Author: dsahlberg
Date: Sat Jun 21 09:31:09 2025
New Revision: 1926615
URL: http://svn.apache.org/viewvc?rev=1926615&view=rev
Log:
Remove inconsistent trailing witespace. No functional change.
* test/certs/create_certs.py
(*): As above
Modified:
serf/trunk/test/certs/create_certs.py
Modified: serf/trunk/test/certs/create_certs.py
URL:
http://svn.apache.org/viewvc/serf/trunk/test/certs/create_certs.py?rev=1926615&r1=1926614&r2=1926615&view=diff
==============================================================================
--- serf/trunk/test/certs/create_certs.py (original)
+++ serf/trunk/test/certs/create_certs.py Sat Jun 21 09:31:09 2025
@@ -9,9 +9,9 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -21,9 +21,9 @@
# ===================================================================
#
-# This script creates the private keys and certificates required for
+# This script creates the private keys and certificates required for
# running the serf test suite.
-#
+#
# It should be run from the test/certs folder without arguments.
# Certificates will be created in the test/certs folder, private keys in the
# test/certs/private folder.
@@ -47,11 +47,11 @@ def create_key(keyfile='', passphrase=No
key = crypto.PKey()
key.generate_key(KEY_ALGO, KEY_SIZE)
if passphrase:
- open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
- key, KEY_CIPHER,
+ open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+ key, KEY_CIPHER,
passphrase))
else:
- open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
+ open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
key))
return key
@@ -62,7 +62,7 @@ def create_pkcs12(clientkey, clientcert,
pkcs12.set_certificate(clientcert)
pkcs12.set_privatekey(clientkey)
pkcs12.set_ca_certificates([issuer])
- open(pkcs12file, "wt").write(pkcs12.export(passphrase=passphrase,
+ open(pkcs12file, "wt").write(pkcs12.export(passphrase=passphrase,
iter=2048, maciter=2048))
def create_crl(revokedcert, cakey, cacert, crlfile, next_crl_days=VALID_DAYS):
@@ -87,13 +87,13 @@ def create_crl(revokedcert, cakey, cacer
open(crlfile, "wt").write(exported)
# subjectAltName
-def create_cert(subjectkey, certfile, issuer=None, issuerkey=None, country='',
- state='', city='', org='', ou='', cn='', email='', ca=False,
+def create_cert(subjectkey, certfile, issuer=None, issuerkey=None, country='',
+ state='', city='', org='', ou='', cn='', email='', ca=False,
valid_before=0, days_valid=VALID_DAYS, subjectAltName=None,
ocsp_responder_url=None, ocsp_signer=False):
'''
Create a X509 signed certificate.
-
+
subjectAltName
Array of fully qualified subject alternative names (use OpenSSL
syntax):
For a DNS entry, use: ['DNS:localhost']. Other options are 'email',
'URI', 'IP'.
@@ -103,15 +103,15 @@ def create_cert(subjectkey, certfile, is
cert.set_version(3-1) # version 3, starts at 0
cert.get_subject().C = country
cert.get_subject().ST = state
- cert.get_subject().L = city
- cert.get_subject().O = org
+ cert.get_subject().L = city
+ cert.get_subject().O = org
cert.get_subject().OU = ou
if cn:
cert.get_subject().CN = cn
cert.get_subject().emailAddress = email
cert.set_serial_number(SERIAL_NUMBER)
cert.set_pubkey(subjectkey)
-
+
cert.gmtime_adj_notBefore(valid_before * 24 * 3600)
cert.gmtime_adj_notAfter(days_valid * 24 * 3600)
@@ -119,7 +119,7 @@ def create_cert(subjectkey, certfile, is
issuer = cert # self signed
issuerkey = subjectkey
cert.set_issuer(issuer.get_subject())
-
+
if ca:
cert.add_extensions([
crypto.X509Extension("basicConstraints", False,
@@ -128,7 +128,7 @@ def create_cert(subjectkey, certfile, is
subject=cert)
])
cert.add_extensions([
- crypto.X509Extension("authorityKeyIdentifier", False,
+ crypto.X509Extension("authorityKeyIdentifier", False,
"keyid:always", issuer=issuer)
])
@@ -149,7 +149,7 @@ def create_cert(subjectkey, certfile, is
cert.sign(issuerkey, SIGN_ALGO)
- open(certfile, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM,
+ open(certfile, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM,
cert))
return cert
@@ -158,11 +158,11 @@ if __name__ == '__main__':
# This key will be used to sign the intermediate CA certificate
rootcakey = create_key('private/serfrootcakey.pem', 'serftest')
- rootcacert = create_cert(subjectkey=rootcakey,
+ rootcacert = create_cert(subjectkey=rootcakey,
certfile='serfrootcacert.pem',
- country='BE', state='Antwerp', city='Mechelen',
- org='In Serf we trust, Inc.',
- ou='Test Suite Root CA', cn='Serf Root CA',
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Root CA', cn='Serf Root CA',
email='serfroo...@example.com', ca=True)
# intermediate CA key pair and certificate
@@ -171,40 +171,40 @@ if __name__ == '__main__':
cacert = create_cert(subjectkey=cakey, certfile='serfcacert.pem',
issuer=rootcacert, issuerkey=rootcakey,
- country='BE', state='Antwerp', city='Mechelen',
- org='In Serf we trust, Inc.',
- ou='Test Suite CA', cn='Serf CA',
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite CA', cn='Serf CA',
email='ser...@example.com', ca=True)
# server key pair
# server certificate, no errors
serverkey = create_key('private/serfserverkey.pem', 'serftest')
- servercert = create_cert(subjectkey=serverkey,
+ servercert = create_cert(subjectkey=serverkey,
certfile='serfservercert.pem',
issuer=cacert, issuerkey=cakey,
- country='BE', state='Antwerp', city='Mechelen',
- org='In Serf we trust, Inc.',
- ou='Test Suite Server', cn='localhost',
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server', cn='localhost',
email='serfser...@example.com')
# server certificate that expired a year ago
- expiredcert = create_cert(subjectkey=serverkey,
+ expiredcert = create_cert(subjectkey=serverkey,
certfile='serfserver_expired_cert.pem',
issuer=cacert, issuerkey=cakey,
- country='BE', state='Antwerp', city='Mechelen',
- org='In Serf we trust, Inc.',
- ou='Test Suite Server', cn='localhost',
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server', cn='localhost',
email='serfser...@example.com',
days_valid=-365)
# server certificate that will be valid in 10 years
- expiredcert = create_cert(subjectkey=serverkey,
+ expiredcert = create_cert(subjectkey=serverkey,
certfile='serfserver_future_cert.pem',
issuer=cacert, issuerkey=cakey,
country='BE', state='Antwerp', city='Mechelen',
- org='In Serf we trust, Inc.',
- ou='Test Suite Server', cn='localhost',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Server', cn='localhost',
email='serfser...@example.com',
valid_before=10*365)
@@ -245,19 +245,19 @@ if __name__ == '__main__':
# client key pair and certificate
clientkey = create_key('private/serfclientkey.pem', 'serftest')
- clientcert = create_cert(subjectkey=clientkey,
+ clientcert = create_cert(subjectkey=clientkey,
certfile='serfclientcert.pem',
issuer=cacert, issuerkey=cakey,
- country='BE', state='Antwerp', city='Mechelen',
- org='In Serf we trust, Inc.',
- ou='Test Suite Client', cn='Serf Client',
+ country='BE', state='Antwerp', city='Mechelen',
+ org='In Serf we trust, Inc.',
+ ou='Test Suite Client', cn='Serf Client',
email='serfcli...@example.com')
- clientpkcs12 = create_pkcs12(clientkey, clientcert, cacert,
+ clientpkcs12 = create_pkcs12(clientkey, clientcert, cacert,
'serfclientcert.p12', 'serftest')
- # Note that this creates a v1 CRL file without extensions set, and with
+ # Note that this creates a v1 CRL file without extensions set, and with
# MD5 hash. Not ideal, but pyOpenSSL doesn't support more than this.
- #
+ #
# crl
crl = create_crl(servercert, cakey, cacert, 'serfservercrl.pem')
