gh-108303: Move all certificates to `Lib/test/certdata/` (#109489)

2023-09-16 19:47:18 +03:00 · 2023-09-16 19:47:18 +03:00 · e57ecf6bbc
parent 929cc4e4a0
commit e57ecf6bbc
41 changed files with 31 additions and 28 deletions
--- a/Lib/test/certdata/allsans.pem
+++ b/Lib/test/certdata/allsans.pem
--- a/Lib/test/certdata/badcert.pem
+++ b/Lib/test/certdata/badcert.pem
--- a/Lib/test/certdata/badkey.pem
+++ b/Lib/test/certdata/badkey.pem
--- a/Lib/test/certdata/capath/4e1295a3.0
+++ b/Lib/test/certdata/capath/4e1295a3.0
--- a/Lib/test/certdata/capath/5ed36f99.0
+++ b/Lib/test/certdata/capath/5ed36f99.0
--- a/Lib/test/certdata/capath/6e88d7b8.0
+++ b/Lib/test/certdata/capath/6e88d7b8.0
--- a/Lib/test/certdata/capath/99d0fa06.0
+++ b/Lib/test/certdata/capath/99d0fa06.0
--- a/Lib/test/certdata/capath/b1930218.0
+++ b/Lib/test/certdata/capath/b1930218.0
--- a/Lib/test/certdata/capath/ceff1710.0
+++ b/Lib/test/certdata/capath/ceff1710.0
--- a/Lib/test/certdata/ffdh3072.pem
+++ b/Lib/test/certdata/ffdh3072.pem
--- a/Lib/test/certdata/idnsans.pem
+++ b/Lib/test/certdata/idnsans.pem
--- a/Lib/test/certdata/keycert.passwd.pem
+++ b/Lib/test/certdata/keycert.passwd.pem
--- a/Lib/test/certdata/keycert.pem
+++ b/Lib/test/certdata/keycert.pem
--- a/Lib/test/certdata/keycert2.pem
+++ b/Lib/test/certdata/keycert2.pem
--- a/Lib/test/certdata/keycert3.pem
+++ b/Lib/test/certdata/keycert3.pem
--- a/Lib/test/certdata/keycert4.pem
+++ b/Lib/test/certdata/keycert4.pem
--- a/Lib/test/certdata/keycertecc.pem
+++ b/Lib/test/certdata/keycertecc.pem
--- a/Lib/test/certdata/make_ssl_certs.py
+++ b/Lib/test/certdata/make_ssl_certs.py
--- a/Lib/test/certdata/nokia.pem
+++ b/Lib/test/certdata/nokia.pem
--- a/Lib/test/certdata/nosan.pem
+++ b/Lib/test/certdata/nosan.pem
--- a/Lib/test/certdata/nullbytecert.pem
+++ b/Lib/test/certdata/nullbytecert.pem
--- a/Lib/test/certdata/nullcert.pem
+++ b/Lib/test/certdata/nullcert.pem
--- a/Lib/test/certdata/pycacert.pem
+++ b/Lib/test/certdata/pycacert.pem
--- a/Lib/test/certdata/pycakey.pem
+++ b/Lib/test/certdata/pycakey.pem
--- a/Lib/test/certdata/revocation.crl
+++ b/Lib/test/certdata/revocation.crl
--- a/Lib/test/certdata/secp384r1.pem
+++ b/Lib/test/certdata/secp384r1.pem
--- a/Lib/test/certdata/selfsigned_pythontestdotnet.pem
+++ b/Lib/test/certdata/selfsigned_pythontestdotnet.pem
--- a/Lib/test/certdata/ssl_cert.pem
+++ b/Lib/test/certdata/ssl_cert.pem
--- a/Lib/test/certdata/ssl_key.passwd.pem
+++ b/Lib/test/certdata/ssl_key.passwd.pem
--- a/Lib/test/certdata/ssl_key.pem
+++ b/Lib/test/certdata/ssl_key.pem
--- a/Lib/test/certdata/talos-2019-0758.pem
+++ b/Lib/test/certdata/talos-2019-0758.pem
--- a/Lib/test/ssl_servers.py
+++ b/Lib/test/ssl_servers.py
@ -14,7 +14,7 @@ from test.support import socket_helper
 here = os.path.dirname(__file__)
 HOST = socket_helper.HOST
-CERTFILE = os.path.join(here, 'keycert.pem')
+CERTFILE = os.path.join(here, 'certdata', 'keycert.pem')
 # This one's based on HTTPServer, which is based on socketserver
--- a/Lib/test/test_asyncio/utils.py
+++ b/Lib/test/test_asyncio/utils.py
@ -36,21 +36,21 @@ from test.support import socket_helper
 from test.support import threading_helper
-def data_file(filename):
+def data_file(*filename):
    if hasattr(support, 'TEST_HOME_DIR'):
-        fullname = os.path.join(support.TEST_HOME_DIR, filename)
+        fullname = os.path.join(support.TEST_HOME_DIR, *filename)
        if os.path.isfile(fullname):
            return fullname
-    fullname = os.path.join(os.path.dirname(__file__), '..', filename)
+    fullname = os.path.join(os.path.dirname(__file__), '..', *filename)
    if os.path.isfile(fullname):
        return fullname
-    raise FileNotFoundError(filename)
+    raise FileNotFoundError(os.path.join(filename))
-ONLYCERT = data_file('ssl_cert.pem')
+ONLYCERT = data_file('certdata', 'ssl_cert.pem')
-ONLYKEY = data_file('ssl_key.pem')
+ONLYKEY = data_file('certdata', 'ssl_key.pem')
-SIGNED_CERTFILE = data_file('keycert3.pem')
+SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem')
-SIGNING_CA = data_file('pycacert.pem')
+SIGNING_CA = data_file('certdata', 'pycacert.pem')
 PEERCERT = {
    'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
    'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
--- a/Lib/test/test_ftplib.py
+++ b/Lib/test/test_ftplib.py
@ -325,8 +325,8 @@ class DummyFTPServer(asyncore.dispatcher, threading.Thread):
 if ssl is not None:
-    CERTFILE = os.path.join(os.path.dirname(__file__), "keycert3.pem")
+    CERTFILE = os.path.join(os.path.dirname(__file__), "certdata", "keycert3.pem")
-    CAFILE = os.path.join(os.path.dirname(__file__), "pycacert.pem")
+    CAFILE = os.path.join(os.path.dirname(__file__), "certdata", "pycacert.pem")
    class SSLConnection(asyncore.dispatcher):
        """An asyncore.dispatcher subclass supporting TLS/SSL."""
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@ -21,11 +21,13 @@ support.requires_working_socket(module=True)
 here = os.path.dirname(__file__)
 # Self-signed cert file for 'localhost'
-CERT_localhost = os.path.join(here, 'keycert.pem')
+CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem')
 # Self-signed cert file for 'fakehostname'
-CERT_fakehostname = os.path.join(here, 'keycert2.pem')
+CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem')
 # Self-signed cert file for self-signed.pythontest.net
-CERT_selfsigned_pythontestdotnet = os.path.join(here, 'selfsigned_pythontestdotnet.pem')
+CERT_selfsigned_pythontestdotnet = os.path.join(
    here, 'certdata', 'selfsigned_pythontestdotnet.pem',
 )
 # constants for testing chunked encoding
 chunked_start = (
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@ -23,8 +23,8 @@ except ImportError:
 support.requires_working_socket(module=True)
-CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
+CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem")
-CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
+CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem")
 class TestImaplib(unittest.TestCase):
--- a/Lib/test/test_logging.py
+++ b/Lib/test/test_logging.py
@ -2170,7 +2170,7 @@ class HTTPHandlerTest(BaseTest):
                    sslctx = None
                else:
                    here = os.path.dirname(__file__)
-                    localhost_cert = os.path.join(here, "keycert.pem")
+                    localhost_cert = os.path.join(here, "certdata", "keycert.pem")
                    sslctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
                    sslctx.load_cert_chain(localhost_cert)
--- a/Lib/test/test_poplib.py
+++ b/Lib/test/test_poplib.py
@ -29,8 +29,8 @@ if hasattr(poplib, 'POP3_SSL'):
    import ssl
    SUPPORTS_SSL = True
-    CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
+    CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem")
-    CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
+    CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem")
 requires_ssl = skipUnless(SUPPORTS_SSL, 'SSL not supported')
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -60,10 +60,10 @@ for proto, ver in (
    PROTOCOL_TO_TLS_VERSION[proto] = ver
 def data_file(*name):
-    return os.path.join(os.path.dirname(__file__), *name)
+    return os.path.join(os.path.dirname(__file__), "certdata", *name)
 # The custom key and certificate files used in test_ssl are generated
-# using Lib/test/make_ssl_certs.py.
+# using Lib/test/certdata/make_ssl_certs.py.
 # Other certificates are simply fetched from the internet servers they
 # are meant to authenticate.
@ -641,7 +641,7 @@ class BasicSocketTests(unittest.TestCase):
    def bad_cert_test(self, certfile):
        """Check that trying to use the given client certificate fails"""
        certfile = os.path.join(os.path.dirname(__file__) or os.curdir,
-                                   certfile)
+                                "certdata", certfile)
        sock = socket.socket()
        self.addCleanup(sock.close)
        with self.assertRaises(ssl.SSLError):
@ -3309,12 +3309,12 @@ class ThreadedTests(unittest.TestCase):
        # try to connect
        if support.verbose:
            sys.stdout.write('\n')
-        with open(CERTFILE, 'rb') as f:
+        # Get this test file itself:
        with open(__file__, 'rb') as f:
            d1 = f.read()
        d2 = ''
        # now fetch the same data from the HTTPS server
-        url = 'https://localhost:%d/%s' % (
+        url = f'https://localhost:{server.port}/test_ssl.py'
            server.port, os.path.split(CERTFILE)[1])
        context = ssl.create_default_context(cafile=SIGNING_CA)
        f = urllib.request.urlopen(url, context=context)
        try:
--- a/Lib/test/test_urllib2_localnet.py
+++ b/Lib/test/test_urllib2_localnet.py
@ -21,9 +21,9 @@ support.requires_working_socket(module=True)
 here = os.path.dirname(__file__)
 # Self-signed cert file for 'localhost'
-CERT_localhost = os.path.join(here, 'keycert.pem')
+CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem')
 # Self-signed cert file for 'fakehostname'
-CERT_fakehostname = os.path.join(here, 'keycert2.pem')
+CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem')
 # Loopback http server infrastructure
--- a/Makefile.pre.in
+++ b/Makefile.pre.in
@ -2141,7 +2141,8 @@ LIBSUBDIRS=	asyncio \
 TESTSUBDIRS=	idlelib/idle_test \
 		test \
 		test/audiodata \
-		test/capath \
+		test/certdata \
 		test/certdata/capath \
 		test/cjkencodings \
 		test/crashers \
 		test/data \