mitmproxy/test/netlib/data/verificationcerts/generate.py
Thomas Kriechbaumer e2447406cc more style cleanup
2016-05-29 13:43:20 +02:00

67 lines
1.4 KiB
Python

"""
Generate SSL test certificates.
"""
import subprocess
import shlex
import os
import shutil
ROOT_CA = "trusted-root"
SUBJECT = "/CN=example.mitmproxy.org/"
def do(args):
print("> %s" % args)
args = shlex.split(args)
output = subprocess.check_output(args)
return output
def genrsa(cert):
do("openssl genrsa -out {cert}.key 2048".format(cert=cert))
def sign(cert):
do("openssl x509 -req -in {cert}.csr "
"-CA {root_ca}.crt "
"-CAkey {root_ca}.key "
"-CAcreateserial "
"-days 1024 "
"-out {cert}.crt".format(root_ca=ROOT_CA, cert=cert)
)
def mkcert(cert, args):
genrsa(cert)
do("openssl req -new -nodes -batch "
"-key {cert}.key "
"{args} "
"-out {cert}.csr".format(cert=cert, args=args)
)
sign(cert)
os.remove("{cert}.csr".format(cert=cert))
# create trusted root CA
genrsa("trusted-root")
do("openssl req -x509 -new -nodes -batch "
"-key trusted-root.key "
"-days 1024 "
"-out trusted-root.crt"
)
h = do("openssl x509 -hash -noout -in trusted-root.crt").decode("ascii").strip()
shutil.copyfile("trusted-root.crt", "{}.0".format(h))
# create trusted leaf cert.
mkcert("trusted-leaf", "-subj {}".format(SUBJECT))
# create self-signed cert
genrsa("self-signed")
do("openssl req -x509 -new -nodes -batch "
"-key self-signed.key "
"-subj {} "
"-days 1024 "
"-out self-signed.crt".format(SUBJECT)
)