Revert "pythongh-119400: make_ssl_certs: update reference test data automatically, pass in expiration dates as parameters python#119400 (pythonGH-119401)"

This reverts commit 1ff1b89.

Author: kanavin

Lib/test/certdata/keycert.pem.reference

@@ -1,16 +1,14 @@
 """Make the custom certificate and private key files used by test_ssl
 and friends."""
 
-import argparse
 import os
 import pprint
 import shutil
 import tempfile
 from subprocess import *
 
 startdate = "20180829142316Z"
-enddate_default = "20371028142316Z"
-days_default = "7000"
+enddate = "20371028142316Z"
 
 req_template = """
     [ default ]
@@ -81,8 +79,8 @@
     default_startdate = {startdate}
     enddate = {enddate}
     default_enddate = {enddate}
-    default_days = {days}
-    default_crl_days = {days}
+    default_days = 7000
+    default_crl_days = 7000
     certificate = pycacert.pem
     private_key = pycakey.pem
     serial    = $dir/serial
@@ -119,7 +117,7 @@
 here = os.path.abspath(os.path.dirname(__file__))
 
 
-def make_cert_key(cmdlineargs, hostname, sign=False, extra_san='',
+def make_cert_key(hostname, sign=False, extra_san='',
                   ext='req_x509_extensions_full', key='rsa:3072'):
     print("creating cert for " + hostname)
     tempnames = []
@@ -132,12 +130,11 @@ def make_cert_key(cmdlineargs, hostname, sign=False, extra_san='',
             hostname=hostname,
             extra_san=extra_san,
             startdate=startdate,
-            enddate=cmdlineargs.enddate,
-            days=cmdlineargs.days
+            enddate=enddate
         )
         with open(req_file, 'w') as f:
             f.write(req)
-        args = ['req', '-new', '-nodes', '-days', cmdlineargs.days,
+        args = ['req', '-new', '-nodes', '-days', '7000',
                 '-newkey', key, '-keyout', key_file,
                 '-extensions', ext,
                 '-config', req_file]
@@ -178,7 +175,7 @@ def make_cert_key(cmdlineargs, hostname, sign=False, extra_san='',
 def unmake_ca():
     shutil.rmtree(TMP_CADIR)
 
-def make_ca(cmdlineargs):
+def make_ca():
     os.mkdir(TMP_CADIR)
     with open(os.path.join('cadir','index.txt'),'a+') as f:
         pass # empty file
@@ -195,8 +192,7 @@ def make_ca(cmdlineargs):
             hostname='our-ca-server',
             extra_san='',
             startdate=startdate,
-            enddate=cmdlineargs.enddate,
-            days=cmdlineargs.days
+            enddate=enddate
         )
         t.write(req)
         t.flush()
@@ -223,22 +219,14 @@ def make_ca(cmdlineargs):
     shutil.copy('capath/ceff1710.0', 'capath/b1930218.0')
 
 
-def write_cert_reference(path):
+def print_cert(path):
     import _ssl
-    refdata = pprint.pformat(_ssl._test_decode_cert(path))
-    print(refdata)
-    with open(path + '.reference', 'w') as f:
-        print(refdata, file=f)
+    pprint.pprint(_ssl._test_decode_cert(path))
 
 
 if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Make the custom certificate and private key files used by test_ssl and friends.')
-    parser.add_argument('--days', default=days_default)
-    parser.add_argument('--enddate', default=enddate_default)
-    cmdlineargs = parser.parse_args()
-
     os.chdir(here)
-    cert, key = make_cert_key(cmdlineargs, 'localhost', ext='req_x509_extensions_simple')
+    cert, key = make_cert_key('localhost', ext='req_x509_extensions_simple')
     with open('ssl_cert.pem', 'w') as f:
         f.write(cert)
     with open('ssl_key.pem', 'w') as f:
@@ -255,24 +243,24 @@ def write_cert_reference(path):
         f.write(cert)
 
     # For certificate matching tests
-    make_ca(cmdlineargs)
-    cert, key = make_cert_key(cmdlineargs, 'fakehostname', ext='req_x509_extensions_simple')
+    make_ca()
+    cert, key = make_cert_key('fakehostname', ext='req_x509_extensions_simple')
     with open('keycert2.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key(cmdlineargs, 'localhost', sign=True)
+    cert, key = make_cert_key('localhost', sign=True)
     with open('keycert3.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key(cmdlineargs, 'fakehostname', sign=True)
+    cert, key = make_cert_key('fakehostname', sign=True)
     with open('keycert4.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
     cert, key = make_cert_key(
-        cmdlineargs, 'localhost-ecc', sign=True, key='param:secp384r1.pem'
+        'localhost-ecc', sign=True, key='param:secp384r1.pem'
     )
     with open('keycertecc.pem', 'w') as f:
         f.write(key)
@@ -292,7 +280,7 @@ def write_cert_reference(path):
         'RID.1 = 1.2.3.4.5',
     ]
 
-    cert, key = make_cert_key(cmdlineargs, 'allsans', sign=True, extra_san='\n'.join(extra_san))
+    cert, key = make_cert_key('allsans', sign=True, extra_san='\n'.join(extra_san))
     with open('allsans.pem', 'w') as f:
         f.write(key)
         f.write(cert)
@@ -309,17 +297,17 @@ def write_cert_reference(path):
     ]
 
     # IDN SANS, signed
-    cert, key = make_cert_key(cmdlineargs, 'idnsans', sign=True, extra_san='\n'.join(extra_san))
+    cert, key = make_cert_key('idnsans', sign=True, extra_san='\n'.join(extra_san))
     with open('idnsans.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
-    cert, key = make_cert_key(cmdlineargs, 'nosan', sign=True, ext='req_x509_extensions_nosan')
+    cert, key = make_cert_key('nosan', sign=True, ext='req_x509_extensions_nosan')
     with open('nosan.pem', 'w') as f:
         f.write(key)
         f.write(cert)
 
     unmake_ca()
-    print("Writing out reference data for Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py")
-    write_cert_reference('keycert.pem')
-    write_cert_reference('keycert3.pem')
+    print("update Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py")
+    print_cert('keycert.pem')
+    print_cert('keycert3.pem')

Lib/test/certdata/keycert3.pem.reference

@@ -15,7 +15,6 @@
 import unittest
 import weakref
 import warnings
-from ast import literal_eval
 from unittest import mock
 
 from http.server import HTTPServer
@@ -57,8 +56,24 @@ def data_file(*filename):
 ONLYKEY = data_file('certdata', 'ssl_key.pem')
 SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem')
 SIGNING_CA = data_file('certdata', 'pycacert.pem')
-with open(data_file('certdata', 'keycert3.pem.reference')) as file:
-    PEERCERT = literal_eval(file.read())
+PEERCERT = {
+    'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
+    'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
+    'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
+    'issuer': ((('countryName', 'XY'),),
+            (('organizationName', 'Python Software Foundation CA'),),
+            (('commonName', 'our-ca-server'),)),
+    'notAfter': 'Oct 28 14:23:16 2037 GMT',
+    'notBefore': 'Aug 29 14:23:16 2018 GMT',
+    'serialNumber': 'CB2D80995A69525C',
+    'subject': ((('countryName', 'XY'),),
+             (('localityName', 'Castle Anthrax'),),
+             (('organizationName', 'Python Software Foundation'),),
+             (('commonName', 'localhost'),)),
+    'subjectAltName': (('DNS', 'localhost'),),
+    'version': 3
+}
+
 
 def simple_server_sslcontext():
     server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)

Lib/test/certdata/make_ssl_certs.py

@@ -3,7 +3,6 @@
 import sys
 import unittest
 import unittest.mock
-from ast import literal_eval
 from test import support
 from test.support import import_helper
 from test.support import os_helper
@@ -83,8 +82,21 @@ def data_file(*name):
 CAFILE_NEURONIO = data_file("capath", "4e1295a3.0")
 CAFILE_CACERT = data_file("capath", "5ed36f99.0")
 
-with open(data_file('keycert.pem.reference')) as file:
-    CERTFILE_INFO = literal_eval(file.read())
+CERTFILE_INFO = {
+    'issuer': ((('countryName', 'XY'),),
+               (('localityName', 'Castle Anthrax'),),
+               (('organizationName', 'Python Software Foundation'),),
+               (('commonName', 'localhost'),)),
+    'notAfter': 'Jan 24 04:21:36 2043 GMT',
+    'notBefore': 'Nov 25 04:21:36 2023 GMT',
+    'serialNumber': '53E14833F7546C29256DD0F034F776C5E983004C',
+    'subject': ((('countryName', 'XY'),),
+             (('localityName', 'Castle Anthrax'),),
+             (('organizationName', 'Python Software Foundation'),),
+             (('commonName', 'localhost'),)),
+    'subjectAltName': (('DNS', 'localhost'),),
+    'version': 3
+}
 
 # empty CRL
 CRLFILE = data_file("revocation.crl")
@@ -94,8 +106,23 @@ def data_file(*name):
 SINGED_CERTFILE_ONLY = data_file("cert3.pem")
 SIGNED_CERTFILE_HOSTNAME = 'localhost'
 
-with open(data_file('keycert3.pem.reference')) as file:
-    SIGNED_CERTFILE_INFO = literal_eval(file.read())
+SIGNED_CERTFILE_INFO = {
+    'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
+    'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
+    'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
+    'issuer': ((('countryName', 'XY'),),
+            (('organizationName', 'Python Software Foundation CA'),),
+            (('commonName', 'our-ca-server'),)),
+    'notAfter': 'Oct 28 14:23:16 2037 GMT',
+    'notBefore': 'Aug 29 14:23:16 2018 GMT',
+    'serialNumber': 'CB2D80995A69525C',
+    'subject': ((('countryName', 'XY'),),
+             (('localityName', 'Castle Anthrax'),),
+             (('organizationName', 'Python Software Foundation'),),
+             (('commonName', 'localhost'),)),
+    'subjectAltName': (('DNS', 'localhost'),),
+    'version': 3
+}
 
 SIGNED_CERTFILE2 = data_file("keycert4.pem")
 SIGNED_CERTFILE2_HOSTNAME = 'fakehostname'