declearn.test_utils.generate_ssl_certificates

Generate a self-signed CA and a CA-signed SSL certificate.

This function is intended to be used for testing and/or in demonstration contexts, whereas real-life applications are expected to use certificates signed by a trusted CA.

This functions orchestrates calls to the system's openssl command in order to generate and self-sign SSL certificate and private-key files that may be used to encrypt network communications, notably for declearn.

More precisely, it generates: - a self-signed root certificate authority (CA) - a server certificate signed by the former CA

Parameters:

Name	Type	Description	Default
folder	str	Path to the folder where to create the intermediate and final certificate and key PEM files.	'.'
c_name	str	Main domain name or IP for which the certificate is created.	'localhost'
password	Optional[str]	Optional password used to encrypt generated private keys.	None
alt_ips	Optional[Collection[str]]	Optional list of additional IP addresses to certify. This is only implemented for OpenSSL >= 3.0.	None
alt_dns	Optional[Collection[str]]	Optional list of additional domain names to certify. This is only implemented for OpenSSL >= 3.0.	None
duration	int	Validity duration for both the CA and server certificates.	30

Returns:

Name	Type	Description
ca_cert	str	Path to the client-required CA certificate PEM file.
sv_cert	str	Path to the server's certificate PEM file.
sv_pkey	str	Path to the server's private key PEM file.

Source code in declearn/test_utils/_gen_ssl.py

def generate_ssl_certificates(
    folder: str = ".",
    c_name: str = "localhost",
    password: Optional[str] = None,
    alt_ips: Optional[Collection[str]] = None,
    alt_dns: Optional[Collection[str]] = None,
    duration: int = 30,
) -> Tuple[str, str, str]:
    """Generate a self-signed CA and a CA-signed SSL certificate.

    This function is intended to be used for testing and/or in
    demonstration contexts, whereas real-life applications are
    expected to use certificates signed by a trusted CA.

    This functions orchestrates calls to the system's `openssl`
    command in order to generate and self-sign SSL certificate
    and private-key files that may be used to encrypt network
    communications, notably for declearn.

    More precisely, it generates:
    - a self-signed root certificate authority (CA)
    - a server certificate signed by the former CA

    Parameters
    ----------
    folder: str
        Path to the folder where to create the intermediate
        and final certificate and key PEM files.
    c_name: str
        Main domain name or IP for which the certificate is created.
    password: str or None, default=None
        Optional password used to encrypt generated private keys.
    alt_ips: collection[str] or None, default=None
        Optional list of additional IP addresses to certify.
        This is only implemented for OpenSSL >= 3.0.
    alt_dns: collection[str] or None, default=None
        Optional list of additional domain names to certify.
        This is only implemented for OpenSSL >= 3.0.
    duration: int, default=30
        Validity duration for both the CA and server certificates.

    Returns
    -------
    ca_cert: str
        Path to the client-required CA certificate PEM file.
    sv_cert: str
        Path to the server's certificate PEM file.
    sv_pkey: str
        Path to the server's private key PEM file.
    """
    # arguments serve modularity; pylint: disable=too-many-arguments
    # Generate a self-signed root CA.
    ca_cert, ca_pkey = gen_ssl_ca(folder, password, duration)
    # Generate a server CSR and a private key.
    sv_csrq, sv_pkey = gen_ssl_csr(folder, c_name, alt_ips, alt_dns, password)
    # Sign the CSR into a server certificate using the root CA.
    sv_cert = gen_ssl_cert(
        folder, sv_csrq, ca_cert, ca_pkey, password, duration
    )
    # Return paths that are used by declearn network-communication endpoints.
    return ca_cert, sv_cert, sv_pkey