def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(db) generate_ca(db, srcdir, noise_file, "v1_ca", 1, False ) generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True) generate_ca(db, srcdir, noise_file, "v2_ca", 2, False ) generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True) generate_ca(db, srcdir, noise_file, "v3_ca", 3, True ) generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v1_self_signed", 1, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v1_self_signed_bc", 1, True, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v2_self_signed", 2, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v2_self_signed_bc", 2, True, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed", 3, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed_bc", 3, True, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed", 4, False, False); CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed_bc", 4, True, False);
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(srcdir) generate_ca_cert(srcdir, srcdir, noise_file, 'ca') generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '') ocsp_url = "http://www.example.com:8888/" generate_child_cert(srcdir, srcdir, noise_file, "a", 'int', True, ocsp_url) generate_child_cert(srcdir, srcdir, noise_file, "b", 'int', True, ocsp_url)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(srcdir) generate_ca_cert(srcdir, srcdir, noise_file, 'ca') generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '') ocsp_url = "http://www.example.com:8080/" generate_child_cert(srcdir, srcdir, noise_file, "a", 'int', True, ocsp_url) generate_child_cert(srcdir, srcdir, noise_file, "b", 'int', True, ocsp_url)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(db) generate_ca(db, srcdir, noise_file, "v1_ca", 1, False) generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True) generate_ca(db, srcdir, noise_file, "v2_ca", 2, False) generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True) generate_ca(db, srcdir, noise_file, "v3_ca", 3, True) generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v1_self_signed", 1, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v1_self_signed_bc", 1, True, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v2_self_signed", 2, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v2_self_signed_bc", 2, True, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed", 3, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed_bc", 3, True, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed", 4, False, False) CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed_bc", 4, True, False)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(db) generate_ca(db, srcdir, noise_file, "v1_ca", 1, False) generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True) generate_ca(db, srcdir, noise_file, "v2_ca", 2, False) generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True) generate_ca(db, srcdir, noise_file, "v3_ca", 3, True) generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(db) generate_ca(db, srcdir, noise_file, "v1_ca", 1, False ) generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True) generate_ca(db, srcdir, noise_file, "v2_ca", 2, False ) generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True) generate_ca(db, srcdir, noise_file, "v3_ca", 3, True ) generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(srcdir) generate_ca_cert(srcdir, srcdir, noise_file, 'ca') generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '') nick_baseurl = { 'no-path-url': "http://www.example.com:8888", 'ftp-url': "ftp://www.example.com:8888/", 'no-scheme-url': "www.example.com:8888/", 'empty-scheme-url': "://www.example.com:8888/", 'no-host-url': "http://:8888/", 'hTTp-url': "hTTp://www.example.com:8888/hTTp-url", 'https-url': "https://www.example.com:8888/https-url", 'bad-scheme': "/www.example.com", 'empty-port': "http://www.example.com:/", 'unknown-scheme': "ttp://www.example.com", 'negative-port': "http://www.example.com:-1", 'no-scheme-host-port': "/" } for nick, url in nick_baseurl.iteritems(): generate_child_cert(srcdir, srcdir, noise_file, nick, 'int', True, url)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(srcdir) generate_ca_cert(srcdir, srcdir, noise_file, 'ca') generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '') nick_baseurl = { 'no-path-url': "http://www.example.com:8888", 'ftp-url': "ftp://www.example.com:8888/", 'no-scheme-url': "www.example.com:8888/", 'empty-scheme-url': "://www.example.com:8888/", 'no-host-url': "http://:8888/", 'hTTp-url': "hTTp://www.example.com:8888/hTTp-url", 'https-url': "https://www.example.com:8888/https-url", 'bad-scheme': "/www.example.com", 'empty-port': "http://www.example.com:/", 'unknown-scheme': "ttp://www.example.com", 'negative-port': "http://www.example.com:-1", 'no-scheme-host-port': "/" } for nick, url in nick_baseurl.iteritems(): generate_child_cert(srcdir, srcdir, noise_file, nick, 'int', True, url)
ca_ext_text, '', '', 60) [int_nick, int_key_file, int_cert_file] = generate_and_import_cert( 'int', root_nick, ca_ext_text, root_key_file, root_cert_file, 60) generate_and_import_cert( 'ee', int_nick, '', int_key_file, int_cert_file, ee_validity_months) # Create a NSS DB for use by the OCSP responder. [noise_file, pwd_file] = CertUtils.init_nss_db(src_dir) generate_chain(39) generate_chain(40) # Remove unnecessary files os.remove(noise_file) os.remove(pwd_file)
dsaBad_param_filename, bad_key_size, generate_ev) generate_and_maybe_import_cert(key_type, '-eeOK-intBad-caOK', ee_ext_text, intBad_key, intBad_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad End Entity generate_and_maybe_import_cert(key_type, '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaBad_param_filename, bad_key_size, generate_ev) # Create a NSS DB for use by the OCSP responder. CertUtils.init_nss_db(srcdir) # TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of # bits to the next multiple of 8 - therefore the highest key size less than 1024 # that can be tested is 1016, less than 2048 is 2040 and so on. generate_certs('rsa', '1016', '1024', False) generate_certs('rsa', '2040', '2048', True) generate_certs('dsa', '960', '1024', False) # Print a blank line and the information needed to enable EV for any roots # generated by this script. print for cert_filename in generated_ev_root_filenames: CertUtils.print_cert_info_for_ev(cert_filename) print('You now MUST update the compiled test EV root information to match ' +
adequate_key_size, generate_ev) # Generate chain with an end entity cert that has an inadequate size generate_and_maybe_import_cert( key_type, 'ee', intOK_nick, ee_ext_text, intOK_key, intOK_cert, inadequate_key_size, generate_ev) # Create a NSS DB for use by the OCSP responder. CertUtils.init_nss_db(srcdir) # TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of # bits to the next multiple of 8 - therefore the highest key size less than 1024 # that can be tested is 1016, less than 2048 is 2040 and so on. generate_certs('rsa', '1016', '1024', False) generate_certs('rsa', '2040', '2048', True) # Print a blank line and the information needed to enable EV for any roots # generated by this script. print for cert_filename in generated_ev_root_filenames: CertUtils.print_cert_info(cert_filename) print ('You now MUST update the compiled test EV root information to match ' + 'the EV root information printed above.')
def generate_certs(): ca_cert = 'evroot.der' ca_key = 'evroot.key' prefix = "ev-valid" key_type = 'rsa' ee_ext_text = (aia_prefix + prefix + aia_suffix + endentity_crl + mozilla_testing_ev_policy) int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix + intermediate_crl + mozilla_testing_ev_policy) CertUtils.init_nss_db(srcdir) CertUtils.import_cert_and_pkcs12(srcdir, ca_cert, 'evroot.p12', 'evroot', 'C,C,C') [int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db, srcdir, ca_key, ca_cert, prefix, int_ext_text, ee_ext_text, key_type) pk12file = CertUtils.generate_pkcs12(db, db, int_cert, int_key, "int-" + prefix) CertUtils.import_cert_and_pkcs12(srcdir, int_cert, pk12file, 'int-' + prefix, ',,') import_untrusted_cert(ee_cert, prefix) # now we generate an end entity cert with an AIA with no OCSP URL no_ocsp_url_ext_aia = ("authorityInfoAccess =" + "caIssuers;URI:http://www.example.com/ca.html\n"); [no_ocsp_key, no_ocsp_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100, 40000000), key_type, 'no-ocsp-url-cert', no_ocsp_url_ext_aia + endentity_crl + mozilla_testing_ev_policy, int_key, int_cert); import_untrusted_cert(no_ocsp_cert, 'no-ocsp-url-cert'); # add an ev cert whose intermediate has a anypolicy oid prefix = "ev-valid-anypolicy-int" ee_ext_text = (aia_prefix + prefix + aia_suffix + endentity_crl + mozilla_testing_ev_policy) int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix + intermediate_crl + anypolicy_policy) [int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db, srcdir, ca_key, ca_cert, prefix, int_ext_text, ee_ext_text, key_type) pk12file = CertUtils.generate_pkcs12(db, db, int_cert, int_key, "int-" + prefix) CertUtils.import_cert_and_pkcs12(srcdir, int_cert, pk12file, 'int-' + prefix, ',,') import_untrusted_cert(ee_cert, prefix) [bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic( db, srcdir, 1, 'rsa', 'non-evroot-ca', CA_extensions) pk12file = CertUtils.generate_pkcs12(db, db, bad_ca_cert, bad_ca_key, "non-evroot-ca") CertUtils.import_cert_and_pkcs12(srcdir, bad_ca_cert, pk12file, 'non-evroot-ca', 'C,C,C') prefix = "non-ev-root" ee_ext_text = (aia_prefix + prefix + aia_suffix + endentity_crl + mozilla_testing_ev_policy) int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix + intermediate_crl + mozilla_testing_ev_policy) [int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db, srcdir, bad_ca_key, bad_ca_cert, prefix, int_ext_text, ee_ext_text, key_type) pk12file = CertUtils.generate_pkcs12(db, db, int_cert, int_key, "int-" + prefix) CertUtils.import_cert_and_pkcs12(srcdir, int_cert, pk12file, 'int-' + prefix, ',,') import_untrusted_cert(ee_cert, prefix)