diff options
| author | Sergey Levchenko (GitHub) <slevchenko.work@gmail.com> | 2017-03-21 12:07:26 +0200 |
|---|---|---|
| committer | Andriy Byzhynar <AByzhynar@luxoft.com> | 2017-06-23 11:28:48 +0300 |
| commit | 661e26609e4c6ba2bb6b6241e9d8fcbba4e52c27 (patch) | |
| tree | 0b01776e64e20a67bcf3775aa689190347f81506 /tools/Utils | |
| parent | 22a014b3746b28d2b8a3a4049c60bb76db6a0861 (diff) | |
| download | sdl_core-661e26609e4c6ba2bb6b6241e9d8fcbba4e52c27.tar.gz | |
Update generate_test_certificates.py script
Previously SDL was implemented in the way to support certificate in PKCS12
Now it has been changed to simple PEM format according to the new requirements.
- generate_test_certificates.py updated
- unit tests updated
Diffstat (limited to 'tools/Utils')
| -rwxr-xr-x | tools/Utils/generate_test_certificates.py | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/tools/Utils/generate_test_certificates.py b/tools/Utils/generate_test_certificates.py index 73b6f53cc8..2c1d2cddbf 100755 --- a/tools/Utils/generate_test_certificates.py +++ b/tools/Utils/generate_test_certificates.py @@ -118,12 +118,13 @@ def gen_pkcs12(out, key_file, cert_file, verification_certificate) : "-name 'SPT key and certificates'", "-CAfile ", verification_certificate, \ " -passout pass:") - """ - Encode certificate $out to base 64 - """ - with open(out, "rb") as cert: - with open(out + ".enc", "wb") as enc_cert: - enc_cert.write(cert.read().encode("base64")) +def gen_pem_file(out, key_file, cert_file, verification_certificate) : + """Join $key_file, $cert_file, $verification_certificate in pem file named $out""" + files = [key_file, cert_file, verification_certificate] + with open(out, "wb") as cert: + for fl in files: + with open(fl) as infile: + cert.write(infile.read()) def answers(name, app_id, country, state, locality, organization, unit, email) : """Answer string generator @@ -228,47 +229,53 @@ def main(): server_key_file = os.path.join(server_dir, "server.key") server_cert_file = os.path.join(server_dir, "server.crt") server_pkcs12_file = os.path.join(server_dir, "spt_credential.p12") + server_pem_file = os.path.join(server_dir, "spt_credential.pem") gen_rsa_key(server_key_file, 2048) gen_cert(server_cert_file, server_key_file, ford_server_cert_file, ford_server_key_file, days, server_answer) gen_pkcs12(server_pkcs12_file, server_key_file, server_cert_file, client_verification_ca_cert_file) + gen_pem_file(server_pem_file, server_key_file, server_cert_file, client_verification_ca_cert_file) print print " --== Server unsigned certificate generating ==-- " server_unsigned_cert_file = os.path.join(server_dir, "server_unsigned.crt") server_pkcs12_unsigned_file = os.path.join(server_dir, "spt_credential_unsigned.p12") + server_pem_unsigned_file = os.path.join(server_dir, "spt_credential_unsigned.pem") gen_root_cert(server_unsigned_cert_file, server_key_file, days, server_unsigned_answer) gen_pkcs12(server_pkcs12_unsigned_file, server_key_file, server_unsigned_cert_file, client_verification_ca_cert_file) + gen_pem_file(server_pem_unsigned_file, server_key_file, server_unsigned_cert_file, client_verification_ca_cert_file) print print " --== Server expired certificate generating ==-- " server_expired_cert_file = os.path.join(server_dir, "server_expired.crt") server_pkcs12_expired_file = os.path.join(server_dir, "spt_credential_expired.p12") + server_pem_expired_file = os.path.join(server_dir, "spt_credential_expired.pem") gen_expire_cert(server_expired_cert_file, server_key_file, ford_server_cert_file, ford_server_key_file, days, server_expired_answer) gen_pkcs12(server_pkcs12_expired_file, server_key_file, server_expired_cert_file, client_verification_ca_cert_file) + gen_pem_file(server_pem_expired_file, server_key_file, server_expired_cert_file, client_verification_ca_cert_file) print print " --== Client pkcs12 certificate generating ==-- " client_key_file = os.path.join(client_dir, "client.key") client_cert_file = os.path.join(client_dir, "client.crt") - client_pkcs12_file = os.path.join(client_dir, "client_credential.p12") + client_pkcs12_file = os.path.join(client_dir, "client_credential.pem") gen_rsa_key(client_key_file, 2048) gen_cert(client_cert_file, client_key_file, ford_client_cert_file, ford_client_key_file, days, client_answer) - gen_pkcs12(client_pkcs12_file, client_key_file, client_cert_file, server_verification_ca_cert_file) + gen_pem_file(client_pkcs12_file, client_key_file, client_cert_file, server_verification_ca_cert_file) print print " --== Client pkcs12 unsigned certificate generating ==-- " client_unsigned_cert_file = os.path.join(client_dir, "client_unsigned.crt") - client_pkcs12_unsigned_file = os.path.join(client_dir, "client_credential_unsigned.p12") + client_pkcs12_unsigned_file = os.path.join(client_dir, "client_credential_unsigned.pem") gen_root_cert(client_unsigned_cert_file, client_key_file, days, client_unsigned_answer) - gen_pkcs12(client_pkcs12_unsigned_file, client_key_file, client_unsigned_cert_file, server_verification_ca_cert_file) + gen_pem_file(client_pkcs12_unsigned_file, client_key_file, client_unsigned_cert_file, server_verification_ca_cert_file) print print " --== Client pkcs12 expired certificate generating ==-- " client_expired_cert_file = os.path.join(client_dir, "client_expired.crt") - client_pkcs12_expired_file = os.path.join(client_dir, "client_credential_expired.p12") + client_pkcs12_expired_file = os.path.join(client_dir, "client_credential_expired.pem") gen_expire_cert(client_expired_cert_file, client_key_file, ford_client_cert_file, ford_client_key_file, days, client_expired_answer) - gen_pkcs12(client_pkcs12_expired_file, client_key_file, client_expired_cert_file, server_verification_ca_cert_file) + gen_pem_file(client_pkcs12_expired_file, client_key_file, client_expired_cert_file, server_verification_ca_cert_file) subprocess.call(["c_rehash", server_dir]) subprocess.call(["c_rehash", client_dir]) |