Merge pull request #56 from rabbitmq/lukebakken/ca-cert-in-p12

Add CA cert to p12

.github/workflows/ci.yaml

@@ -0,0 +1,100 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: tls-gen
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build-linux:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.7, 3.8, 3.9, '3.10', '3.11']
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install flake8 pytest
+      - name: Lint with flake8
+        run: |
+          # The GitHub editor is 127 chars wide
+          flake8 . --verbose --count --show-source --statistics --max-complexity=10 --max-line-length=127
+      - name: Run
+        run: |
+          make -C basic
+          make -C basic info
+          make -C basic verify
+          make -C basic clean
+          make -C separate_intermediates
+          make -C separate_intermediates info
+          make -C separate_intermediates verify
+          make -C separate_intermediates clean
+          make -C two_shared_intermediates
+          make -C two_shared_intermediates info
+          make -C two_shared_intermediates verify
+          make -C two_shared_intermediates clean
+      - name: Test
+        run: ./test/basic.sh
+  build-windows:
+    runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.7, 3.8, 3.9, '3.10', '3.11']
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Run
+        run: |
+          make -C basic
+          make -C basic info
+          make -C basic verify
+          make -C basic clean
+          make -C separate_intermediates
+          make -C separate_intermediates info
+          make -C separate_intermediates verify
+          make -C separate_intermediates clean
+          make -C two_shared_intermediates
+          make -C two_shared_intermediates info
+          make -C two_shared_intermediates verify
+          make -C two_shared_intermediates clean
+  build-osx:
+    runs-on: macos-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.7, 3.8, 3.9, '3.10', '3.11']
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Run
+        run: |
+          make -C basic
+          make -C basic info
+          make -C basic verify
+          make -C basic clean
+          make -C separate_intermediates
+          make -C separate_intermediates info
+          make -C separate_intermediates verify
+          make -C separate_intermediates clean
+          make -C two_shared_intermediates
+          make -C two_shared_intermediates info
+          make -C two_shared_intermediates verify
+          make -C two_shared_intermediates clean

basic/profile.py

@@ -12,96 +12,105 @@
 import os
 import shutil
 
+
 def _copy_artifacts_to_results(opts):
-    os.makedirs(paths.relative_path("result"), exist_ok = True)
-    gen.copy_root_ca_certificate_and_key_pair()
+    os.makedirs(p.relative_path("result"), exist_ok=True)
+    g.copy_root_ca_certificate_and_key_pair()
     cn = opts.common_name
     name = 'server_{}'.format(cn)
-    gen.copy_leaf_certificate_and_key_pair(name)
+    g.copy_leaf_certificate_and_key_pair(name)
     name = 'client_{}'.format(cn)
-    gen.copy_leaf_certificate_and_key_pair(name)
+    g.copy_leaf_certificate_and_key_pair(name)
+
 
 def generate(opts):
     cli.validate_password_if_provided(opts)
     print("Will generate a root CA and two certificate/key pairs (server and client)")
-    gen.generate_root_ca(opts)
+    g.generate_root_ca(opts)
     cn = opts.common_name
     name = 'server_{}'.format(cn)
-    gen.generate_leaf_certificate_and_key_pair('server', opts, name)
+    g.generate_leaf_certificate_and_key_pair('server', opts, name)
     name = 'client_{}'.format(cn)
-    gen.generate_leaf_certificate_and_key_pair('client', opts, name)
+    g.generate_leaf_certificate_and_key_pair('client', opts, name)
     _copy_artifacts_to_results(opts)
     print("Done! Find generated certificates and private keys under ./result!")
 
+
 def generate_client(opts):
     cli.ensure_password_is_provided(opts)
     print("Will generate a certificate/key pair (client only)")
     cn = opts.common_name
     name = 'client_{}'.format(cn)
-    gen.generate_leaf_certificate_and_key_pair('client', opts, name)
-    gen.copy_leaf_certificate_and_key_pair(name)
+    g.generate_leaf_certificate_and_key_pair('client', opts, name)
+    g.copy_leaf_certificate_and_key_pair(name)
     print("Done! Find generated certificates and private keys under ./result!")
 
+
 def generate_server(opts):
     cli.ensure_password_is_provided(opts)
     print("Will generate a certificate/key pair (server only)")
     cn = opts.common_name
     name = 'server_{}'.format(cn)
-    gen.generate_leaf_certificate_and_key_pair('server', opts, name)
-    gen.copy_leaf_certificate_and_key_pair(name)
+    g.generate_leaf_certificate_and_key_pair('server', opts, name)
+    g.copy_leaf_certificate_and_key_pair(name)
     print("Done! Find generated certificates and private keys under ./result!")
 
+
 def clean(opts):
     cn = opts.common_name
-    for s in [paths.root_ca_path(),
-              paths.result_path(),
-              paths.leaf_pair_path('server'.format(cn)),
-              paths.leaf_pair_path('client'.format(cn))]:
+    for s in [p.root_ca_path(),
+              p.result_path(),
+              p.leaf_pair_path('server_{}'.format(cn)),
+              p.leaf_pair_path('client_{}'.format(cn))]:
         print("Removing {}".format(s))
         try:
             shutil.rmtree(s)
         except FileNotFoundError:
             pass
 
+
 def regenerate(opts):
     clean(opts)
     generate(opts)
 
+
 def verify(opts):
     print("Will verify generated certificates against the CA...")
-    verify.verify_leaf_certificate_against_root_ca('client_{}'.format(opts.common_name))
-    verify.verify_leaf_certificate_against_root_ca('server_{}'.format(opts.common_name))
+    v.verify_leaf_certificate_against_root_ca('client_{}'.format(opts.common_name))
+    v.verify_leaf_certificate_against_root_ca('server_{}'.format(opts.common_name))
+
 
 def verify_pkcs12(opts):
     cli.validate_password_if_provided(opts)
 
     print("Will verify generated PKCS12 certificate stores...")
-    verify.verify_pkcs12_store("client", opts)
-    verify.verify_pkcs12_store("server", opts)
+    v.verify_pkcs12_store("client", opts)
+    v.verify_pkcs12_store("server", opts)
+
 
 def info(opts):
     cn = opts.common_name
     client_name = 'client_{}'.format(cn)
-    info.leaf_certificate_info(client_name)
+    i.leaf_certificate_info(client_name)
 
     server_name = 'server_{}'.format(cn)
-    info.leaf_certificate_info(server_name)
+    i.leaf_certificate_info(server_name)
+
 
 def alias_leaf_artifacts(opts):
     cn = opts.common_name
     client_name = 'client_{}'.format(cn)
     server_name = 'server_{}'.format(cn)
 
-    print("Will copy certificate and key for {} to {}".format(client_name, paths.relative_path(*("result", "client_*.pem"))))
-    print("Will copy certificate and key for {} to {}".format(server_name, paths.relative_path(*("result", "server_*.pem"))))
+    print("Will copy certificate and key for {} to {}".format(client_name, p.relative_path(*("result", "client_*.pem"))))
+    print("Will copy certificate and key for {} to {}".format(server_name, p.relative_path(*("result", "server_*.pem"))))
 
-    gen.alias_file("client", client_name)
-    gen.alias_file("server", server_name)
+    g.alias_file("client", client_name)
+    g.alias_file("server", server_name)
 
     print("Done! Find new copies under ./result!")
 
 
-
 commands = {"generate":        generate,
             "gen":             generate,
             "generate-client": generate_client,
@@ -115,11 +124,10 @@ def alias_leaf_artifacts(opts):
             "alias-leaf-artifacts": alias_leaf_artifacts}
 
 if __name__ == "__main__":
-    sys.path.append("..")
-    from tls_gen import cli
-    from tls_gen import gen
-    from tls_gen import paths
-    from tls_gen import verify
-    from tls_gen import info
-
+    sys.path.append(os.path.realpath('..'))
+    import tls_gen.cli as cli
+    import tls_gen.gen as g
+    import tls_gen.info as i
+    import tls_gen.paths as p
+    import tls_gen.verify as v
     cli.run(commands)