HEX

File: //usr/local/lib/python3.7/test/__pycache__/make_ssl_certs.cpython-37.opt-2.pyc
B

��g"�
@sddlZddlZddlZddlZddlTdZej�ej�e	��Z
dBdd	�Zd
Zdd�Z
d
d�Zdd�Zedk�re�e
�eddd�\ZZedd��Ze�e�WdQRXedd��Ze�e�WdQRXed�eddddddddd g	�edddddd!ddd g	�ed"d��Ze�e�e�e�WdQRXed!d#��Ze�e�WdQRXe�ed$dd�\ZZed%d��Ze�e�e�e�WdQRXedd&�\ZZed'd��Ze�e�e�e�WdQRXed$d&�\ZZed(d��Ze�e�e�e�WdQRXed)d&d*d+�\ZZed,d��Ze�e�e�e�WdQRXd-d.d/d0d1d2d3d4d5g	Zed6d7�e�d8�\ZZed9d��Ze�e�e�e�WdQRXd:d;d<d=d>gZed?d&d7�e�d8�\ZZed@d��Ze�e�e�e�WdQRXe
�edA�ed"�ed'�dS)C�N)�*a

    [ default ]
    base_url               = http://testca.pythontest.net/testca

    [req]
    distinguished_name     = req_distinguished_name
    prompt                 = no

    [req_distinguished_name]
    C                      = XY
    L                      = Castle Anthrax
    O                      = Python Software Foundation
    CN                     = {hostname}

    [req_x509_extensions_simple]
    subjectAltName         = @san

    [req_x509_extensions_full]
    subjectAltName         = @san
    keyUsage               = critical,keyEncipherment,digitalSignature
    extendedKeyUsage       = serverAuth,clientAuth
    basicConstraints       = critical,CA:false
    subjectKeyIdentifier   = hash
    authorityKeyIdentifier = keyid:always,issuer:always
    authorityInfoAccess    = @issuer_ocsp_info
    crlDistributionPoints  = @crl_info

    [ issuer_ocsp_info ]
    caIssuers;URI.0        = $base_url/pycacert.cer
    OCSP;URI.0             = $base_url/ocsp/

    [ crl_info ]
    URI.0                  = $base_url/revocation.crl

    [san]
    DNS.1 = {hostname}
    {extra_san}

    [dir_sect]
    C                      = XY
    L                      = Castle Anthrax
    O                      = Python Software Foundation
    CN                     = dirname example

    [princ_name]
    realm = EXP:0, GeneralString:KERBEROS.REALM
    principal_name = EXP:1, SEQUENCE:principal_seq

    [principal_seq]
    name_type = EXP:0, INTEGER:1
    name_string = EXP:1, SEQUENCE:principals

    [principals]
    princ1 = GeneralString:username

    [ ca ]
    default_ca      = CA_default

    [ CA_default ]
    dir = cadir
    database  = $dir/index.txt
    crlnumber = $dir/crl.txt
    default_md = sha256
    default_days = 3600
    default_crl_days = 3600
    certificate = pycacert.pem
    private_key = pycakey.pem
    serial    = $dir/serial
    RANDFILE  = $dir/.rand
    policy          = policy_match

    [ policy_match ]
    countryName             = match
    stateOrProvinceName     = optional
    organizationName        = match
    organizationalUnitName  = optional
    commonName              = supplied
    emailAddress            = optional

    [ policy_anything ]
    countryName   = optional
    stateOrProvinceName = optional
    localityName    = optional
    organizationName  = optional
    organizationalUnitName  = optional
    commonName    = supplied
    emailAddress    = optional


    [ v3_ca ]

    subjectKeyIdentifier=hash
    authorityKeyIdentifier=keyid:always,issuer
    basicConstraints = CA:true

    F��req_x509_extensions_full�rsa:3072cCs�td|�g}x4td�D](}tjdd��}|�|j�WdQRXqW|\}}	}
�ztj||d�}t|d��}|�	|�WdQRXddd	d
dd|d
|
d|d|g
}|r�tjdd��}|�|j�|j}
WdQRX|d|
g7}n|dd|	g7}t
dg|�|�r,dd|d|d|	dddddd|
g}t
dg|�t|	d��}|��}WdQRXt|
d��}|��}WdQRX||fSx|D]}t�
|��qvWXdS)Nzcreating cert for �F)�delete)�hostname�	extra_san�w�reqz-newz-days�3650z-nodesz-newkeyz-keyoutz-extensionsz-configz-outz-x509�openssl�caz-outdir�cadirz-policyZpolicy_anythingz-batchz-infiles�r)�print�range�tempfile�NamedTemporaryFile�append�name�req_template�format�open�write�
check_call�read�os�remove)r�signr	�ext�keyZ	tempnames�i�fZreq_fileZ	cert_fileZkey_filer�argsZreqfile�certr�r&�//usr/local/lib/python3.7/test/make_ssl_certs.py�
make_cert_keynsJ



r(rcCst�t�dS)N)�shutilZrmtree�	TMP_CADIRr&r&r&r'�	unmake_ca�sr+cCstt�t�ttj�dd�d��}WdQRXttj�dd�d��}|�d�WdQRXttj�dd�d��}|�d�WdQRXt�d	���}|�t	j
d
dd��|��t����}d
ddddddddddd|jddg}t
dg|�dd|jdddd d!td"dddd#ddd$|jg}t
dg|�dd|jd%dd&g}t
dg|�WdQRXWdQRXt
dd'd(ddd)g�t�d)d*�dS)+Nrz	index.txtza+zcrl.txtZ00zindex.txt.attrzw+zunique_subject = nor
z
our-ca-serverr)rr	rz-newz-daysrz-extensionsZv3_caz-nodesz-newkeyzrsa:3072z-keyoutzpycakey.pemz-outz-subjzG/C=XY/L=Castle Anthrax/O=Python Software Foundation CA/CN=our-ca-serverr
rz-configz-create_serialzpycacert.pemz-batchz-outdirz-keyfilez	-selfsignz-infilesz-gencrlzrevocation.crlZx509z-inzcapath/ceff1710.0zcapath/b1930218.0)r�mkdirr*r�path�joinrrrrr�flushrrr)�copy)r#�tr$r&r&r'�make_ca�s4




"r2cCsddl}t�|�|��dS)Nr)�_ssl�pprintZ_test_decode_cert)r-r3r&r&r'�
print_cert�sr5�__main__Z	localhostZreq_x509_extensions_simple)r zssl_cert.pemr
zssl_key.pemz5password protecting ssl_key.pem in ssl_key.passwd.pemr
Zpkeyz-inz-outzssl_key.passwd.pemz-aes256z-passoutz
pass:somepasszkeycert.passwd.pemzkeycert.pemza+Zfakehostnamezkeycert2.pemTzkeycert3.pemzkeycert4.pemz
localhost-ecczparam:secp384r1.pem)r!zkeycertecc.pemz0otherName.1 = 1.2.3.4;UTF8:some other identifierz/otherName.2 = 1.3.6.1.5.2.2;SEQUENCE:princ_namezemail.1 = user@example.orgzDNS.2 = www.example.orgzdirName.1 = dir_sectzURI.1 = https://www.python.org/zIP.1 = 127.0.0.1z
IP.2 = ::1zRID.1 = 1.2.3.4.5Zallsans�
)r	zallsans.pemz'DNS.2 = xn--knig-5qa.idn.pythontest.netz6DNS.3 = xn--knigsgsschen-lcb0w.idna2003.pythontest.netz6DNS.4 = xn--knigsgchen-b4a3dun.idna2008.pythontest.netz,DNS.5 = xn--nxasmq6b.idna2003.pythontest.netz,DNS.6 = xn--nxasmm1c.idna2008.pythontest.netZidnsanszidnsans.pemz=update Lib/test/test_ssl.py and Lib/test/test_asyncio/util.py)Frrr)rr4r)r�
subprocessrr-�abspath�dirname�__file__�herer(r*r+r2r5�__name__�chdirr%r!rr#rrrr	r.r&r&r&r'�<module>s�a
/!