make_ssl_certs: make it possible to pass in expiration dates from com…

…mand line Note that the defaults are same as they were, so if nothing is specified, the script works exactly as before. Signed-off-by: Alexander Kanavin <[email protected]>
python · Sep 25, 2024 · 4bff2d1 · 4bff2d1
1 parent 0e82723
commit 4bff2d1
Showing 1 changed file with 26 additions and 17 deletions.
diff --git a/Lib/test/certdata/make_ssl_certs.py b/Lib/test/certdata/make_ssl_certs.py
@@ -1,14 +1,16 @@
 """Make the custom certificate and private key files used by test_ssl
 and friends."""
 
+import argparse
 import os
 import pprint
 import shutil
 import tempfile
 from subprocess import *
 
 startdate = "20180829142316Z"
-enddate = "20371028142316Z"
+enddate_default = "20371028142316Z"
+days_default = "7000"
 
 req_template = """
     [ default ]
@@ -79,8 +81,8 @@
     default_startdate = {startdate}
     enddate = {enddate}
     default_enddate = {enddate}
-    default_days = 7000
-    default_crl_days = 7000
+    default_days = {days}
+    default_crl_days = {days}
     certificate = pycacert.pem
     private_key = pycakey.pem
     serial    = $dir/serial
@@ -117,7 +119,7 @@
 here = os.path.abspath(os.path.dirname(__file__))
 
 
-def make_cert_key(hostname, sign=False, extra_san='',
+def make_cert_key(cmdlineargs, hostname, sign=False, extra_san='',
                   ext='req_x509_extensions_full', key='rsa:3072'):
     print("creating cert for " + hostname)
     tempnames = []
@@ -130,11 +132,12 @@ def make_cert_key(hostname, sign=False, extra_san='',
             hostname=hostname,
             extra_san=extra_san,
             startdate=startdate,
-            enddate=enddate
+            enddate=cmdlineargs.enddate,
+            days=cmdlineargs.days
         )
         with open(req_file, 'w') as f:
             f.write(req)
-        args = ['req', '-new', '-nodes', '-days', '7000',
+        args = ['req', '-new', '-nodes', '-days', cmdlineargs.days,
                 '-newkey', key, '-keyout', key_file,
                 '-extensions', ext,
                 '-config', req_file]
@@ -175,7 +178,7 @@ def make_cert_key(hostname, sign=False, extra_san='',
 def unmake_ca():
     shutil.rmtree(TMP_CADIR)
 
-def make_ca():
+def make_ca(cmdlineargs):
     os.mkdir(TMP_CADIR)
     with open(os.path.join('cadir','index.txt'),'a+') as f:
         pass # empty file
@@ -192,7 +195,8 @@ def make_ca():
             hostname='our-ca-server',
             extra_san='',
             startdate=startdate,
-            enddate=enddate
+            enddate=cmdlineargs.enddate,
+            days=cmdlineargs.days
         )
         t.write(req)
         t.flush()
@@ -228,8 +232,13 @@ def write_cert_reference(path):
 
 
 if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Make the custom certificate and private key files used by test_ssl and friends.')
+    parser.add_argument('--days', default=days_default)
+    parser.add_argument('--enddate', default=enddate_default)
+    cmdlineargs = parser.parse_args()
+
     os.chdir(here)
-    cert, key = make_cert_key('localhost', ext='req_x509_extensions_simple')
+    cert, key = make_cert_key(cmdlineargs, 'localhost', ext='req_x509_extensions_simple')
     with open('ssl_cert.pem', 'w') as f:
         f.write(cert)
     with open('ssl_key.pem', 'w') as f:
@@ -246,24 +255,24 @@ def write_cert_reference(path):
         f.write(cert)
 
     # For certificate matching tests
-    make_ca()
-    cert, key = make_cert_key('fakehostname', ext='req_x509_extensions_simple')
+    make_ca(cmdlineargs)
+    cert, key = make_cert_key(cmdlineargs, 'fakehostname', ext='req_x509_extensions_simple')
     with open('keycert2.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key('localhost', sign=True)
+    cert, key = make_cert_key(cmdlineargs, 'localhost', sign=True)
     with open('keycert3.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key('fakehostname', sign=True)
+    cert, key = make_cert_key(cmdlineargs, 'fakehostname', sign=True)
     with open('keycert4.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
     cert, key = make_cert_key(
-        'localhost-ecc', sign=True, key='param:secp384r1.pem'
+        cmdlineargs, 'localhost-ecc', sign=True, key='param:secp384r1.pem'
     )
     with open('keycertecc.pem', 'w') as f:
         f.write(key)
@@ -283,7 +292,7 @@ def write_cert_reference(path):
         'RID.1 = 1.2.3.4.5',
     ]
 
-    cert, key = make_cert_key('allsans', sign=True, extra_san='\n'.join(extra_san))
+    cert, key = make_cert_key(cmdlineargs, 'allsans', sign=True, extra_san='\n'.join(extra_san))
     with open('allsans.pem', 'w') as f:
         f.write(key)
         f.write(cert)
@@ -300,12 +309,12 @@ def write_cert_reference(path):
     ]
 
     # IDN SANS, signed
-    cert, key = make_cert_key('idnsans', sign=True, extra_san='\n'.join(extra_san))
+    cert, key = make_cert_key(cmdlineargs, 'idnsans', sign=True, extra_san='\n'.join(extra_san))
     with open('idnsans.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key('nosan', sign=True, ext='req_x509_extensions_nosan')
+    cert, key = make_cert_key(cmdlineargs, 'nosan', sign=True, ext='req_x509_extensions_nosan')
     with open('nosan.pem', 'w') as f:
         f.write(key)
         f.write(cert)