mirror
/
grpc-swift
镜像来自 https://github.com/grpc/grpc-swift.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
							#!/usr/bin/env python3

# Copyright 2022, gRPC Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import argparse
import datetime
import os
import shutil
import subprocess
import tempfile

TEMPLATE = """\
/*
 * Copyright {year}, gRPC Authors All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

//-----------------------------------------------------------------------------
// THIS FILE WAS GENERATED WITH make-sample-certs.py
//
// DO NOT UPDATE MANUALLY
//-----------------------------------------------------------------------------

#if canImport(NIOSSL)
import struct Foundation.Date
import NIOSSL

/// Wraps `NIOSSLCertificate` to provide the certificate common name and expiry date.
public struct SampleCertificate {{
  public var certificate: NIOSSLCertificate
  public var commonName: String
  public var notAfter: Date

  public static let ca = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(caCert.utf8), format: .pem),
    commonName: "some-ca",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let otherCA = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(otherCACert.utf8), format: .pem),
    commonName: "some-other-ca",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let server = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(serverCert.utf8), format: .pem),
    commonName: "localhost",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let exampleServer = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(exampleServerCert.utf8), format: .pem),
    commonName: "example.com",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let serverSignedByOtherCA = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(serverSignedByOtherCACert.utf8), format: .pem),
    commonName: "localhost",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let client = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(clientCert.utf8), format: .pem),
    commonName: "localhost",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let clientSignedByOtherCA = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(clientSignedByOtherCACert.utf8), format: .pem),
    commonName: "localhost",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )

  public static let exampleServerWithExplicitCurve = SampleCertificate(
    certificate: try! NIOSSLCertificate(bytes: .init(serverExplicitCurveCert.utf8), format: .pem),
    commonName: "localhost",
    notAfter: Date(timeIntervalSince1970: {timestamp})
  )
}}

extension SampleCertificate {{
  /// Returns whether the certificate has expired.
  public var isExpired: Bool {{
    return self.notAfter < Date()
  }}
}}

/// Provides convenience methods to make `NIOSSLPrivateKey`s for corresponding `GRPCSwiftCertificate`s.
public struct SamplePrivateKey {{
  private init() {{}}

  public static let server = try! NIOSSLPrivateKey(bytes: .init(serverKey.utf8), format: .pem)
  public static let exampleServer = try! NIOSSLPrivateKey(
    bytes: .init(exampleServerKey.utf8),
    format: .pem
  )
  public static let client = try! NIOSSLPrivateKey(bytes: .init(clientKey.utf8), format: .pem)
  public static let exampleServerWithExplicitCurve = try! NIOSSLPrivateKey(
    bytes: .init(serverExplicitCurveKey.utf8),
    format: .pem
  )
}}

// MARK: - Certificates and private keys

private let caCert = \"""
{ca_cert}
\"""

private let otherCACert = \"""
{other_ca_cert}
\"""

private let serverCert = \"""
{server_cert}
\"""

private let serverSignedByOtherCACert = \"""
{server_signed_by_other_ca_cert}
\"""

private let serverKey = \"""
{server_key}
\"""

private let exampleServerCert = \"""
{example_server_cert}
\"""

private let exampleServerKey = \"""
{example_server_key}
\"""

private let clientCert = \"""
{client_cert}
\"""

private let clientSignedByOtherCACert = \"""
{client_signed_by_other_ca_cert}
\"""

private let clientKey = \"""
{client_key}
\"""

private let serverExplicitCurveCert = \"""
{server_explicit_curve_cert}
\"""

private let serverExplicitCurveKey = \"""
{server_explicit_curve_key}
\"""

#endif // canImport(NIOSSL)
"""

def load_file(root, name):
    with open(os.path.join(root, name)) as fh:
        return fh.read().strip()


def extract_key(ec_key_and_params):
    lines = []
    include_line = True
    for line in ec_key_and_params.split("\n"):
        if line == "-----BEGIN EC PARAMETERS-----":
            include_line = False
        elif line == "-----BEGIN EC PRIVATE KEY-----":
            include_line = True

        if include_line:
            lines.append(line)
    return "\n".join(lines).strip()


def update_sample_certs():
    now = datetime.datetime.now()
    # makecert uses an expiry of 365 days.
    delta = datetime.timedelta(days=365)
    # Seconds since epoch
    not_after = (now + delta).strftime("%s")

    # Expect to be called from the root of the checkout.
    root = os.path.abspath(os.curdir)
    executable = os.path.join(root, "scripts", "makecert")
    try:
        subprocess.check_call(executable)
    except FileNotFoundError:
        print("Please run the script from the root of the repository")
        exit(1)

    kwargs = {
        "year": now.year,
        "timestamp": not_after,
        "ca_cert": load_file(root, "ca.crt"),
        "other_ca_cert": load_file(root, "other-ca.crt"),
        "server_cert": load_file(root, "server-localhost.crt"),
        "server_signed_by_other_ca_cert": load_file(root, "server-localhost-other-ca.crt"),
        "server_key": load_file(root, "server-localhost.key"),
        "example_server_cert": load_file(root, "server-example.com.crt"),
        "example_server_key": load_file(root, "server-example.com.key"),
        "client_cert": load_file(root, "client.crt"),
        "client_signed_by_other_ca_cert": load_file(root, "client-other-ca.crt"),
        "client_key": load_file(root, "client.key"),
        "server_explicit_curve_cert": load_file(root, "server-explicit-ec.crt"),
        "server_explicit_curve_key": extract_key(load_file(root,
            "server-explicit-ec.key"))
    }

    formatted = TEMPLATE.format(**kwargs)
    with open("Sources/GRPCSampleData/GRPCSwiftCertificate.swift", "w") as fh:
        fh.write(formatted)


def update_p12_bundle():
    tmp_dir = tempfile.TemporaryDirectory()
    subprocess.check_call(["git", "clone", "--single-branch", "--branch",
                           "make-p12-bundle-for-grpc-swift-tests",
                           "https://github.com/glbrntt/swift-nio-ssl",
                           tmp_dir.name])

    subprocess.check_call(["./make-pkcs12.sh"], cwd=tmp_dir.name)
    shutil.copyfile(tmp_dir.name + "/bundle.p12", "Sources/GRPCSampleData/bundle.p12")


if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("--no-p12-bundle", action="store_false", dest="p12")
    parser.add_argument("--no-sample-certs", action="store_false", dest="sample_certs")
    args = parser.parse_args()

    if args.sample_certs:
        update_sample_certs()

    if args.p12:
        update_p12_bundle()