Hello community, here is the log from the commit of package python-trustme for openSUSE:Factory checked in at 2020-02-14 16:25:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-trustme (Old) and /work/SRC/openSUSE:Factory/.python-trustme.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-trustme" Fri Feb 14 16:25:12 2020 rev:5 rq:772472 version:0.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-trustme/python-trustme.changes 2019-06-07 12:18:20.468790935 +0200 +++ /work/SRC/openSUSE:Factory/.python-trustme.new.26092/python-trustme.changes 2020-02-14 16:25:15.079186639 +0100 @@ -1,0 +2,8 @@ +Fri Feb 7 15:33:14 UTC 2020 - Marketa Calabkova <[email protected]> + +- update to 0.6.0 + * Allow specifying organization and organization unit in CA and issued certs + * Added attr CA.from_pem to import an existing certificate authority; + this allows migrating to trustme step-by-step. + +------------------------------------------------------------------- Old: ---- trustme-0.5.2.tar.gz New: ---- trustme-0.6.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-trustme.spec ++++++ --- /var/tmp/diff_new_pack.25vZLK/_old 2020-02-14 16:25:15.619186931 +0100 +++ /var/tmp/diff_new_pack.25vZLK/_new 2020-02-14 16:25:15.623186934 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-trustme # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-trustme -Version: 0.5.2 +Version: 0.6.0 Release: 0 Summary: Fake CA provider for Python tests License: MIT OR Apache-2.0 ++++++ trustme-0.5.2.tar.gz -> trustme-0.6.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/PKG-INFO new/trustme-0.6.0/PKG-INFO --- old/trustme-0.5.2/PKG-INFO 2019-06-03 11:16:52.000000000 +0200 +++ new/trustme-0.6.0/PKG-INFO 2019-12-19 15:06:58.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: trustme -Version: 0.5.2 +Version: 0.6.0 Summary: #1 quality TLS certs while you wait, for the discerning tester Home-page: https://github.com/python-trio/trustme Author: Nathaniel J. Smith @@ -126,6 +126,8 @@ Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 Classifier: Topic :: System :: Networking Classifier: Topic :: Security :: Cryptography Classifier: Topic :: Software Development :: Testing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/docs/source/conf.py new/trustme-0.6.0/docs/source/conf.py --- old/trustme-0.5.2/docs/source/conf.py 2018-12-29 09:00:28.000000000 +0100 +++ new/trustme-0.6.0/docs/source/conf.py 2019-12-19 15:04:58.000000000 +0100 @@ -49,7 +49,7 @@ intersphinx_mapping = { "python": ('https://docs.python.org/3', None), - "pyopenssl": ('https://pyopenssl.org/en/stable/', None), + "pyopenssl": ('https://www.pyopenssl.org/en/stable/', None), "trio": ('https://trio.readthedocs.io/en/latest/', None), } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/docs/source/index.rst new/trustme-0.6.0/docs/source/index.rst --- old/trustme-0.5.2/docs/source/index.rst 2019-06-03 11:12:45.000000000 +0200 +++ new/trustme-0.6.0/docs/source/index.rst 2019-12-19 15:04:58.000000000 +0100 @@ -50,6 +50,24 @@ .. towncrier release notes start +Trustme 0.6.0 (2019-12-19) +-------------------------- + +Features +~~~~~~~~ + +- Allow specifying organization and organization unit in CA and issued certs. (`#126 <https://github.com/python-trio/trustme/issues/126>`__) + + +Trustme 0.5.3 (2019-10-31) +-------------------------- + +Features +~~~~~~~~ + +- Added :attr:`CA.from_pem` to import an existing certificate authority; this allows migrating to trustme step-by-step. (`#107 <https://github.com/python-trio/trustme/issues/107>`__) + + Trustme 0.5.2 (2019-06-03) -------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/setup.py new/trustme-0.6.0/setup.py --- old/trustme-0.5.2/setup.py 2018-12-29 09:00:20.000000000 +0100 +++ new/trustme-0.6.0/setup.py 2019-12-19 15:04:58.000000000 +0100 @@ -33,6 +33,8 @@ "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", "Topic :: System :: Networking", "Topic :: Security :: Cryptography", "Topic :: Software Development :: Testing", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/test-requirements.txt new/trustme-0.6.0/test-requirements.txt --- old/trustme-0.5.2/test-requirements.txt 2019-06-03 11:11:17.000000000 +0200 +++ new/trustme-0.6.0/test-requirements.txt 2019-12-19 15:04:58.000000000 +0100 @@ -4,27 +4,26 @@ # # pip-compile test-requirements.in # -asn1crypto==0.24.0 # via cryptography atomicwrites==1.3.0 # via pytest -attrs==19.1.0 # via pytest, service-identity -cffi==1.12.3 # via cryptography -coverage==4.5.3 # via pytest-cov -cryptography==2.7 +attrs==19.3.0 # via pytest, service-identity +cffi==1.13.2 # via cryptography +coverage==5.0 # via pytest-cov +cryptography==2.8 futures==3.1.1 idna==2.8 -importlib-metadata==0.17 # via pluggy, pytest +importlib-metadata==1.3.0 # via pytest more-itertools==5.0.0 -packaging==19.0 # via pytest -pluggy==0.12.0 # via pytest +packaging==19.2 # via pytest +pluggy==0.13.1 # via pytest py==1.8.0 # via pytest -pyasn1-modules==0.2.5 # via service-identity -pyasn1==0.4.5 # via pyasn1-modules, service-identity +pyasn1-modules==0.2.7 # via service-identity +pyasn1==0.4.8 # via pyasn1-modules, service-identity pycparser==2.19 # via cffi -pyopenssl==19.0.0 -pyparsing==2.4.0 # via packaging -pytest-cov==2.7.1 -pytest==4.6.1 +pyopenssl==19.1.0 +pyparsing==2.4.5 # via packaging +pytest-cov==2.8.1 +pytest==4.6.3 service-identity==18.1.0 -six==1.12.0 # via cryptography, more-itertools, packaging, pyopenssl, pytest +six==1.13.0 # via cryptography, more-itertools, packaging, pyopenssl, pytest wcwidth==0.1.7 # via pytest -zipp==0.5.1 # via importlib-metadata +zipp==0.6.0 # via importlib-metadata diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/tests/test_trustme.py new/trustme-0.6.0/tests/test_trustme.py --- old/trustme-0.5.2/tests/test_trustme.py 2019-01-22 06:07:24.000000000 +0100 +++ new/trustme-0.6.0/tests/test_trustme.py 2019-12-19 15:04:58.000000000 +0100 @@ -94,6 +94,48 @@ assert hostnames == [u"test-1.example.org", u"test-2.example.org"] +def test_ca_custom_names(): + ca = CA( + organization_name=u'python-trio', + organization_unit_name=u'trustme', + ) + + ca_cert = x509.load_pem_x509_certificate( + ca.cert_pem.bytes(), + default_backend(), + ) + + assert { + 'O=python-trio', + 'OU=trustme', + }.issubset({ + rdn.rfc4514_string() + for rdn in ca_cert.subject.rdns + }) + + +def test_issue_cert_custom_names(): + ca = CA() + leaf_cert = ca.issue_cert( + u'example.org', + organization_name=u'python-trio', + organization_unit_name=u'trustme', + ) + + cert = x509.load_pem_x509_certificate( + leaf_cert.cert_chain_pems[0].bytes(), + default_backend(), + ) + + assert { + 'O=python-trio', + 'OU=trustme', + }.issubset({ + rdn.rfc4514_string() + for rdn in cert.subject.rdns + }) + + def test_intermediate(): ca = CA() ca_cert = x509.load_pem_x509_certificate( @@ -180,6 +222,12 @@ with open(path, "rb") as f: assert f.read() == test_data +def test_ca_from_pem(tmpdir): + ca1 = trustme.CA() + ca2 = trustme.CA.from_pem(ca1.cert_pem.bytes(), ca1.private_key_pem.bytes()) + assert ca1._certificate == ca2._certificate + assert ca1.private_key_pem.bytes() == ca2.private_key_pem.bytes() + def check_connection_end_to_end(wrap_client, wrap_server): # Client side diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/trustme/__init__.py new/trustme-0.6.0/trustme/__init__.py --- old/trustme-0.5.2/trustme/__init__.py 2019-06-03 11:11:17.000000000 +0200 +++ new/trustme-0.6.0/trustme/__init__.py 2019-12-19 15:04:58.000000000 +0100 @@ -19,6 +19,7 @@ ) from cryptography.x509.oid import ExtendedKeyUsageOID, NameOID from cryptography.hazmat.primitives.serialization import Encoding +from cryptography.hazmat.primitives.serialization import load_pem_private_key from ._version import __version__ @@ -37,10 +38,11 @@ _KEY_SIZE = 2048 -def _name(name, common_name=None): +def _name(name, organization_name=None, common_name=None): name_pieces = [ x509.NameAttribute( - NameOID.ORGANIZATION_NAME, u"trustme v{}".format(__version__) + NameOID.ORGANIZATION_NAME, + organization_name or u"trustme v{}".format(__version__), ), x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, name), ] @@ -202,7 +204,13 @@ class CA(object): """A certificate authority.""" - def __init__(self, parent_cert=None, path_length=9): + def __init__( + self, + parent_cert=None, + path_length=9, + organization_name=None, + organization_unit_name=None, + ): self.parent_cert = parent_cert self._private_key = rsa.generate_private_key( public_exponent=65537, @@ -211,7 +219,10 @@ ) self._path_length = path_length - name = _name(u"Testing CA #" + random_text()) + name = _name( + organization_unit_name or u"Testing CA #" + random_text(), + organization_name=organization_name, + ) issuer = name sign_key = self._private_key if self.parent_cert is not None: @@ -286,7 +297,8 @@ return CA(parent_cert=self, path_length=path_length) def issue_cert(self, *identities, **kwargs): - """issue_cert(*identities, common_name=None) + """issue_cert(*identities, common_name=None, organization_name=None, \ + organization_unit_name=None) Issues a certificate. The certificate can be used for either servers or clients. @@ -320,11 +332,21 @@ But it might be useful if you need to test how your software handles legacy or buggy certificates. + organization_name: Sets the "Organization Name" (O) attribute on the + certificate. By default, it will be "trustme" suffixed with a + version number. + + organization_unit_name: Sets the "Organization Unit Name" (OU) + attribute on the certificate. By default, a random one will be + generated. + Returns: LeafCert: the newly-generated certificate. """ common_name = kwargs.pop("common_name", None) + organization_name = kwargs.pop("organization_name", None) + organization_unit_name = kwargs.pop("organization_unit_name", None) if kwargs: raise TypeError("unrecognized keyword arguments {}".format(kwargs)) @@ -354,7 +376,9 @@ cert = ( _cert_builder_common( _name( - u"Testing cert #" + random_text(), common_name=common_name + organization_unit_name or u"Testing cert #" + random_text(), + organization_name=organization_name, + common_name=common_name, ), self._certificate.subject, key.public_key(), @@ -419,6 +443,25 @@ "unrecognized context type {!r}" .format(ctx.__class__.__name__)) + @classmethod + def from_pem(cls, cert_bytes, private_key_bytes): + """Build a CA from existing cert and private key. + + This is useful if your test suite has an existing certificate authority and + you're not ready to switch completely to trustme just yet. + + Args: + cert_bytes (bytes): The bytes of the certificate in PEM format + private_key_bytes (bytes): The bytes of the private key in PEM format + """ + ca = cls() + ca.parent_cert = None + ca._certificate = x509.load_pem_x509_certificate( + cert_bytes, backend=default_backend()) + ca._private_key = load_pem_private_key( + private_key_bytes, password=None, backend=default_backend()) + return ca + class LeafCert(object): """A server or client certificate. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/trustme/_version.py new/trustme-0.6.0/trustme/_version.py --- old/trustme-0.5.2/trustme/_version.py 2019-06-03 11:12:29.000000000 +0200 +++ new/trustme-0.6.0/trustme/_version.py 2019-12-19 15:04:58.000000000 +0100 @@ -1 +1 @@ -__version__ = "0.5.2" +__version__ = "0.6.0" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.2/trustme.egg-info/PKG-INFO new/trustme-0.6.0/trustme.egg-info/PKG-INFO --- old/trustme-0.5.2/trustme.egg-info/PKG-INFO 2019-06-03 11:16:52.000000000 +0200 +++ new/trustme-0.6.0/trustme.egg-info/PKG-INFO 2019-12-19 15:06:58.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: trustme -Version: 0.5.2 +Version: 0.6.0 Summary: #1 quality TLS certs while you wait, for the discerning tester Home-page: https://github.com/python-trio/trustme Author: Nathaniel J. Smith @@ -126,6 +126,8 @@ Classifier: Programming Language :: Python :: 3 Classifier: Programming Language :: Python :: 3.5 Classifier: Programming Language :: Python :: 3.6 +Classifier: Programming Language :: Python :: 3.7 +Classifier: Programming Language :: Python :: 3.8 Classifier: Topic :: System :: Networking Classifier: Topic :: Security :: Cryptography Classifier: Topic :: Software Development :: Testing
