Merge pull request scrapy#4761 from Gallaecio/on-the-fly-certificates

Generate localhost keys for tests on the fly
keviler · Sep 2, 2020 · c1cc3f2 · c1cc3f2
2 parents 307e35c + dd378b4
commit c1cc3f2
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 48 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,6 +16,8 @@ htmlcov/
 .coverage.*
 .cache/
 .mypy_cache/
+/tests/keys/localhost.crt
+/tests/keys/localhost.key
 
 # Windows
 Thumbs.db
diff --git a/conftest.py b/conftest.py
@@ -2,6 +2,8 @@
 
 import pytest
 
+from tests.keys import generate_keys
+
 
 def _py_files(folder):
     return (str(p) for p in Path(folder).rglob('*.py'))
@@ -51,3 +53,7 @@ def reactor_pytest(request):
 def only_asyncio(request, reactor_pytest):
     if request.node.get_closest_marker('only_asyncio') and reactor_pytest != 'asyncio':
         pytest.skip('This test is only run with --reactor=asyncio')
+
+
+# Generate localhost certificate files, needed by some tests
+generate_keys()
diff --git a/tests/keys/__init__.py b/tests/keys/__init__.py
@@ -0,0 +1,63 @@
+import os
+from datetime import datetime, timedelta
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives.hashes import SHA256
+from cryptography.hazmat.primitives.serialization import (
+    Encoding,
+    NoEncryption,
+    PrivateFormat,
+)
+from cryptography.x509 import (
+    CertificateBuilder,
+    DNSName,
+    Name,
+    NameAttribute,
+    random_serial_number,
+    SubjectAlternativeName,
+)
+from cryptography.x509.oid import NameOID
+
+
+# https://cryptography.io/en/latest/x509/tutorial/#creating-a-self-signed-certificate
+def generate_keys():
+    folder = os.path.dirname(__file__)
+
+    key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=2048,
+        backend=default_backend(),
+    )
+    with open(os.path.join(folder, 'localhost.key'), "wb") as f:
+        f.write(
+            key.private_bytes(
+                encoding=Encoding.PEM,
+                format=PrivateFormat.TraditionalOpenSSL,
+                encryption_algorithm=NoEncryption(),
+            )
+        )
+
+    subject = issuer = Name(
+        [
+            NameAttribute(NameOID.COUNTRY_NAME, u"IE"),
+            NameAttribute(NameOID.ORGANIZATION_NAME, u"Scrapy"),
+            NameAttribute(NameOID.COMMON_NAME, u"localhost"),
+        ]
+    )
+    cert = (
+        CertificateBuilder()
+        .subject_name(subject)
+        .issuer_name(issuer)
+        .public_key(key.public_key())
+        .serial_number(random_serial_number())
+        .not_valid_before(datetime.utcnow())
+        .not_valid_after(datetime.utcnow() + timedelta(days=10))
+        .add_extension(
+            SubjectAlternativeName([DNSName(u"localhost")]),
+            critical=False,
+        )
+        .sign(key, SHA256(), default_backend())
+    )
+    with open(os.path.join(folder, 'localhost.crt'), "wb") as f:
+        f.write(cert.public_bytes(Encoding.PEM))
diff --git a/tests/keys/localhost.crt b/tests/keys/localhost.crt
diff --git a/tests/keys/localhost.key b/tests/keys/localhost.key