fix creating certificate for aioquic tests

rsocket · Nov 28, 2023 · a23f4dd · a23f4dd
1 parent 7b871a5
commit a23f4dd
Showing 1 changed file with 25 additions and 6 deletions.
diff --git a/tests/tools/fixtures_shared.py b/tests/tools/fixtures_shared.py
@@ -1,12 +1,23 @@
 import datetime
+import ipaddress
+from typing import Optional
 
 import pytest
 from cryptography import x509
 from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives.asymmetric.ec import generate_private_key, SECP256R1
 
 
-def generate_certificate(*, alternative_names, common_name, hash_algorithm, key):
+def dns_name_or_ip_address(name):
+    try:
+        ip = ipaddress.ip_address(name)
+    except ValueError:
+        return x509.DNSName(name)
+    else:
+        return x509.IPAddress(ip)
+
+
+def generate_certificate(*, alternative_names: Optional[list], common_name: str, hash_algorithm, key):
     subject = issuer = x509.Name(
         [x509.NameAttribute(x509.NameOID.COMMON_NAME, common_name)]
     )
@@ -19,22 +30,30 @@ def generate_certificate(*, alternative_names, common_name, hash_algorithm, key)
                .not_valid_before(datetime.datetime.utcnow())
                .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=10))
                )
+
+    builder = builder.add_extension(
+        x509.SubjectAlternativeName([
+            x509.DNSName(u"localhost")
+        ]),
+        critical=False
+    )
+
     if alternative_names:
         builder = builder.add_extension(
             x509.SubjectAlternativeName(
-                [x509.DNSName(name) for name in alternative_names]
+                [dns_name_or_ip_address(name) for name in alternative_names]
             ),
             critical=False,
         )
     cert = builder.sign(key, hash_algorithm)
     return cert, key
 
 
-def generate_ec_certificate(common_name, alternative_names=None, curve=ec.SECP256R1):
+def generate_ec_certificate(common_name: str, alternative_names: Optional[list] = None, curve=SECP256R1):
     if alternative_names is None:
         alternative_names = []
 
-    key = ec.generate_private_key(curve=curve)
+    key = generate_private_key(curve=curve)
     return generate_certificate(
         alternative_names=alternative_names,
         common_name=common_name,
@@ -45,4 +64,4 @@ def generate_ec_certificate(common_name, alternative_names=None, curve=ec.SECP25
 
 @pytest.fixture(scope="session")
 def generate_test_certificates():
-    return generate_ec_certificate(common_name="localhost")
+    return generate_ec_certificate(common_name='localhost')