template = """
    [req]
    distinguished_name     = req_distinguished_name
    x509_extensions        = req_x509_extensions
    prompt                 = no

    [req_distinguished_name]
    C                      = XY
    L                      = Castle Anthrax
    O                      = Python Software Foundation
    CN                     = {hostname}

    [req_x509_extensions]
    subjectAltName         = DNS:{hostname}
    """

here = os.path.abspath(os.path.dirname(__file__))

def make_cert_key(hostname):
    tempnames = []
    for i in range(3):
        with tempfile.NamedTemporaryFile(delete=False) as f:
            tempnames.append(f.name)
    req_file, cert_file, key_file = tempnames
    try:
        with open(req_file, 'w') as f:
            f.write(req_template.format(hostname=hostname))
        args = ['req', '-new', '-days', '3650', '-nodes', '-x509',
                '-newkey', 'rsa:1024', '-keyout', key_file,
                '-out', cert_file, '-config', req_file]
        check_call(['openssl'] + args)
        with open(cert_file, 'r') as f:
            cert = f.read()
        with open(key_file, 'r') as f:
            key = f.read()
        return cert, key
    finally:
        for name in tempnames:
            os.remove(name)


if __name__ == '__main__':
    os.chdir(here)
    cert, key = make_cert_key('localhost')
    with open('ssl_cert.pem', 'w') as f:
        f.write(cert)
    with open('ssl_key.pem', 'w') as f:
        f.write(key)
    with open('keycert.pem', 'w') as f:
        f.write(key)
        f.write(cert)
    # For certificate matching tests
    cert, key = make_cert_key('fakehostname')
    with open('keycert2.pem', 'w') as f:
        f.write(key)
        f.write(cert)