generate_and_maybe_import_cert(key_type, '-eeOK-intBad-caOK', ee_ext_text, intBad_key, intBad_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad End Entity generate_and_maybe_import_cert(key_type, '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaBad_param_filename, bad_key_size, generate_ev) # Create a NSS DB for use by the OCSP responder. CertUtils.init_nss_db(srcdir) # TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of # bits to the next multiple of 8 - therefore the highest key size less than 1024 # that can be tested is 1016, less than 2048 is 2040 and so on. generate_certs('rsa', '1016', '1024', False) generate_certs('rsa', '2040', '2048', True) generate_certs('dsa', '960', '1024', False) # Print a blank line and the information needed to enable EV for any roots # generated by this script. print for cert_filename in generated_ev_root_filenames: CertUtils.print_cert_info_for_ev(cert_filename) print('You now MUST update the compiled test EV root information to match ' + 'the EV root information printed above.')
CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n" CA_min_ku = "keyUsage = critical, digitalSignature, keyCertSign, cRLSign\n" subject_key_ident = "subjectKeyIdentifier = hash\n" cert_name = 'evroot' ext_text = CA_basic_constraints + CA_min_ku + subject_key_ident subject_string = ('/C=US/ST=CA/L=Mountain View' + '/O=Mozilla - EV debug test CA/OU=Security Engineering' + '/CN=XPCShell EV Testing (untrustworthy) CA') # The db_dir argument of generate_cert_generic() is also set to dest_dir as # the .key file generated is needed by other certs. [ca_key, ca_cert] = CertUtils.generate_cert_generic( dest_dir, dest_dir, random.randint(100, 40000000), 'rsa', cert_name, ext_text, subject_string = subject_string) CertUtils.generate_pkcs12(db, dest_dir, ca_cert, ca_key, cert_name) # Print a blank line and the information needed to enable EV for the root # generated by this script. print CertUtils.print_cert_info_for_ev(ca_cert) print ('You now MUST update the compiled test EV root information to match ' + 'the EV root information printed above. In addition, certs that chain ' + 'up to this root in other folders will also need to be regenerated.' )
CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n" CA_min_ku = "keyUsage = critical, digitalSignature, keyCertSign, cRLSign\n" subject_key_ident = "subjectKeyIdentifier = hash\n" cert_name = 'evroot' ext_text = CA_basic_constraints + CA_min_ku + subject_key_ident subject_string = ('/C=US/ST=CA/L=Mountain View' + '/O=Mozilla - EV debug test CA/OU=Security Engineering' + '/CN=XPCShell EV Testing (untrustworthy) CA') # The db_dir argument of generate_cert_generic() is also set to dest_dir as # the .key file generated is needed by other certs. [ca_key, ca_cert] = CertUtils.generate_cert_generic(dest_dir, dest_dir, random.randint(100, 40000000), 'rsa', cert_name, ext_text, subject_string=subject_string) CertUtils.generate_pkcs12(db, dest_dir, ca_cert, ca_key, cert_name) # Print a blank line and the information needed to enable EV for the root # generated by this script. print CertUtils.print_cert_info_for_ev(ca_cert) print('You now MUST update the compiled test EV root information to match ' + 'the EV root information printed above. In addition, certs that chain ' + 'up to this root in other folders will also need to be regenerated.')
# Bad End Entity generate_and_maybe_import_cert( key_type, '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaBad_param_filename, bad_key_size, generate_ev) # Create a NSS DB for use by the OCSP responder. CertUtils.init_nss_db(srcdir) # TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of # bits to the next multiple of 8 - therefore the highest key size less than 1024 # that can be tested is 1016, less than 2048 is 2040 and so on. generate_certs('rsa', '1016', '1024', False) generate_certs('rsa', '2040', '2048', True) generate_certs('dsa', '960', '1024', False) # Print a blank line and the information needed to enable EV for any roots # generated by this script. print for cert_filename in generated_ev_root_filenames: CertUtils.print_cert_info_for_ev(cert_filename) print ('You now MUST update the compiled test EV root information to match ' + 'the EV root information printed above.')