mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-12-12 15:17:45 +00:00
67 lines
1.4 KiB
Python
67 lines
1.4 KiB
Python
"""
|
|
Generate SSL test certificates.
|
|
"""
|
|
import subprocess
|
|
import shlex
|
|
import os
|
|
import shutil
|
|
|
|
|
|
ROOT_CA = "trusted-root"
|
|
SUBJECT = "/CN=example.mitmproxy.org/"
|
|
|
|
|
|
def do(args):
|
|
print("> %s" % args)
|
|
args = shlex.split(args)
|
|
output = subprocess.check_output(args)
|
|
return output
|
|
|
|
|
|
def genrsa(cert):
|
|
do("openssl genrsa -out {cert}.key 2048".format(cert=cert))
|
|
|
|
|
|
def sign(cert):
|
|
do("openssl x509 -req -in {cert}.csr "
|
|
"-CA {root_ca}.crt "
|
|
"-CAkey {root_ca}.key "
|
|
"-CAcreateserial "
|
|
"-days 1024 "
|
|
"-out {cert}.crt".format(root_ca=ROOT_CA, cert=cert)
|
|
)
|
|
|
|
|
|
def mkcert(cert, args):
|
|
genrsa(cert)
|
|
do("openssl req -new -nodes -batch "
|
|
"-key {cert}.key "
|
|
"{args} "
|
|
"-out {cert}.csr".format(cert=cert, args=args)
|
|
)
|
|
sign(cert)
|
|
os.remove("{cert}.csr".format(cert=cert))
|
|
|
|
|
|
# create trusted root CA
|
|
genrsa("trusted-root")
|
|
do("openssl req -x509 -new -nodes -batch "
|
|
"-key trusted-root.key "
|
|
"-days 1024 "
|
|
"-out trusted-root.crt"
|
|
)
|
|
h = do("openssl x509 -hash -noout -in trusted-root.crt").decode("ascii").strip()
|
|
shutil.copyfile("trusted-root.crt", "{}.0".format(h))
|
|
|
|
# create trusted leaf cert.
|
|
mkcert("trusted-leaf", "-subj {}".format(SUBJECT))
|
|
|
|
# create self-signed cert
|
|
genrsa("self-signed")
|
|
do("openssl req -x509 -new -nodes -batch "
|
|
"-key self-signed.key "
|
|
"-subj {} "
|
|
"-days 1024 "
|
|
"-out self-signed.crt".format(SUBJECT)
|
|
)
|