File: update_certs.py

package info (click to toggle)
chromium 120.0.6099.224-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 6,112,112 kB
  • sloc: cpp: 32,907,025; ansic: 8,148,123; javascript: 3,679,536; python: 2,031,248; asm: 959,718; java: 804,675; xml: 617,256; sh: 111,417; objc: 100,835; perl: 88,443; cs: 53,032; makefile: 29,579; fortran: 24,137; php: 21,162; tcl: 21,147; sql: 20,809; ruby: 17,735; pascal: 12,864; yacc: 8,045; lisp: 3,388; lex: 1,323; ada: 727; awk: 329; jsp: 267; csh: 117; exp: 43; sed: 37
file content (75 lines) | stat: -rwxr-xr-x 3,063 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env vpython3
# Copyright 2018 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import logging
import os
import subprocess
import sys

_THIS_DIR = os.path.dirname(__file__)
sys.path.append(os.path.join(_THIS_DIR, 'wpt', 'tools', 'wptserve', 'wptserve'))
from sslutils.openssl import OpenSSLEnvironment


_DOMAIN = '127.0.0.1'

def main():
    cert_dir = os.path.join(_THIS_DIR, 'certs')

    print('===> Removing old files...')
    old_files = filter(lambda filename: '.sxg.' not in filename,
                       os.listdir(cert_dir))
    old_files = [os.path.join(cert_dir, fn) for fn in old_files]
    if subprocess.call(['git', 'rm'] + old_files) != 0:
        sys.exit(1)

    print('\n===> Regenerating keys and certificates...')
    env = OpenSSLEnvironment(logging.getLogger(__name__),
                             base_path=cert_dir,
                             force_regenerate=True,
                             duration=3000)
    with env:
        key_path, pem_path = env.host_cert_path(
            [_DOMAIN,
             # See '_subdomains' in wpt/tools/serve/serve.py.
             'www.' + _DOMAIN,
             'www1.' + _DOMAIN,
             'www2.' + _DOMAIN,
             'xn--n8j6ds53lwwkrqhv28a.' + _DOMAIN,
             'xn--lve-6lad.' + _DOMAIN])
        if subprocess.call('git add -v ' + os.path.join(cert_dir, '*'), shell=True) != 0:
            sys.exit(1)

        print('\n===> Updating config.json and base.py...')
        key_basename = os.path.basename(key_path)
        pem_basename = os.path.basename(pem_path)
        config_path = os.path.join(_THIS_DIR, os.pardir, 'blink', 'web_tests',
                                   'external', 'wpt', 'config.json')
        if subprocess.call(['sed', '-i', '-E',
                            's%/[^/]+[.]key%/{key}%g;s%/[^/]+[.]pem%/{pem}%g'.format(
                                key=key_basename, pem=pem_basename),
                            config_path]) != 0:
            sys.exit(1)
        base_py_path = os.path.join(_THIS_DIR, os.pardir, 'blink', 'tools',
                                    'blinkpy', 'web_tests', 'port', 'base.py')
        proc = subprocess.Popen('openssl x509 -noout -pubkey -in ' + pem_path +
                                ' | openssl pkey -pubin -outform der'
                                ' | openssl dgst -sha256 -binary'
                                ' | base64', shell=True, stdout=subprocess.PIPE)
        base64, _ = proc.communicate()
        assert base64.isascii()
        if subprocess.call(['sed', '-i', '-E',
                            's%WPT_FINGERPRINT = \'.*\'%WPT_FINGERPRINT = \'' +
                            base64.decode().strip() + '\'%', base_py_path]) != 0:
            sys.exit(1)
        if subprocess.call(['git', 'add', '-v', config_path, base_py_path]) != 0:
            sys.exit(1)

        print('\n===> Certificate validity:')
        subprocess.call(['grep', 'Not After', pem_path])


if __name__ == "__main__":
    main()