Author: dsahlberg
Date: Sat Jun 21 13:29:19 2025
New Revision: 1926623
URL: http://svn.apache.org/viewvc?rev=1926623&view=rev
Log:
Make script compatible with Py3.
* test/certs/create_certs.py
(create_key): decode string when writing to file
(create_pkcs12): write file in binary mode
(create_crl): make sure arguments to crypto.Revoked().* are in ascii,
write the exported file in binary
(create_cert): crypto.X509Extension wants parameters in ascii,
decode the dumped certificate as utf-8 befor writing to file
(__main__): create_cert wants the passphrase as a byte array in ascii.
Patch by: Graham Leggett <minfrin>
Part of GitHub PR #7: https://github.com/apache/serf/pull/7
Modified:
serf/trunk/test/certs/create_certs.py
Modified: serf/trunk/test/certs/create_certs.py
URL:
http://svn.apache.org/viewvc/serf/trunk/test/certs/create_certs.py?rev=1926623&r1=1926622&r2=1926623&view=diff
==============================================================================
--- serf/trunk/test/certs/create_certs.py (original)
+++ serf/trunk/test/certs/create_certs.py Sat Jun 21 13:29:19 2025
@@ -49,10 +49,10 @@ def create_key(keyfile='', passphrase=No
if passphrase:
open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
key, KEY_CIPHER,
- passphrase))
+
passphrase).decode('utf-8'))
else:
open(keyfile, "wt").write(crypto.dump_privatekey(crypto.FILETYPE_PEM,
- key))
+ key).decode('utf-8'))
return key
@@ -62,7 +62,7 @@ def create_pkcs12(clientkey, clientcert,
pkcs12.set_certificate(clientcert)
pkcs12.set_privatekey(clientkey)
pkcs12.set_ca_certificates([issuer])
- open(pkcs12file, "wt").write(pkcs12.export(passphrase=passphrase,
+ open(pkcs12file, "wb").write(pkcs12.export(passphrase=passphrase,
iter=2048, maciter=2048))
def create_crl(revokedcert, cakey, cacert, crlfile, next_crl_days=VALID_DAYS):
@@ -73,9 +73,9 @@ def create_crl(revokedcert, cakey, cacer
now = datetime.utcnow()
now_str = now.strftime('%Y%m%d%H%M%SZ')
- revoked.set_serial(serial_number)
- revoked.set_reason('unspecified')
- revoked.set_rev_date(now_str) # revoked as of now
+ revoked.set_serial(serial_number.encode('ascii'))
+ revoked.set_reason(b'unspecified')
+ revoked.set_rev_date(now_str.encode('ascii')) # revoked as of now
crl.add_revoked(revoked)
try:
@@ -84,7 +84,7 @@ def create_crl(revokedcert, cakey, cacer
# Some very old versions of pyopenssl (such as the one on macOS)
# do not support the 'digest' keyword argument.
exported = crl.export(cacert, cakey, days=next_crl_days)
- open(crlfile, "wt").write(exported)
+ open(crlfile, "wb").write(exported)
# subjectAltName
def create_cert(subjectkey, certfile, issuer=None, issuerkey=None, country='',
@@ -122,41 +122,41 @@ def create_cert(subjectkey, certfile, is
if ca:
cert.add_extensions([
- crypto.X509Extension("basicConstraints", False,
- "CA:TRUE"),
- crypto.X509Extension("subjectKeyIdentifier", False, "hash",
+ crypto.X509Extension(b"basicConstraints", False,
+ b"CA:TRUE"),
+ crypto.X509Extension(b"subjectKeyIdentifier", False, b"hash",
subject=cert)
])
cert.add_extensions([
- crypto.X509Extension("authorityKeyIdentifier", False,
- "keyid:always", issuer=issuer)
+ crypto.X509Extension(b"authorityKeyIdentifier", False,
+ b"keyid:always", issuer=issuer)
])
if subjectAltName:
critical = True if not cn else False
cert.add_extensions([
- crypto.X509Extension('subjectAltName', critical, ",
".join(subjectAltName))])
+ crypto.X509Extension(b'subjectAltName', critical, ",
".join(subjectAltName).encode('ascii'))])
if ocsp_responder_url:
cert.add_extensions([
- crypto.X509Extension('authorityInfoAccess', False,
- 'OCSP;URI:' + ocsp_responder_url)])
+ crypto.X509Extension(b'authorityInfoAccess', False,
+ ('OCSP;URI:' +
ocsp_responder_url).encode('ascii'))])
if ocsp_signer:
cert.add_extensions([
- crypto.X509Extension('extendedKeyUsage', True, 'OCSPSigning')
+ crypto.X509Extension(b'extendedKeyUsage', True, b'OCSPSigning')
])
cert.sign(issuerkey, SIGN_ALGO)
open(certfile, "wt").write(crypto.dump_certificate(crypto.FILETYPE_PEM,
- cert))
+ cert).decode('utf-8'))
return cert
if __name__ == '__main__':
# root CA key pair and certificate.
# This key will be used to sign the intermediate CA certificate
- rootcakey = create_key('private/serfrootcakey.pem', 'serftest')
+ rootcakey = create_key('private/serfrootcakey.pem', b'serftest')
rootcacert = create_cert(subjectkey=rootcakey,
certfile='serfrootcacert.pem',
@@ -167,7 +167,7 @@ if __name__ == '__main__':
# intermediate CA key pair and certificate
# This key will be used to sign all server certificates
- cakey = create_key('private/serfcakey.pem', 'serftest')
+ cakey = create_key('private/serfcakey.pem', b'serftest')
cacert = create_cert(subjectkey=cakey, certfile='serfcacert.pem',
issuer=rootcacert, issuerkey=rootcakey,
@@ -178,7 +178,7 @@ if __name__ == '__main__':
# server key pair
# server certificate, no errors
- serverkey = create_key('private/serfserverkey.pem', 'serftest')
+ serverkey = create_key('private/serfserverkey.pem', b'serftest')
servercert = create_cert(subjectkey=serverkey,
certfile='serfservercert.pem',
@@ -243,7 +243,7 @@ if __name__ == '__main__':
ocsp_signer=True)
# client key pair and certificate
- clientkey = create_key('private/serfclientkey.pem', 'serftest')
+ clientkey = create_key('private/serfclientkey.pem', b'serftest')
clientcert = create_cert(subjectkey=clientkey,
certfile='serfclientcert.pem',
@@ -254,7 +254,7 @@ if __name__ == '__main__':
email='serfcli...@example.com')
clientpkcs12 = create_pkcs12(clientkey, clientcert, cacert,
- 'serfclientcert.p12', 'serftest')
+ 'serfclientcert.p12', b'serftest')
# Note that this creates a v1 CRL file without extensions set, and with
# MD5 hash. Not ideal, but pyOpenSSL doesn't support more than this.
