def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(db)
generate_ca(db, srcdir, noise_file, "v1_ca", 1, False )
generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True)
generate_ca(db, srcdir, noise_file, "v2_ca", 2, False )
generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True)
generate_ca(db, srcdir, noise_file, "v3_ca", 3, True )
generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v1_self_signed",
1, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v1_self_signed_bc",
1, True, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v2_self_signed",
2, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v2_self_signed_bc",
2, True, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed",
3, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v3_self_signed_bc",
3, True, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed",
4, False, False);
CertUtils.generate_self_signed_cert(db, srcdir, noise_file, "v4_self_signed_bc",
4, True, False);
def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(srcdir)
generate_ca_cert(srcdir, srcdir, noise_file, 'ca')
generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '')
ocsp_url = "http://www.example.com:8888/"
generate_child_cert(srcdir, srcdir, noise_file, "a", 'int', True, ocsp_url)
generate_child_cert(srcdir, srcdir, noise_file, "b", 'int', True, ocsp_url)
def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(srcdir)
generate_ca_cert(srcdir, srcdir, noise_file, 'ca')
generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '')
ocsp_url = "http://www.example.com:8080/"
generate_child_cert(srcdir, srcdir, noise_file, "a", 'int', True, ocsp_url)
generate_child_cert(srcdir, srcdir, noise_file, "b", 'int', True, ocsp_url)
def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(db)
generate_ca(db, srcdir, noise_file, "v1_ca", 1, False)
generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True)
generate_ca(db, srcdir, noise_file, "v2_ca", 2, False)
generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True)
generate_ca(db, srcdir, noise_file, "v3_ca", 3, True)
generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v1_self_signed", 1, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v1_self_signed_bc", 1, True, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v2_self_signed", 2, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v2_self_signed_bc", 2, True, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v3_self_signed", 3, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v3_self_signed_bc", 3, True, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v4_self_signed", 4, False, False)
CertUtils.generate_self_signed_cert(db, srcdir, noise_file,
"v4_self_signed_bc", 4, True, False)
def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(db)
generate_ca(db, srcdir, noise_file, "v1_ca", 1, False)
generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True)
generate_ca(db, srcdir, noise_file, "v2_ca", 2, False)
generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True)
generate_ca(db, srcdir, noise_file, "v3_ca", 3, True)
generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
def generate_certs(): [noise_file, pwd_file] = CertUtils.init_nss_db(db) generate_ca(db, srcdir, noise_file, "v1_ca", 1, False ) generate_ca(db, srcdir, noise_file, "v1_ca_bc", 1, True) generate_ca(db, srcdir, noise_file, "v2_ca", 2, False ) generate_ca(db, srcdir, noise_file, "v2_ca_bc", 2, True) generate_ca(db, srcdir, noise_file, "v3_ca", 3, True ) generate_ca(db, srcdir, noise_file, "v3_ca_missing_bc", 3, False)
def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(srcdir)
generate_ca_cert(srcdir, srcdir, noise_file, 'ca')
generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '')
nick_baseurl = { 'no-path-url': "http://www.example.com:8888",
'ftp-url': "ftp://www.example.com:8888/",
'no-scheme-url': "www.example.com:8888/",
'empty-scheme-url': "://www.example.com:8888/",
'no-host-url': "http://:8888/",
'hTTp-url': "hTTp://www.example.com:8888/hTTp-url",
'https-url': "https://www.example.com:8888/https-url",
'bad-scheme': "/www.example.com",
'empty-port': "http://www.example.com:/",
'unknown-scheme': "ttp://www.example.com",
'negative-port': "http://www.example.com:-1",
'no-scheme-host-port': "/" }
for nick, url in nick_baseurl.iteritems():
generate_child_cert(srcdir, srcdir, noise_file, nick, 'int', True, url)
def generate_certs():
[noise_file, pwd_file] = CertUtils.init_nss_db(srcdir)
generate_ca_cert(srcdir, srcdir, noise_file, 'ca')
generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '')
nick_baseurl = {
'no-path-url': "http://www.example.com:8888",
'ftp-url': "ftp://www.example.com:8888/",
'no-scheme-url': "www.example.com:8888/",
'empty-scheme-url': "://www.example.com:8888/",
'no-host-url': "http://:8888/",
'hTTp-url': "hTTp://www.example.com:8888/hTTp-url",
'https-url': "https://www.example.com:8888/https-url",
'bad-scheme': "/www.example.com",
'empty-port': "http://www.example.com:/",
'unknown-scheme': "ttp://www.example.com",
'negative-port': "http://www.example.com:-1",
'no-scheme-host-port': "/"
}
for nick, url in nick_baseurl.iteritems():
generate_child_cert(srcdir, srcdir, noise_file, nick, 'int', True, url)
ca_ext_text,
'',
'',
60)
[int_nick, int_key_file, int_cert_file] = generate_and_import_cert(
'int',
root_nick,
ca_ext_text,
root_key_file,
root_cert_file,
60)
generate_and_import_cert(
'ee',
int_nick,
'',
int_key_file,
int_cert_file,
ee_validity_months)
# Create a NSS DB for use by the OCSP responder.
[noise_file, pwd_file] = CertUtils.init_nss_db(src_dir)
generate_chain(39)
generate_chain(40)
# Remove unnecessary files
os.remove(noise_file)
os.remove(pwd_file)
dsaBad_param_filename, bad_key_size, generate_ev)
generate_and_maybe_import_cert(key_type, '-eeOK-intBad-caOK', ee_ext_text,
intBad_key, intBad_cert,
dsaOK_param_filename, ok_key_size,
generate_ev)
# Bad End Entity
generate_and_maybe_import_cert(key_type, '-eeBad-intOK-caOK', ee_ext_text,
intOK_key, intOK_cert,
dsaBad_param_filename, bad_key_size,
generate_ev)
# Create a NSS DB for use by the OCSP responder.
CertUtils.init_nss_db(srcdir)
# TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of
# bits to the next multiple of 8 - therefore the highest key size less than 1024
# that can be tested is 1016, less than 2048 is 2040 and so on.
generate_certs('rsa', '1016', '1024', False)
generate_certs('rsa', '2040', '2048', True)
generate_certs('dsa', '960', '1024', False)
# Print a blank line and the information needed to enable EV for any roots
# generated by this script.
print
for cert_filename in generated_ev_root_filenames:
CertUtils.print_cert_info_for_ev(cert_filename)
print('You now MUST update the compiled test EV root information to match ' +
adequate_key_size,
generate_ev)
# Generate chain with an end entity cert that has an inadequate size
generate_and_maybe_import_cert(
key_type,
'ee',
intOK_nick,
ee_ext_text,
intOK_key,
intOK_cert,
inadequate_key_size,
generate_ev)
# Create a NSS DB for use by the OCSP responder.
CertUtils.init_nss_db(srcdir)
# TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of
# bits to the next multiple of 8 - therefore the highest key size less than 1024
# that can be tested is 1016, less than 2048 is 2040 and so on.
generate_certs('rsa', '1016', '1024', False)
generate_certs('rsa', '2040', '2048', True)
# Print a blank line and the information needed to enable EV for any roots
# generated by this script.
print
for cert_filename in generated_ev_root_filenames:
CertUtils.print_cert_info(cert_filename)
print ('You now MUST update the compiled test EV root information to match ' +
'the EV root information printed above.')
def generate_certs():
ca_cert = 'evroot.der'
ca_key = 'evroot.key'
prefix = "ev-valid"
key_type = 'rsa'
ee_ext_text = (aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + mozilla_testing_ev_policy)
CertUtils.init_nss_db(srcdir)
CertUtils.import_cert_and_pkcs12(srcdir, ca_cert, 'evroot.p12', 'evroot',
'C,C,C')
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, db, int_cert, int_key,
"int-" + prefix)
CertUtils.import_cert_and_pkcs12(srcdir, int_cert, pk12file,
'int-' + prefix, ',,')
import_untrusted_cert(ee_cert, prefix)
# now we generate an end entity cert with an AIA with no OCSP URL
no_ocsp_url_ext_aia = ("authorityInfoAccess =" +
"caIssuers;URI:http://www.example.com/ca.html\n");
[no_ocsp_key, no_ocsp_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100, 40000000),
key_type,
'no-ocsp-url-cert',
no_ocsp_url_ext_aia + endentity_crl +
mozilla_testing_ev_policy,
int_key, int_cert);
import_untrusted_cert(no_ocsp_cert, 'no-ocsp-url-cert');
# add an ev cert whose intermediate has a anypolicy oid
prefix = "ev-valid-anypolicy-int"
ee_ext_text = (aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + anypolicy_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, db, int_cert, int_key,
"int-" + prefix)
CertUtils.import_cert_and_pkcs12(srcdir, int_cert, pk12file,
'int-' + prefix, ',,')
import_untrusted_cert(ee_cert, prefix)
[bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic( db,
srcdir,
1,
'rsa',
'non-evroot-ca',
CA_extensions)
pk12file = CertUtils.generate_pkcs12(db, db, bad_ca_cert, bad_ca_key,
"non-evroot-ca")
CertUtils.import_cert_and_pkcs12(srcdir, bad_ca_cert, pk12file,
'non-evroot-ca', 'C,C,C')
prefix = "non-ev-root"
ee_ext_text = (aia_prefix + prefix + aia_suffix +
endentity_crl + mozilla_testing_ev_policy)
int_ext_text = (CA_extensions + aia_prefix + "int-" + prefix + aia_suffix +
intermediate_crl + mozilla_testing_ev_policy)
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
srcdir,
bad_ca_key,
bad_ca_cert,
prefix,
int_ext_text,
ee_ext_text,
key_type)
pk12file = CertUtils.generate_pkcs12(db, db, int_cert, int_key,
"int-" + prefix)
CertUtils.import_cert_and_pkcs12(srcdir, int_cert, pk12file,
'int-' + prefix, ',,')
import_untrusted_cert(ee_cert, prefix)
