def _generate_cert(server_name,
not_valid_before,
not_valid_after,
key=RSA_KEY_512_RAW):
"""
Generate a self-signed certificate for test purposes.
:param str server_name: The SAN the certificate should have.
:param ~datetime.datetime not_valid_before: Valid from this moment.
:param ~datetime.datetime not_valid_after: Expiry time.
:param key: The private key.
:rtype: `str`
:return: The certificate in PEM format.
"""
common_name = (u'san.too.long.invalid'
if len(server_name) > 64 else server_name)
name = x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, common_name)])
cert = (x509.CertificateBuilder().subject_name(name).issuer_name(
name).not_valid_before(
not_valid_before).not_valid_after(not_valid_after).serial_number(
int(uuid.uuid4())).public_key(key.public_key()).add_extension(
x509.SubjectAlternativeName([x509.DNSName(server_name)]),
critical=False).sign(private_key=key,
algorithm=hashes.SHA256(),
backend=default_backend()))
return [
Certificate(cert.public_bytes(serialization.Encoding.PEM)),
RSAPrivateKey(
key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())),
]
def got_cert(certr):
objects.append(
Certificate(
x509.load_der_x509_certificate(
certr.body, default_backend())
.public_bytes(serialization.Encoding.PEM)))
return certr
def pem_objects(draw):
"""
Strategy for generating ``pem`` objects.
"""
key = RSAPrivateKey((b'-----BEGIN RSA PRIVATE KEY-----\n' +
encodebytes(draw(s.binary(min_size=1))) +
b'-----END RSA PRIVATE KEY-----\n'))
return [key] + [
Certificate((b'-----BEGIN CERTIFICATE-----\n' + encodebytes(cert) +
b'-----END CERTIFICATE-----\n'))
for cert in draw(s.lists(s.binary(min_size=1), min_size=1))
]