a ze$@sdZddlZddlZddlZddlZddlTdZdZdZej ej e Z d8d d Zd ZddZddZddZedkr ee eddd\ZZeddZeeWdn1s0YeddZeeWdn1s0Yedegdegdedd$ZeeeeWdn1sT0Yedd ZeeWdn1s0Yeed!dd\ZZed"d$ZeeeeWdn1s0Yedd#d$\ZZed%d$ZeeeeWdn1s00Yed!d#d$\ZZed&d$ZeeeeWdn1s0Yed'd#d(d)\ZZed*d$ZeeeeWdn1s0Ygd+Zed,d#d-ed.\ZZed/d$ZeeeeWdn1s20Ygd0Zed1d#d-ed.\ZZed2d$ZeeeeWdn1s0Yed3d#d4d5\ZZed6d$ZeeeeWdn1s0Yeed7eded%dS)9zOMake the custom certificate and private key files used by test_ssl and friends.N)*Z20180829142316ZZ20371028142316Za [ default ] base_url = http://testca.pythontest.net/testca [req] distinguished_name = req_distinguished_name prompt = no [req_distinguished_name] C = XY L = Castle Anthrax O = Python Software Foundation CN = {hostname} [req_x509_extensions_nosan] [req_x509_extensions_simple] subjectAltName = @san [req_x509_extensions_full] subjectAltName = @san keyUsage = critical,keyEncipherment,digitalSignature extendedKeyUsage = serverAuth,clientAuth basicConstraints = critical,CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always authorityInfoAccess = @issuer_ocsp_info crlDistributionPoints = @crl_info [ issuer_ocsp_info ] caIssuers;URI.0 = $base_url/pycacert.cer OCSP;URI.0 = $base_url/ocsp/ [ crl_info ] URI.0 = $base_url/revocation.crl [san] DNS.1 = {hostname} {extra_san} [dir_sect] C = XY L = Castle Anthrax O = Python Software Foundation CN = dirname example [princ_name] realm = EXP:0, GeneralString:KERBEROS.REALM principal_name = EXP:1, SEQUENCE:principal_seq [principal_seq] name_type = EXP:0, INTEGER:1 name_string = EXP:1, SEQUENCE:principals [principals] princ1 = GeneralString:username [ ca ] default_ca = CA_default [ CA_default ] dir = cadir database = $dir/index.txt crlnumber = $dir/crl.txt default_md = sha256 startdate = {startdate} default_startdate = {startdate} enddate = {enddate} default_enddate = {enddate} default_days = 7000 default_crl_days = 7000 certificate = pycacert.pem private_key = pycakey.pem serial = $dir/serial RANDFILE = $dir/.rand policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = optional organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = CA:true Freq_x509_extensions_fullrsa:3072cCs$td|g}tdD]<}tjdd}||jWdq1sJ0Yq|\}} } ztj||tt d} t |d}| | Wdn1s0Yddd d d d |d | d|d|g } |rtjdd"}||j|j} Wdn1s0Y| d| g7} n| dd| g7} t dg| |rldd|d|d| dddddd| g} t dg| t | d}| }Wdn1s0Yt | d}| }Wdn1s0Y||fW|D]}t|qS]}t|qn|D]}t|q 0dS)Nzcreating cert for F)deletehostname extra_san startdateenddatewreq-new-nodesz-daysZ7000-newkey-keyout -extensions-config-outz-x509opensslca-outdircadirz-policyZpolicy_anything-batch-infilesr)printrangetempfileNamedTemporaryFileappendname req_templateformatr r openwrite check_callreadosremove)r signr extkeyZ tempnamesifZreq_fileZ cert_fileZkey_filerargsZreqfilecertr"r2)/usr/lib/python3.9/test/make_ssl_certs.py make_cert_keywsb  ,  (  &  ( (r4rcCsttdS)N)shutilrmtree TMP_CADIRr2r2r2r3 unmake_casr8cCsttttjddd}Wdn1s40Yttjddd}|dWdn1sr0Yttjddd}|dWdn1s0Yttjdd d }|d Wdn1s0Ytd }t j d d t t d}||| t}dd|jddddddd|jddg }tdg|dd|jddddtddd d!d"d#|jg}tdg|dd|jd$dd%g}tdg|Wdn1s0YWdn1s0Ytgd&td'd(dS))Nrz index.txta+zcrl.txtZ00zindex.txt.attrzw+zunique_subject = noserialr zCB2D80995A69525B z our-ca-serverrrrrrrrrrz pycakey.pemrz-subjzG/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-serverrr pycacert.pemrrz-keyfilez -selfsignrZv3_carz-gencrlzrevocation.crl)rZx509-inr;rcapath/ceff1710.0r=zcapath/b1930218.0)r)mkdirr7r%pathjoinr&rr r#r$r r flushr"r'r5copy)r/trr0r2r2r3make_casJ (((      N rDcCsddl}t||dS)Nr)_sslpprintZ_test_decode_cert)r?rEr2r2r3 print_certsrG__main__ localhostZreq_x509_extensions_simple)r,z ssl_cert.pemr ssl_key.pemz5password protecting ssl_key.pem in ssl_key.passwd.pem) rpkeyr<rJrzssl_key.passwd.pem-aes256-passout pass:somepass) rrKr<rJrkeycert.passwd.pemrLrMrNz keycert.pemrOr9Z fakehostnamez keycert2.pemT)r+z keycert3.pemz keycert4.pemz localhost-ecczparam:secp384r1.pem)r+r-zkeycertecc.pem) z0otherName.1 = 1.2.3.4;UTF8:some other identifierz/otherName.2 = 1.3.6.1.5.2.2;SEQUENCE:princ_namezemail.1 = user@example.orgzDNS.2 = www.example.orgzdirName.1 = dir_sectzURI.1 = https://www.python.org/zIP.1 = 127.0.0.1z IP.2 = ::1zRID.1 = 1.2.3.4.5Zallsans )r+r z allsans.pem)z'DNS.2 = xn--knig-5qa.idn.pythontest.netz6DNS.3 = xn--knigsgsschen-lcb0w.idna2003.pythontest.netz6DNS.4 = xn--knigsgchen-b4a3dun.idna2008.pythontest.netz,DNS.5 = xn--nxasmq6b.idna2003.pythontest.netz,DNS.6 = xn--nxasmm1c.idna2008.pythontest.netZidnsansz idnsans.pemZnosanZreq_x509_extensions_nosan)r+r,z nosan.pemz>update Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py)Frrr)__doc__r)rFr5r subprocessr r r#r?abspathdirname__file__herer4r7r8rDrG__name__chdirr1r-r%r/r&rr'r r@r2r2r2r3sg 5,   ( (    * *  *  *  *   *  *   *  *