Merge pull request #7 from njsmith/better-names

Move trustme version to ORGANIZATION_NAME + uniqueify common names
python-trio · Aug 2, 2017 · 8514638 · 8514638
2 parents 0ed9ffa + e681939
commit 8514638
Showing 1 changed file with 17 additions and 10 deletions.
diff --git a/trustme/__init__.py b/trustme/__init__.py
@@ -1,5 +1,6 @@
 import datetime
 import ssl
+from base64 import urlsafe_b64encode
 from tempfile import NamedTemporaryFile
 from contextlib import contextmanager
 import os
@@ -23,12 +24,21 @@
 # not 2 seconds.
 _KEY_SIZE = 1024
 
+def _name(common_name):
+    return x509.Name([
+        x509.NameAttribute(NameOID.ORGANIZATION_NAME,
+                           u"trustme v{}".format(__version__)),
+        x509.NameAttribute(NameOID.COMMON_NAME, common_name),
+    ])
+
+
+def random_text():
+    return urlsafe_b64encode(os.urandom(12)).decode("ascii")
+
+
 def _smells_like_pyopenssl(ctx):
     return getattr(ctx, "__module__", "").startswith("OpenSSL")
 
-def _common_name(name):
-    name += " (generated by faketlscerts v{})".format(__version__)
-    return x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, name)])
 
 def _cert_builder_common(subject, issuer, public_key):
     today = datetime.datetime.today()
@@ -38,12 +48,12 @@ def _cert_builder_common(subject, issuer, public_key):
         x509.CertificateBuilder()
         .subject_name(subject)
         .issuer_name(issuer)
+        .public_key(public_key)
         # This is inclusive so today should work too, but let's pad it a
         # bit.
         .not_valid_before(yesterday)
         .not_valid_after(forever)
         .serial_number(x509.random_serial_number())
-        .public_key(public_key)
         .add_extension(
             x509.SubjectKeyIdentifier.from_public_key(public_key),
             critical=False,
@@ -140,12 +150,9 @@ def __init__(self):
             backend=default_backend()
         )
 
+        name = _name(u"Testing CA #" + random_text())
         self._certificate = (
-            _cert_builder_common(
-                _common_name(u"Testing CA"),
-                _common_name(u"Testing CA"),
-                self._private_key.public_key()
-            )
+            _cert_builder_common(name, name, self._private_key.public_key())
             .add_extension(
                 x509.BasicConstraints(ca=True, path_length=9), critical=True,
             )
@@ -184,7 +191,7 @@ def issue_server_cert(self, *hostnames):
 
         cert = (
             _cert_builder_common(
-                _common_name(u"Testing cert"),
+                _name(u"Testing server cert #" + random_text()),
                 self._certificate.subject,
                 key.public_key(),
             )