Helper method to build an ssl.SSLContext for tests
(instance: FakeCSQLInstance)
| 193 | |
| 194 | |
| 195 | async def create_ssl_context(instance: FakeCSQLInstance) -> ssl.SSLContext: |
| 196 | """Helper method to build an ssl.SSLContext for tests""" |
| 197 | client_private, client_bytes = await generate_keys() |
| 198 | client_key: rsa.RSAPublicKey = serialization.load_pem_public_key( |
| 199 | client_bytes.encode("UTF-8"), |
| 200 | ) # type: ignore |
| 201 | ephemeral_cert = client_key_signed_cert( |
| 202 | instance.server_ca, instance.server_key, client_key |
| 203 | ) |
| 204 | # create SSL/TLS context |
| 205 | context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 206 | context.check_hostname = False |
| 207 | # load ssl.SSLContext with certs |
| 208 | async with TemporaryDirectory() as tmpdir: |
| 209 | ca_filename, cert_filename, key_filename = await write_to_file( |
| 210 | tmpdir, instance.server_cert_pem, ephemeral_cert, client_private |
| 211 | ) |
| 212 | context.load_cert_chain(cert_filename, keyfile=key_filename) |
| 213 | context.load_verify_locations(cafile=ca_filename) |
| 214 | return context |
| 215 | |
| 216 | |
| 217 | class FakeCSQLInstance: |