Lib/test/certdata: do not hardcode reference cert data into tests

The script was simply printing the reference data and asking
users to update it by hand into the test suites. This can
be easily improved by writing the data into files and
having the test cases load the files.

Signed-off-by: Alexander Kanavin <[email protected]>

Author: kanavin

Lib/test/certdata/make_ssl_certs.py

@@ -219,9 +219,12 @@ def make_ca():
     shutil.copy('capath/ceff1710.0', 'capath/b1930218.0')
 
 
-def print_cert(path):
+def write_cert_reference(path):
     import _ssl
-    pprint.pprint(_ssl._test_decode_cert(path))
+    refdata = pprint.pformat(_ssl._test_decode_cert(path))
+    print(refdata)
+    with open(path + '.reference', 'w') as f:
+        f.write(refdata)
 
 
 if __name__ == '__main__':
@@ -308,6 +311,6 @@ def print_cert(path):
         f.write(cert)
 
     unmake_ca()
-    print("update Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py")
-    print_cert('keycert.pem')
-    print_cert('keycert3.pem')
+    print("Writing out reference data for Lib/test/test_ssl.py and Lib/test/test_asyncio/utils.py")
+    write_cert_reference('keycert.pem')
+    write_cert_reference('keycert3.pem')

Lib/test/test_asyncio/utils.py

@@ -56,24 +56,7 @@ def data_file(*filename):
 ONLYKEY = data_file('certdata', 'ssl_key.pem')
 SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem')
 SIGNING_CA = data_file('certdata', 'pycacert.pem')
-PEERCERT = {
-    'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
-    'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
-    'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
-    'issuer': ((('countryName', 'XY'),),
-            (('organizationName', 'Python Software Foundation CA'),),
-            (('commonName', 'our-ca-server'),)),
-    'notAfter': 'Oct 28 14:23:16 2037 GMT',
-    'notBefore': 'Aug 29 14:23:16 2018 GMT',
-    'serialNumber': 'CB2D80995A69525C',
-    'subject': ((('countryName', 'XY'),),
-             (('localityName', 'Castle Anthrax'),),
-             (('organizationName', 'Python Software Foundation'),),
-             (('commonName', 'localhost'),)),
-    'subjectAltName': (('DNS', 'localhost'),),
-    'version': 3
-}
-
+PEERCERT = eval(open(data_file('certdata', 'keycert3.pem.reference')).read())
 
 def simple_server_sslcontext():
     server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)

Lib/test/test_ssl.py

@@ -82,21 +82,7 @@ def data_file(*name):
 CAFILE_NEURONIO = data_file("capath", "4e1295a3.0")
 CAFILE_CACERT = data_file("capath", "5ed36f99.0")
 
-CERTFILE_INFO = {
-    'issuer': ((('countryName', 'XY'),),
-               (('localityName', 'Castle Anthrax'),),
-               (('organizationName', 'Python Software Foundation'),),
-               (('commonName', 'localhost'),)),
-    'notAfter': 'Jan 24 04:21:36 2043 GMT',
-    'notBefore': 'Nov 25 04:21:36 2023 GMT',
-    'serialNumber': '53E14833F7546C29256DD0F034F776C5E983004C',
-    'subject': ((('countryName', 'XY'),),
-             (('localityName', 'Castle Anthrax'),),
-             (('organizationName', 'Python Software Foundation'),),
-             (('commonName', 'localhost'),)),
-    'subjectAltName': (('DNS', 'localhost'),),
-    'version': 3
-}
+CERTFILE_INFO = eval(open(data_file('keycert.pem.reference')).read())
 
 # empty CRL
 CRLFILE = data_file("revocation.crl")
@@ -105,23 +91,7 @@ def data_file(*name):
 SIGNED_CERTFILE = data_file("keycert3.pem")
 SIGNED_CERTFILE_HOSTNAME = 'localhost'
 
-SIGNED_CERTFILE_INFO = {
-    'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
-    'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
-    'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
-    'issuer': ((('countryName', 'XY'),),
-            (('organizationName', 'Python Software Foundation CA'),),
-            (('commonName', 'our-ca-server'),)),
-    'notAfter': 'Oct 28 14:23:16 2037 GMT',
-    'notBefore': 'Aug 29 14:23:16 2018 GMT',
-    'serialNumber': 'CB2D80995A69525C',
-    'subject': ((('countryName', 'XY'),),
-             (('localityName', 'Castle Anthrax'),),
-             (('organizationName', 'Python Software Foundation'),),
-             (('commonName', 'localhost'),)),
-    'subjectAltName': (('DNS', 'localhost'),),
-    'version': 3
-}
+SIGNED_CERTFILE_INFO = eval(open(data_file('keycert3.pem.reference')).read())
 
 SIGNED_CERTFILE2 = data_file("keycert4.pem")
 SIGNED_CERTFILE2_HOSTNAME = 'fakehostname'