예제 #1
0
    generate_and_maybe_import_cert(key_type, '-eeOK-intBad-caOK', ee_ext_text,
                                   intBad_key, intBad_cert,
                                   dsaOK_param_filename, ok_key_size,
                                   generate_ev)

    # Bad End Entity
    generate_and_maybe_import_cert(key_type, '-eeBad-intOK-caOK', ee_ext_text,
                                   intOK_key, intOK_cert,
                                   dsaBad_param_filename, bad_key_size,
                                   generate_ev)


# Create a NSS DB for use by the OCSP responder.
CertUtils.init_nss_db(srcdir)

# TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of
# bits to the next multiple of 8 - therefore the highest key size less than 1024
# that can be tested is 1016, less than 2048 is 2040 and so on.
generate_certs('rsa', '1016', '1024', False)
generate_certs('rsa', '2040', '2048', True)

generate_certs('dsa', '960', '1024', False)

# Print a blank line and the information needed to enable EV for any roots
# generated by this script.
print
for cert_filename in generated_ev_root_filenames:
    CertUtils.print_cert_info_for_ev(cert_filename)
print('You now MUST update the compiled test EV root information to match ' +
      'the EV root information printed above.')
예제 #2
0
CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n"
CA_min_ku = "keyUsage = critical, digitalSignature, keyCertSign, cRLSign\n"
subject_key_ident = "subjectKeyIdentifier = hash\n"

cert_name = 'evroot'
ext_text = CA_basic_constraints + CA_min_ku + subject_key_ident
subject_string = ('/C=US/ST=CA/L=Mountain View' +
                  '/O=Mozilla - EV debug test CA/OU=Security Engineering' +
                  '/CN=XPCShell EV Testing (untrustworthy) CA')

# The db_dir argument of generate_cert_generic() is also set to dest_dir as
# the .key file generated is needed by other certs.
[ca_key, ca_cert] = CertUtils.generate_cert_generic(
    dest_dir,
    dest_dir,
    random.randint(100, 40000000),
    'rsa',
    cert_name,
    ext_text,
    subject_string = subject_string)

CertUtils.generate_pkcs12(db, dest_dir, ca_cert, ca_key, cert_name)

# Print a blank line and the information needed to enable EV for the root
# generated by this script.
print
CertUtils.print_cert_info_for_ev(ca_cert)
print ('You now MUST update the compiled test EV root information to match ' +
       'the EV root information printed above. In addition, certs that chain ' +
       'up to this root in other folders will also need to be regenerated.' )
예제 #3
0
CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n"
CA_min_ku = "keyUsage = critical, digitalSignature, keyCertSign, cRLSign\n"
subject_key_ident = "subjectKeyIdentifier = hash\n"

cert_name = 'evroot'
ext_text = CA_basic_constraints + CA_min_ku + subject_key_ident
subject_string = ('/C=US/ST=CA/L=Mountain View' +
                  '/O=Mozilla - EV debug test CA/OU=Security Engineering' +
                  '/CN=XPCShell EV Testing (untrustworthy) CA')

# The db_dir argument of generate_cert_generic() is also set to dest_dir as
# the .key file generated is needed by other certs.
[ca_key,
 ca_cert] = CertUtils.generate_cert_generic(dest_dir,
                                            dest_dir,
                                            random.randint(100, 40000000),
                                            'rsa',
                                            cert_name,
                                            ext_text,
                                            subject_string=subject_string)

CertUtils.generate_pkcs12(db, dest_dir, ca_cert, ca_key, cert_name)

# Print a blank line and the information needed to enable EV for the root
# generated by this script.
print
CertUtils.print_cert_info_for_ev(ca_cert)
print('You now MUST update the compiled test EV root information to match ' +
      'the EV root information printed above. In addition, certs that chain ' +
      'up to this root in other folders will also need to be regenerated.')
예제 #4
0
    # Bad End Entity
    generate_and_maybe_import_cert(
        key_type,
        '-eeBad-intOK-caOK',
        ee_ext_text,
        intOK_key,
        intOK_cert,
        dsaBad_param_filename,
        bad_key_size,
        generate_ev)

# Create a NSS DB for use by the OCSP responder.
CertUtils.init_nss_db(srcdir)

# TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of
# bits to the next multiple of 8 - therefore the highest key size less than 1024
# that can be tested is 1016, less than 2048 is 2040 and so on.
generate_certs('rsa', '1016', '1024', False)
generate_certs('rsa', '2040', '2048', True)

generate_certs('dsa', '960', '1024', False)

# Print a blank line and the information needed to enable EV for any roots
# generated by this script.
print
for cert_filename in generated_ev_root_filenames:
    CertUtils.print_cert_info_for_ev(cert_filename)
print ('You now MUST update the compiled test EV root information to match ' +
       'the EV root information printed above.')