From 7e992615903f11d23f07e18695bbe3b40b3ce0e4 Mon Sep 17 00:00:00 2001 From: Nikita Sobolev Date: Sat, 16 Sep 2023 19:47:18 +0300 Subject: [PATCH] gh-108303: Move all certificates to `Lib/test/certdata/` (GH-109489) (cherry picked from commit e57ecf6bbc59f999d27b125ea51b042c24a07bd9) Co-authored-by: Nikita Sobolev --- Lib/test/{ => certdata}/allsans.pem | 0 Lib/test/{ => certdata}/badcert.pem | 0 Lib/test/{ => certdata}/badkey.pem | 0 Lib/test/{ => certdata}/capath/4e1295a3.0 | 0 Lib/test/{ => certdata}/capath/5ed36f99.0 | 0 Lib/test/{ => certdata}/capath/6e88d7b8.0 | 0 Lib/test/{ => certdata}/capath/99d0fa06.0 | 0 Lib/test/{ => certdata}/capath/b1930218.0 | 0 Lib/test/{ => certdata}/capath/ceff1710.0 | 0 Lib/test/{ => certdata}/ffdh3072.pem | 0 Lib/test/{ => certdata}/idnsans.pem | 0 Lib/test/{ => certdata}/keycert.passwd.pem | 0 Lib/test/{ => certdata}/keycert.pem | 0 Lib/test/{ => certdata}/keycert2.pem | 0 Lib/test/{ => certdata}/keycert3.pem | 0 Lib/test/{ => certdata}/keycert4.pem | 0 Lib/test/{ => certdata}/keycertecc.pem | 0 Lib/test/{ => certdata}/make_ssl_certs.py | 0 Lib/test/{ => certdata}/nokia.pem | 0 Lib/test/{ => certdata}/nosan.pem | 0 Lib/test/{ => certdata}/nullbytecert.pem | 0 Lib/test/{ => certdata}/nullcert.pem | 0 Lib/test/{ => certdata}/pycacert.pem | 0 Lib/test/{ => certdata}/pycakey.pem | 0 Lib/test/{ => certdata}/revocation.crl | 0 Lib/test/{ => certdata}/secp384r1.pem | 0 .../selfsigned_pythontestdotnet.pem | 0 Lib/test/{ => certdata}/ssl_cert.pem | 0 Lib/test/{ => certdata}/ssl_key.passwd.pem | 0 Lib/test/{ => certdata}/ssl_key.pem | 0 Lib/test/{ => certdata}/talos-2019-0758.pem | 0 Lib/test/ssl_servers.py | 2 +- Lib/test/test_asyncio/utils.py | 16 ++++++++-------- Lib/test/test_ftplib.py | 4 ++-- Lib/test/test_httplib.py | 8 +++++--- Lib/test/test_imaplib.py | 4 ++-- Lib/test/test_logging.py | 2 +- Lib/test/test_poplib.py | 4 ++-- Lib/test/test_ssl.py | 12 ++++++------ Lib/test/test_urllib2_localnet.py | 4 ++-- Makefile.pre.in | 3 ++- 41 files changed, 31 insertions(+), 28 deletions(-) rename Lib/test/{ => certdata}/allsans.pem (100%) rename Lib/test/{ => certdata}/badcert.pem (100%) rename Lib/test/{ => certdata}/badkey.pem (100%) rename Lib/test/{ => certdata}/capath/4e1295a3.0 (100%) rename Lib/test/{ => certdata}/capath/5ed36f99.0 (100%) rename Lib/test/{ => certdata}/capath/6e88d7b8.0 (100%) rename Lib/test/{ => certdata}/capath/99d0fa06.0 (100%) rename Lib/test/{ => certdata}/capath/b1930218.0 (100%) rename Lib/test/{ => certdata}/capath/ceff1710.0 (100%) rename Lib/test/{ => certdata}/ffdh3072.pem (100%) rename Lib/test/{ => certdata}/idnsans.pem (100%) rename Lib/test/{ => certdata}/keycert.passwd.pem (100%) rename Lib/test/{ => certdata}/keycert.pem (100%) rename Lib/test/{ => certdata}/keycert2.pem (100%) rename Lib/test/{ => certdata}/keycert3.pem (100%) rename Lib/test/{ => certdata}/keycert4.pem (100%) rename Lib/test/{ => certdata}/keycertecc.pem (100%) rename Lib/test/{ => certdata}/make_ssl_certs.py (100%) rename Lib/test/{ => certdata}/nokia.pem (100%) rename Lib/test/{ => certdata}/nosan.pem (100%) rename Lib/test/{ => certdata}/nullbytecert.pem (100%) rename Lib/test/{ => certdata}/nullcert.pem (100%) rename Lib/test/{ => certdata}/pycacert.pem (100%) rename Lib/test/{ => certdata}/pycakey.pem (100%) rename Lib/test/{ => certdata}/revocation.crl (100%) rename Lib/test/{ => certdata}/secp384r1.pem (100%) rename Lib/test/{ => certdata}/selfsigned_pythontestdotnet.pem (100%) rename Lib/test/{ => certdata}/ssl_cert.pem (100%) rename Lib/test/{ => certdata}/ssl_key.passwd.pem (100%) rename Lib/test/{ => certdata}/ssl_key.pem (100%) rename Lib/test/{ => certdata}/talos-2019-0758.pem (100%) diff --git a/Lib/test/allsans.pem b/Lib/test/certdata/allsans.pem similarity index 100% rename from Lib/test/allsans.pem rename to Lib/test/certdata/allsans.pem diff --git a/Lib/test/badcert.pem b/Lib/test/certdata/badcert.pem similarity index 100% rename from Lib/test/badcert.pem rename to Lib/test/certdata/badcert.pem diff --git a/Lib/test/badkey.pem b/Lib/test/certdata/badkey.pem similarity index 100% rename from Lib/test/badkey.pem rename to Lib/test/certdata/badkey.pem diff --git a/Lib/test/capath/4e1295a3.0 b/Lib/test/certdata/capath/4e1295a3.0 similarity index 100% rename from Lib/test/capath/4e1295a3.0 rename to Lib/test/certdata/capath/4e1295a3.0 diff --git a/Lib/test/capath/5ed36f99.0 b/Lib/test/certdata/capath/5ed36f99.0 similarity index 100% rename from Lib/test/capath/5ed36f99.0 rename to Lib/test/certdata/capath/5ed36f99.0 diff --git a/Lib/test/capath/6e88d7b8.0 b/Lib/test/certdata/capath/6e88d7b8.0 similarity index 100% rename from Lib/test/capath/6e88d7b8.0 rename to Lib/test/certdata/capath/6e88d7b8.0 diff --git a/Lib/test/capath/99d0fa06.0 b/Lib/test/certdata/capath/99d0fa06.0 similarity index 100% rename from Lib/test/capath/99d0fa06.0 rename to Lib/test/certdata/capath/99d0fa06.0 diff --git a/Lib/test/capath/b1930218.0 b/Lib/test/certdata/capath/b1930218.0 similarity index 100% rename from Lib/test/capath/b1930218.0 rename to Lib/test/certdata/capath/b1930218.0 diff --git a/Lib/test/capath/ceff1710.0 b/Lib/test/certdata/capath/ceff1710.0 similarity index 100% rename from Lib/test/capath/ceff1710.0 rename to Lib/test/certdata/capath/ceff1710.0 diff --git a/Lib/test/ffdh3072.pem b/Lib/test/certdata/ffdh3072.pem similarity index 100% rename from Lib/test/ffdh3072.pem rename to Lib/test/certdata/ffdh3072.pem diff --git a/Lib/test/idnsans.pem b/Lib/test/certdata/idnsans.pem similarity index 100% rename from Lib/test/idnsans.pem rename to Lib/test/certdata/idnsans.pem diff --git a/Lib/test/keycert.passwd.pem b/Lib/test/certdata/keycert.passwd.pem similarity index 100% rename from Lib/test/keycert.passwd.pem rename to Lib/test/certdata/keycert.passwd.pem diff --git a/Lib/test/keycert.pem b/Lib/test/certdata/keycert.pem similarity index 100% rename from Lib/test/keycert.pem rename to Lib/test/certdata/keycert.pem diff --git a/Lib/test/keycert2.pem b/Lib/test/certdata/keycert2.pem similarity index 100% rename from Lib/test/keycert2.pem rename to Lib/test/certdata/keycert2.pem diff --git a/Lib/test/keycert3.pem b/Lib/test/certdata/keycert3.pem similarity index 100% rename from Lib/test/keycert3.pem rename to Lib/test/certdata/keycert3.pem diff --git a/Lib/test/keycert4.pem b/Lib/test/certdata/keycert4.pem similarity index 100% rename from Lib/test/keycert4.pem rename to Lib/test/certdata/keycert4.pem diff --git a/Lib/test/keycertecc.pem b/Lib/test/certdata/keycertecc.pem similarity index 100% rename from Lib/test/keycertecc.pem rename to Lib/test/certdata/keycertecc.pem diff --git a/Lib/test/make_ssl_certs.py b/Lib/test/certdata/make_ssl_certs.py similarity index 100% rename from Lib/test/make_ssl_certs.py rename to Lib/test/certdata/make_ssl_certs.py diff --git a/Lib/test/nokia.pem b/Lib/test/certdata/nokia.pem similarity index 100% rename from Lib/test/nokia.pem rename to Lib/test/certdata/nokia.pem diff --git a/Lib/test/nosan.pem b/Lib/test/certdata/nosan.pem similarity index 100% rename from Lib/test/nosan.pem rename to Lib/test/certdata/nosan.pem diff --git a/Lib/test/nullbytecert.pem b/Lib/test/certdata/nullbytecert.pem similarity index 100% rename from Lib/test/nullbytecert.pem rename to Lib/test/certdata/nullbytecert.pem diff --git a/Lib/test/nullcert.pem b/Lib/test/certdata/nullcert.pem similarity index 100% rename from Lib/test/nullcert.pem rename to Lib/test/certdata/nullcert.pem diff --git a/Lib/test/pycacert.pem b/Lib/test/certdata/pycacert.pem similarity index 100% rename from Lib/test/pycacert.pem rename to Lib/test/certdata/pycacert.pem diff --git a/Lib/test/pycakey.pem b/Lib/test/certdata/pycakey.pem similarity index 100% rename from Lib/test/pycakey.pem rename to Lib/test/certdata/pycakey.pem diff --git a/Lib/test/revocation.crl b/Lib/test/certdata/revocation.crl similarity index 100% rename from Lib/test/revocation.crl rename to Lib/test/certdata/revocation.crl diff --git a/Lib/test/secp384r1.pem b/Lib/test/certdata/secp384r1.pem similarity index 100% rename from Lib/test/secp384r1.pem rename to Lib/test/certdata/secp384r1.pem diff --git a/Lib/test/selfsigned_pythontestdotnet.pem b/Lib/test/certdata/selfsigned_pythontestdotnet.pem similarity index 100% rename from Lib/test/selfsigned_pythontestdotnet.pem rename to Lib/test/certdata/selfsigned_pythontestdotnet.pem diff --git a/Lib/test/ssl_cert.pem b/Lib/test/certdata/ssl_cert.pem similarity index 100% rename from Lib/test/ssl_cert.pem rename to Lib/test/certdata/ssl_cert.pem diff --git a/Lib/test/ssl_key.passwd.pem b/Lib/test/certdata/ssl_key.passwd.pem similarity index 100% rename from Lib/test/ssl_key.passwd.pem rename to Lib/test/certdata/ssl_key.passwd.pem diff --git a/Lib/test/ssl_key.pem b/Lib/test/certdata/ssl_key.pem similarity index 100% rename from Lib/test/ssl_key.pem rename to Lib/test/certdata/ssl_key.pem diff --git a/Lib/test/talos-2019-0758.pem b/Lib/test/certdata/talos-2019-0758.pem similarity index 100% rename from Lib/test/talos-2019-0758.pem rename to Lib/test/certdata/talos-2019-0758.pem diff --git a/Lib/test/ssl_servers.py b/Lib/test/ssl_servers.py index a4bd7455d47e76..15b071e04dda1f 100644 --- a/Lib/test/ssl_servers.py +++ b/Lib/test/ssl_servers.py @@ -14,7 +14,7 @@ here = os.path.dirname(__file__) HOST = socket_helper.HOST -CERTFILE = os.path.join(here, 'keycert.pem') +CERTFILE = os.path.join(here, 'certdata', 'keycert.pem') # This one's based on HTTPServer, which is based on socketserver diff --git a/Lib/test/test_asyncio/utils.py b/Lib/test/test_asyncio/utils.py index c32494d40ccea8..85d1d6332fb2ec 100644 --- a/Lib/test/test_asyncio/utils.py +++ b/Lib/test/test_asyncio/utils.py @@ -37,21 +37,21 @@ from test.support import threading_helper -def data_file(filename): +def data_file(*filename): if hasattr(support, 'TEST_HOME_DIR'): - fullname = os.path.join(support.TEST_HOME_DIR, filename) + fullname = os.path.join(support.TEST_HOME_DIR, *filename) if os.path.isfile(fullname): return fullname - fullname = os.path.join(os.path.dirname(__file__), '..', filename) + fullname = os.path.join(os.path.dirname(__file__), '..', *filename) if os.path.isfile(fullname): return fullname - raise FileNotFoundError(filename) + raise FileNotFoundError(os.path.join(filename)) -ONLYCERT = data_file('ssl_cert.pem') -ONLYKEY = data_file('ssl_key.pem') -SIGNED_CERTFILE = data_file('keycert3.pem') -SIGNING_CA = data_file('pycacert.pem') +ONLYCERT = data_file('certdata', 'ssl_cert.pem') +ONLYKEY = data_file('certdata', 'ssl_key.pem') +SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem') +SIGNING_CA = data_file('certdata', 'pycacert.pem') PEERCERT = { 'OCSP': ('http://testca.pythontest.net/testca/ocsp/',), 'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',), diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py index 082a90d46baedc..a506b8caca1c84 100644 --- a/Lib/test/test_ftplib.py +++ b/Lib/test/test_ftplib.py @@ -327,8 +327,8 @@ def handle_error(self): if ssl is not None: - CERTFILE = os.path.join(os.path.dirname(__file__), "keycert3.pem") - CAFILE = os.path.join(os.path.dirname(__file__), "pycacert.pem") + CERTFILE = os.path.join(os.path.dirname(__file__), "certdata", "keycert3.pem") + CAFILE = os.path.join(os.path.dirname(__file__), "certdata", "pycacert.pem") class SSLConnection(asyncore.dispatcher): """An asyncore.dispatcher subclass supporting TLS/SSL.""" diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py index 47dbf08f3700d9..f6a9c820b54d31 100644 --- a/Lib/test/test_httplib.py +++ b/Lib/test/test_httplib.py @@ -23,11 +23,13 @@ here = os.path.dirname(__file__) # Self-signed cert file for 'localhost' -CERT_localhost = os.path.join(here, 'keycert.pem') +CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem') # Self-signed cert file for 'fakehostname' -CERT_fakehostname = os.path.join(here, 'keycert2.pem') +CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem') # Self-signed cert file for self-signed.pythontest.net -CERT_selfsigned_pythontestdotnet = os.path.join(here, 'selfsigned_pythontestdotnet.pem') +CERT_selfsigned_pythontestdotnet = os.path.join( + here, 'certdata', 'selfsigned_pythontestdotnet.pem', +) # constants for testing chunked encoding chunked_start = ( diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py index f097ba68154f25..bd0fc9c2da1c23 100644 --- a/Lib/test/test_imaplib.py +++ b/Lib/test/test_imaplib.py @@ -26,8 +26,8 @@ support.requires_working_socket(module=True) -CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem") -CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem") +CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem") +CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem") class TestImaplib(unittest.TestCase): diff --git a/Lib/test/test_logging.py b/Lib/test/test_logging.py index 55c5cd565814e8..ccf479d8e7e1c2 100644 --- a/Lib/test/test_logging.py +++ b/Lib/test/test_logging.py @@ -2075,7 +2075,7 @@ def test_output(self): sslctx = None else: here = os.path.dirname(__file__) - localhost_cert = os.path.join(here, "keycert.pem") + localhost_cert = os.path.join(here, "certdata", "keycert.pem") sslctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) sslctx.load_cert_chain(localhost_cert) diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py index 5ad9202433dcfb..49ba9931974ec6 100644 --- a/Lib/test/test_poplib.py +++ b/Lib/test/test_poplib.py @@ -32,8 +32,8 @@ import ssl SUPPORTS_SSL = True - CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem") - CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem") + CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem") + CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem") requires_ssl = skipUnless(SUPPORTS_SSL, 'SSL not supported') diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 965c2728914b50..55cabe6c6917df 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -63,10 +63,10 @@ PROTOCOL_TO_TLS_VERSION[proto] = ver def data_file(*name): - return os.path.join(os.path.dirname(__file__), *name) + return os.path.join(os.path.dirname(__file__), "certdata", *name) # The custom key and certificate files used in test_ssl are generated -# using Lib/test/make_ssl_certs.py. +# using Lib/test/certdata/make_ssl_certs.py. # Other certificates are simply fetched from the internet servers they # are meant to authenticate. @@ -675,7 +675,7 @@ def test_errors_sslwrap(self): def bad_cert_test(self, certfile): """Check that trying to use the given client certificate fails""" certfile = os.path.join(os.path.dirname(__file__) or os.curdir, - certfile) + "certdata", certfile) sock = socket.socket() self.addCleanup(sock.close) with self.assertRaises(ssl.SSLError): @@ -3560,12 +3560,12 @@ def test_socketserver(self): # try to connect if support.verbose: sys.stdout.write('\n') - with open(CERTFILE, 'rb') as f: + # Get this test file itself: + with open(__file__, 'rb') as f: d1 = f.read() d2 = '' # now fetch the same data from the HTTPS server - url = 'https://localhost:%d/%s' % ( - server.port, os.path.split(CERTFILE)[1]) + url = f'https://localhost:{server.port}/test_ssl.py' context = ssl.create_default_context(cafile=SIGNING_CA) f = urllib.request.urlopen(url, context=context) try: diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py index f4729358557c95..96e43970d49fb9 100644 --- a/Lib/test/test_urllib2_localnet.py +++ b/Lib/test/test_urllib2_localnet.py @@ -22,9 +22,9 @@ here = os.path.dirname(__file__) # Self-signed cert file for 'localhost' -CERT_localhost = os.path.join(here, 'keycert.pem') +CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem') # Self-signed cert file for 'fakehostname' -CERT_fakehostname = os.path.join(here, 'keycert2.pem') +CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem') # Loopback http server infrastructure diff --git a/Makefile.pre.in b/Makefile.pre.in index 885089b994f7fa..a32dee5c1b0245 100644 --- a/Makefile.pre.in +++ b/Makefile.pre.in @@ -1946,7 +1946,8 @@ TESTSUBDIRS= ctypes/test \ lib2to3/tests/data/fixers/myfixes \ test \ test/audiodata \ - test/capath \ + test/certdata \ + test/certdata/capath \ test/cjkencodings \ test/crashers \ test/data \