Replace vendored certificates with self-created certificates of similar structure (#862)

* Create script to reproduce certs. * Recreate the certificates and update the tests. * Anonymize certificates. * Make mostly reproducable by storing the private keys. I've tried to hide the private keys so that 'security checkers' won't find them and won't complain. Let's see whether that works...
2026-05-08 06:13:03 +00:00 · 2025-04-24 22:31:01 +02:00
parent dbff2a69e2
commit 04967efe26
29 changed files with 1342 additions and 4246 deletions
--- a/noxfile.py
+++ b/noxfile.py
@@ -21,6 +21,19 @@ except ImportError:
 antsibull_nox.load_antsibull_nox_toml()


+@nox.session(name="create-certificates", default=False)
+def create_certificates(session: nox.Session) -> None:
+    """
+    Regenerate some vendored certificates.
+    """
+    session.install("cryptography<39.0.0")  # we want support for SHA1 signatures
+    session.run("python", "tests/create-certificates.py")
+    session.warn(
+        "Note that you need to modify some values in tests/integration/targets/x509_certificate_info/tasks/impl.yml"
+        " and tests/integration/targets/filter_x509_certificate_info/tasks/impl.yml!"
+    )
+
+
 # Allow to run the noxfile with `python noxfile.py`, `pipx run noxfile.py`, or similar.
 # Requires nox >= 2025.02.09
 if __name__ == "__main__":