pythongh-108303: Move all certificates to Lib/test/certdata/ (pytho…

…n#109489)
miss-islington · Sep 16, 2023 · e57ecf6 · e57ecf6
1 parent 929cc4e
commit e57ecf6
Show file tree

Hide file tree

Showing 41 changed files with 31 additions and 28 deletions.
diff --git a/Lib/test/allsans.pem → Lib/test/certdata/allsans.pem b/Lib/test/allsans.pem → Lib/test/certdata/allsans.pem
diff --git a/Lib/test/badcert.pem → Lib/test/certdata/badcert.pem b/Lib/test/badcert.pem → Lib/test/certdata/badcert.pem
diff --git a/Lib/test/badkey.pem → Lib/test/certdata/badkey.pem b/Lib/test/badkey.pem → Lib/test/certdata/badkey.pem
diff --git a/Lib/test/capath/4e1295a3.0 → Lib/test/certdata/capath/4e1295a3.0 b/Lib/test/capath/4e1295a3.0 → Lib/test/certdata/capath/4e1295a3.0
diff --git a/Lib/test/capath/5ed36f99.0 → Lib/test/certdata/capath/5ed36f99.0 b/Lib/test/capath/5ed36f99.0 → Lib/test/certdata/capath/5ed36f99.0
diff --git a/Lib/test/capath/6e88d7b8.0 → Lib/test/certdata/capath/6e88d7b8.0 b/Lib/test/capath/6e88d7b8.0 → Lib/test/certdata/capath/6e88d7b8.0
diff --git a/Lib/test/capath/99d0fa06.0 → Lib/test/certdata/capath/99d0fa06.0 b/Lib/test/capath/99d0fa06.0 → Lib/test/certdata/capath/99d0fa06.0
diff --git a/Lib/test/capath/b1930218.0 → Lib/test/certdata/capath/b1930218.0 b/Lib/test/capath/b1930218.0 → Lib/test/certdata/capath/b1930218.0
diff --git a/Lib/test/capath/ceff1710.0 → Lib/test/certdata/capath/ceff1710.0 b/Lib/test/capath/ceff1710.0 → Lib/test/certdata/capath/ceff1710.0
diff --git a/Lib/test/ffdh3072.pem → Lib/test/certdata/ffdh3072.pem b/Lib/test/ffdh3072.pem → Lib/test/certdata/ffdh3072.pem
diff --git a/Lib/test/idnsans.pem → Lib/test/certdata/idnsans.pem b/Lib/test/idnsans.pem → Lib/test/certdata/idnsans.pem
diff --git a/Lib/test/keycert.passwd.pem → Lib/test/certdata/keycert.passwd.pem b/Lib/test/keycert.passwd.pem → Lib/test/certdata/keycert.passwd.pem
diff --git a/Lib/test/keycert.pem → Lib/test/certdata/keycert.pem b/Lib/test/keycert.pem → Lib/test/certdata/keycert.pem
diff --git a/Lib/test/keycert2.pem → Lib/test/certdata/keycert2.pem b/Lib/test/keycert2.pem → Lib/test/certdata/keycert2.pem
diff --git a/Lib/test/keycert3.pem → Lib/test/certdata/keycert3.pem b/Lib/test/keycert3.pem → Lib/test/certdata/keycert3.pem
diff --git a/Lib/test/keycert4.pem → Lib/test/certdata/keycert4.pem b/Lib/test/keycert4.pem → Lib/test/certdata/keycert4.pem
diff --git a/Lib/test/keycertecc.pem → Lib/test/certdata/keycertecc.pem b/Lib/test/keycertecc.pem → Lib/test/certdata/keycertecc.pem
diff --git a/Lib/test/make_ssl_certs.py → Lib/test/certdata/make_ssl_certs.py b/Lib/test/make_ssl_certs.py → Lib/test/certdata/make_ssl_certs.py
diff --git a/Lib/test/nokia.pem → Lib/test/certdata/nokia.pem b/Lib/test/nokia.pem → Lib/test/certdata/nokia.pem
diff --git a/Lib/test/nosan.pem → Lib/test/certdata/nosan.pem b/Lib/test/nosan.pem → Lib/test/certdata/nosan.pem
diff --git a/Lib/test/nullbytecert.pem → Lib/test/certdata/nullbytecert.pem b/Lib/test/nullbytecert.pem → Lib/test/certdata/nullbytecert.pem
diff --git a/Lib/test/nullcert.pem → Lib/test/certdata/nullcert.pem b/Lib/test/nullcert.pem → Lib/test/certdata/nullcert.pem
diff --git a/Lib/test/pycacert.pem → Lib/test/certdata/pycacert.pem b/Lib/test/pycacert.pem → Lib/test/certdata/pycacert.pem
diff --git a/Lib/test/pycakey.pem → Lib/test/certdata/pycakey.pem b/Lib/test/pycakey.pem → Lib/test/certdata/pycakey.pem
diff --git a/Lib/test/revocation.crl → Lib/test/certdata/revocation.crl b/Lib/test/revocation.crl → Lib/test/certdata/revocation.crl
diff --git a/Lib/test/secp384r1.pem → Lib/test/certdata/secp384r1.pem b/Lib/test/secp384r1.pem → Lib/test/certdata/secp384r1.pem
diff --git a/Lib/test/selfsigned_pythontestdotnet.pem → .../certdata/selfsigned_pythontestdotnet.pem b/Lib/test/selfsigned_pythontestdotnet.pem → .../certdata/selfsigned_pythontestdotnet.pem
diff --git a/Lib/test/ssl_cert.pem → Lib/test/certdata/ssl_cert.pem b/Lib/test/ssl_cert.pem → Lib/test/certdata/ssl_cert.pem
diff --git a/Lib/test/ssl_key.passwd.pem → Lib/test/certdata/ssl_key.passwd.pem b/Lib/test/ssl_key.passwd.pem → Lib/test/certdata/ssl_key.passwd.pem
diff --git a/Lib/test/ssl_key.pem → Lib/test/certdata/ssl_key.pem b/Lib/test/ssl_key.pem → Lib/test/certdata/ssl_key.pem
diff --git a/Lib/test/talos-2019-0758.pem → Lib/test/certdata/talos-2019-0758.pem b/Lib/test/talos-2019-0758.pem → Lib/test/certdata/talos-2019-0758.pem
diff --git a/Lib/test/ssl_servers.py b/Lib/test/ssl_servers.py
@@ -14,7 +14,7 @@
 here = os.path.dirname(__file__)
 
 HOST = socket_helper.HOST
-CERTFILE = os.path.join(here, 'keycert.pem')
+CERTFILE = os.path.join(here, 'certdata', 'keycert.pem')
 
 # This one's based on HTTPServer, which is based on socketserver
 

diff --git a/Lib/test/test_asyncio/utils.py b/Lib/test/test_asyncio/utils.py
@@ -36,21 +36,21 @@
 from test.support import threading_helper
 
 
-def data_file(filename):
+def data_file(*filename):
     if hasattr(support, 'TEST_HOME_DIR'):
-        fullname = os.path.join(support.TEST_HOME_DIR, filename)
+        fullname = os.path.join(support.TEST_HOME_DIR, *filename)
         if os.path.isfile(fullname):
             return fullname
-    fullname = os.path.join(os.path.dirname(__file__), '..', filename)
+    fullname = os.path.join(os.path.dirname(__file__), '..', *filename)
     if os.path.isfile(fullname):
         return fullname
-    raise FileNotFoundError(filename)
+    raise FileNotFoundError(os.path.join(filename))
 
 
-ONLYCERT = data_file('ssl_cert.pem')
-ONLYKEY = data_file('ssl_key.pem')
-SIGNED_CERTFILE = data_file('keycert3.pem')
-SIGNING_CA = data_file('pycacert.pem')
+ONLYCERT = data_file('certdata', 'ssl_cert.pem')
+ONLYKEY = data_file('certdata', 'ssl_key.pem')
+SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem')
+SIGNING_CA = data_file('certdata', 'pycacert.pem')
 PEERCERT = {
     'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
     'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),

diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
@@ -325,8 +325,8 @@ def handle_error(self):
 
 if ssl is not None:
 
-    CERTFILE = os.path.join(os.path.dirname(__file__), "keycert3.pem")
-    CAFILE = os.path.join(os.path.dirname(__file__), "pycacert.pem")
+    CERTFILE = os.path.join(os.path.dirname(__file__), "certdata", "keycert3.pem")
+    CAFILE = os.path.join(os.path.dirname(__file__), "certdata", "pycacert.pem")
 
     class SSLConnection(asyncore.dispatcher):
         """An asyncore.dispatcher subclass supporting TLS/SSL."""

diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
@@ -21,11 +21,13 @@
 
 here = os.path.dirname(__file__)
 # Self-signed cert file for 'localhost'
-CERT_localhost = os.path.join(here, 'keycert.pem')
+CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem')
 # Self-signed cert file for 'fakehostname'
-CERT_fakehostname = os.path.join(here, 'keycert2.pem')
+CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem')
 # Self-signed cert file for self-signed.pythontest.net
-CERT_selfsigned_pythontestdotnet = os.path.join(here, 'selfsigned_pythontestdotnet.pem')
+CERT_selfsigned_pythontestdotnet = os.path.join(
+    here, 'certdata', 'selfsigned_pythontestdotnet.pem',
+)
 
 # constants for testing chunked encoding
 chunked_start = (

diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py
@@ -23,8 +23,8 @@
 
 support.requires_working_socket(module=True)
 
-CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
-CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
+CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem")
+CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem")
 
 
 class TestImaplib(unittest.TestCase):

diff --git a/Lib/test/test_logging.py b/Lib/test/test_logging.py
@@ -2170,7 +2170,7 @@ def test_output(self):
                     sslctx = None
                 else:
                     here = os.path.dirname(__file__)
-                    localhost_cert = os.path.join(here, "keycert.pem")
+                    localhost_cert = os.path.join(here, "certdata", "keycert.pem")
                     sslctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
                     sslctx.load_cert_chain(localhost_cert)
 

diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py
@@ -29,8 +29,8 @@
     import ssl
 
     SUPPORTS_SSL = True
-    CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
-    CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
+    CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem")
+    CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem")
 
 requires_ssl = skipUnless(SUPPORTS_SSL, 'SSL not supported')
 

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -60,10 +60,10 @@
     PROTOCOL_TO_TLS_VERSION[proto] = ver
 
 def data_file(*name):
-    return os.path.join(os.path.dirname(__file__), *name)
+    return os.path.join(os.path.dirname(__file__), "certdata", *name)
 
 # The custom key and certificate files used in test_ssl are generated
-# using Lib/test/make_ssl_certs.py.
+# using Lib/test/certdata/make_ssl_certs.py.
 # Other certificates are simply fetched from the internet servers they
 # are meant to authenticate.
 
@@ -641,7 +641,7 @@ def test_openssl111_deprecations(self):
     def bad_cert_test(self, certfile):
         """Check that trying to use the given client certificate fails"""
         certfile = os.path.join(os.path.dirname(__file__) or os.curdir,
-                                   certfile)
+                                "certdata", certfile)
         sock = socket.socket()
         self.addCleanup(sock.close)
         with self.assertRaises(ssl.SSLError):
@@ -3309,12 +3309,12 @@ def test_socketserver(self):
         # try to connect
         if support.verbose:
             sys.stdout.write('\n')
-        with open(CERTFILE, 'rb') as f:
+        # Get this test file itself:
+        with open(__file__, 'rb') as f:
             d1 = f.read()
         d2 = ''
         # now fetch the same data from the HTTPS server
-        url = 'https://localhost:%d/%s' % (
-            server.port, os.path.split(CERTFILE)[1])
+        url = f'https://localhost:{server.port}/test_ssl.py'
         context = ssl.create_default_context(cafile=SIGNING_CA)
         f = urllib.request.urlopen(url, context=context)
         try:

diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py
@@ -21,9 +21,9 @@
 
 here = os.path.dirname(__file__)
 # Self-signed cert file for 'localhost'
-CERT_localhost = os.path.join(here, 'keycert.pem')
+CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem')
 # Self-signed cert file for 'fakehostname'
-CERT_fakehostname = os.path.join(here, 'keycert2.pem')
+CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem')
 
 
 # Loopback http server infrastructure

diff --git a/Makefile.pre.in b/Makefile.pre.in
@@ -2141,7 +2141,8 @@ LIBSUBDIRS=	asyncio \
 TESTSUBDIRS=	idlelib/idle_test \
 		test \
 		test/audiodata \
-		test/capath \
+		test/certdata \
+		test/certdata/capath \
 		test/cjkencodings \
 		test/crashers \
 		test/data \