From af5933467bb392cd6efac6ac7d7e48ec0ec55e34 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Thu, 23 May 2024 11:52:20 +0200
Subject: [PATCH] make_ssl_certs: make it possible to pass in expiration dates
 from command line

Note that the defaults are same as they were, so if nothing is
specified, the script works exactly as before.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 Lib/test/certdata/make_ssl_certs.py | 43 +++++++++++++++++------------
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/Lib/test/certdata/make_ssl_certs.py b/Lib/test/certdata/make_ssl_certs.py
index 848ddd2c2ac14ca..b6da13f3ec191c8 100644
--- a/Lib/test/certdata/make_ssl_certs.py
+++ b/Lib/test/certdata/make_ssl_certs.py
@@ -1,6 +1,7 @@
 """Make the custom certificate and private key files used by test_ssl
 and friends."""
 
+import argparse
 import os
 import pprint
 import shutil
@@ -8,7 +9,8 @@
 from subprocess import *
 
 startdate = "20180829142316Z"
-enddate = "20371028142316Z"
+enddate_default = "20371028142316Z"
+days_default = "7000"
 
 req_template = """
     [ default ]
@@ -79,8 +81,8 @@
     default_startdate = {startdate}
     enddate = {enddate}
     default_enddate = {enddate}
-    default_days = 7000
-    default_crl_days = 7000
+    default_days = {days}
+    default_crl_days = {days}
     certificate = pycacert.pem
     private_key = pycakey.pem
     serial    = $dir/serial
@@ -117,7 +119,7 @@
 here = os.path.abspath(os.path.dirname(__file__))
 
 
-def make_cert_key(hostname, sign=False, extra_san='',
+def make_cert_key(cmdlineargs, hostname, sign=False, extra_san='',
                   ext='req_x509_extensions_full', key='rsa:3072'):
     print("creating cert for " + hostname)
     tempnames = []
@@ -130,11 +132,12 @@ def make_cert_key(hostname, sign=False, extra_san='',
             hostname=hostname,
             extra_san=extra_san,
             startdate=startdate,
-            enddate=enddate
+            enddate=cmdlineargs.enddate,
+            days=cmdlineargs.days
         )
         with open(req_file, 'w') as f:
             f.write(req)
-        args = ['req', '-new', '-nodes', '-days', '7000',
+        args = ['req', '-new', '-nodes', '-days', cmdlineargs.days,
                 '-newkey', key, '-keyout', key_file,
                 '-extensions', ext,
                 '-config', req_file]
@@ -175,7 +178,7 @@ def make_cert_key(hostname, sign=False, extra_san='',
 def unmake_ca():
     shutil.rmtree(TMP_CADIR)
 
-def make_ca():
+def make_ca(cmdlineargs):
     os.mkdir(TMP_CADIR)
     with open(os.path.join('cadir','index.txt'),'a+') as f:
         pass # empty file
@@ -192,7 +195,8 @@ def make_ca():
             hostname='our-ca-server',
             extra_san='',
             startdate=startdate,
-            enddate=enddate
+            enddate=cmdlineargs.enddate,
+            days=cmdlineargs.days
         )
         t.write(req)
         t.flush()
@@ -228,8 +232,13 @@ def write_cert_reference(path):
 
 
 if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Make the custom certificate and private key files used by test_ssl and friends.')
+    parser.add_argument('--days', default=days_default)
+    parser.add_argument('--enddate', default=enddate_default)
+    cmdlineargs = parser.parse_args()
+
     os.chdir(here)
-    cert, key = make_cert_key('localhost', ext='req_x509_extensions_simple')
+    cert, key = make_cert_key(cmdlineargs, 'localhost', ext='req_x509_extensions_simple')
     with open('ssl_cert.pem', 'w') as f:
         f.write(cert)
     with open('ssl_key.pem', 'w') as f:
@@ -246,24 +255,24 @@ def write_cert_reference(path):
         f.write(cert)
 
     # For certificate matching tests
-    make_ca()
-    cert, key = make_cert_key('fakehostname', ext='req_x509_extensions_simple')
+    make_ca(cmdlineargs)
+    cert, key = make_cert_key(cmdlineargs, 'fakehostname', ext='req_x509_extensions_simple')
     with open('keycert2.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key('localhost', sign=True)
+    cert, key = make_cert_key(cmdlineargs, 'localhost', sign=True)
     with open('keycert3.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key('fakehostname', sign=True)
+    cert, key = make_cert_key(cmdlineargs, 'fakehostname', sign=True)
     with open('keycert4.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
     cert, key = make_cert_key(
-        'localhost-ecc', sign=True, key='param:secp384r1.pem'
+        cmdlineargs, 'localhost-ecc', sign=True, key='param:secp384r1.pem'
     )
     with open('keycertecc.pem', 'w') as f:
         f.write(key)
@@ -283,7 +292,7 @@ def write_cert_reference(path):
         'RID.1 = 1.2.3.4.5',
     ]
 
-    cert, key = make_cert_key('allsans', sign=True, extra_san='\n'.join(extra_san))
+    cert, key = make_cert_key(cmdlineargs, 'allsans', sign=True, extra_san='\n'.join(extra_san))
     with open('allsans.pem', 'w') as f:
         f.write(key)
         f.write(cert)
@@ -300,12 +309,12 @@ def write_cert_reference(path):
     ]
 
     # IDN SANS, signed
-    cert, key = make_cert_key('idnsans', sign=True, extra_san='\n'.join(extra_san))
+    cert, key = make_cert_key(cmdlineargs, 'idnsans', sign=True, extra_san='\n'.join(extra_san))
     with open('idnsans.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key('nosan', sign=True, ext='req_x509_extensions_nosan')
+    cert, key = make_cert_key(cmdlineargs, 'nosan', sign=True, ext='req_x509_extensions_nosan')
     with open('nosan.pem', 'w') as f:
         f.write(key)
         f.write(cert)