B u9a"ã @sdZddlZddlZddlZddlZddlTdZej ej  e ¡¡Z dCd d „Z d Z d d „Zdd„Zdd„Zedkre e ¡e ddd\ZZeddƒZe e¡WdQRXeddƒZe e¡WdQRXedƒedddddddd d!g ƒedddddd"dd d!g ƒed#dƒZe e¡e e¡WdQRXed"d$ƒZe e¡WdQRXeƒe d%dd\ZZed&dƒZe e¡e e¡WdQRXe dd'ƒ\ZZed(dƒZe e¡e e¡WdQRXe d%d'ƒ\ZZed)dƒZe e¡e e¡WdQRXe d*d'd+d,\ZZed-dƒZe e¡e e¡WdQRXd.d/d0d1d2d3d4d5d6g Ze d7d8 e¡d9\ZZed:dƒZe e¡e e¡WdQRXd;dd?gZe d@d'd8 e¡d9\ZZedAdƒZe e¡e e¡WdQRXeƒedBƒed#ƒed(ƒdS)DzOMake the custom certificate and private key files used by test_ssl and friends.éN)Ú*a [ default ] base_url = http://testca.pythontest.net/testca [req] distinguished_name = req_distinguished_name prompt = no [req_distinguished_name] C = XY L = Castle Anthrax O = Python Software Foundation CN = {hostname} [req_x509_extensions_simple] subjectAltName = @san [req_x509_extensions_full] subjectAltName = @san keyUsage = critical,keyEncipherment,digitalSignature extendedKeyUsage = serverAuth,clientAuth basicConstraints = critical,CA:false subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always authorityInfoAccess = @issuer_ocsp_info crlDistributionPoints = @crl_info [ issuer_ocsp_info ] caIssuers;URI.0 = $base_url/pycacert.cer OCSP;URI.0 = $base_url/ocsp/ [ crl_info ] URI.0 = $base_url/revocation.crl [san] DNS.1 = {hostname} {extra_san} [dir_sect] C = XY L = Castle Anthrax O = Python Software Foundation CN = dirname example [princ_name] realm = EXP:0, GeneralString:KERBEROS.REALM principal_name = EXP:1, SEQUENCE:principal_seq [principal_seq] name_type = EXP:0, INTEGER:1 name_string = EXP:1, SEQUENCE:principals [principals] princ1 = GeneralString:username [ ca ] default_ca = CA_default [ CA_default ] dir = cadir database = $dir/index.txt crlnumber = $dir/crl.txt default_md = sha256 default_days = 3600 default_crl_days = 3600 certificate = pycacert.pem private_key = pycakey.pem serial = $dir/serial RANDFILE = $dir/.rand policy = policy_match [ policy_match ] countryName = match stateOrProvinceName = optional organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = CA:true FÚÚreq_x509_extensions_fullúrsa:3072cCstd|ƒg}x4tdƒD](}tjdd}| |j¡WdQRXqW|\}} } ztj||d} t|dƒ}|  | ¡WdQRXddd d d d |d | d|d|g } |rÜtjdd}| |j¡|j} WdQRX| d| g7} n| dd| g7} t dg| ƒ|r,dd|d|d| dddddd| g} t dg| ƒt| dƒ}|  ¡}WdQRXt| dƒ}|  ¡}WdQRX||fSx|D]}t   |¡qvWXdS)Nzcreating cert for éF)Údelete)ÚhostnameÚ extra_sanÚwÚreqz-newz-daysÚ3650z-nodesz-newkeyz-keyoutz -extensionsz-configz-outz-x509ÚopensslÚcaz-outdirÚcadirz-policyZpolicy_anythingz-batchz-infilesÚr)ÚprintÚrangeÚtempfileÚNamedTemporaryFileÚappendÚnameÚ req_templateÚformatÚopenÚwriteÚ check_callÚreadÚosÚremove)rÚsignr ÚextÚkeyZ tempnamesÚiÚfZreq_fileZ cert_fileZkey_filer ÚargsZreqfileÚcertr©r&ú$/usr/lib/python3.7/make_ssl_certs.pyÚ make_cert_keynsJ         r(rcCst t¡dS)N)ÚshutilZrmtreeÚ TMP_CADIRr&r&r&r'Ú unmake_ca sr+cCstt t¡ttj dd¡dƒ}WdQRXttj dd¡dƒ}| d¡WdQRXttj dd¡dƒ}| d¡WdQRXt d ¡Â}| t j d d d ¡|  ¡t ¡’}d ddddddddddd|j ddg}t dg|ƒdd|j dddd d!td"dddd#ddd$|j g}t dg|ƒdd|j d%dd&g}t dg|ƒWdQRXWdQRXt dd'd(ddd)gƒt d)d*¡dS)+Nrz index.txtza+zcrl.txtZ00zindex.txt.attrzw+zunique_subject = nor z our-ca-serverr)rr r z-newz-daysr z -extensionsZv3_caz-nodesz-newkeyzrsa:3072z-keyoutz pycakey.pemz-outz-subjzG/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-serverr rz-configz-create_serialz pycacert.pemz-batchz-outdirz-keyfilez -selfsignz-infilesz-gencrlzrevocation.crlZx509z-inzcapath/ceff1710.0zcapath/b1930218.0)rÚmkdirr*rÚpathÚjoinrrrrrÚflushrrr)Úcopy)r#Útr$r&r&r'Úmake_ca£s4      "r2cCsddl}t | |¡¡dS)Nr)Ú_sslÚpprintZ_test_decode_cert)r-r3r&r&r'Ú print_certÄsr5Ú__main__Z localhostZreq_x509_extensions_simple)r z ssl_cert.pemr z ssl_key.pemz5password protecting ssl_key.pem in ssl_key.passwd.pemr Zrsaz-inz-outzssl_key.passwd.pemz-des3z-passoutz pass:somepasszkeycert.passwd.pemz keycert.pemza+Z fakehostnamez keycert2.pemTz keycert3.pemz keycert4.pemz localhost-ecczparam:secp384r1.pem)r!zkeycertecc.pemz0otherName.1 = 1.2.3.4;UTF8:some other identifierz/otherName.2 = 1.3.6.1.5.2.2;SEQUENCE:princ_namezemail.1 = user@example.orgzDNS.2 = www.example.orgzdirName.1 = dir_sectzURI.1 = https://www.python.org/zIP.1 = 127.0.0.1z IP.2 = ::1zRID.1 = 1.2.3.4.5ZallsansÚ )r z allsans.pemz'DNS.2 = xn--knig-5qa.idn.pythontest.netz6DNS.3 = xn--knigsgsschen-lcb0w.idna2003.pythontest.netz6DNS.4 = xn--knigsgchen-b4a3dun.idna2008.pythontest.netz,DNS.5 = xn--nxasmq6b.idna2003.pythontest.netz,DNS.6 = xn--nxasmm1c.idna2008.pythontest.netZidnsansz idnsans.pemz=update Lib/test/test_ssl.py and Lib/test/test_asyncio/util.py)Frrr)Ú__doc__rr4r)rÚ subprocessrr-ÚabspathÚdirnameÚ__file__Úherer(r*r+r2r5Ú__name__Úchdirr%r!rr#rrrr r.r&r&r&r'Úsa /!