Exemplo n.º 1
0
CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n"
CA_min_ku = "keyUsage = critical, digitalSignature, keyCertSign, cRLSign\n"
subject_key_ident = "subjectKeyIdentifier = hash\n"

cert_name = 'evroot'
ext_text = CA_basic_constraints + CA_min_ku + subject_key_ident
subject_string = ('/C=US/ST=CA/L=Mountain View' +
                  '/O=Mozilla - EV debug test CA/OU=Security Engineering' +
                  '/CN=XPCShell EV Testing (untrustworthy) CA')

# The db_dir argument of generate_cert_generic() is also set to dest_dir as
# the .key file generated is needed by other certs.
[ca_key,
 ca_cert] = CertUtils.generate_cert_generic(dest_dir,
                                            dest_dir,
                                            random.randint(100, 40000000),
                                            'rsa',
                                            cert_name,
                                            ext_text,
                                            subject_string=subject_string)

CertUtils.generate_pkcs12(db, dest_dir, ca_cert, ca_key, cert_name)

# Print a blank line and the information needed to enable EV for the root
# generated by this script.
print
CertUtils.print_cert_info(ca_cert)
print('You now MUST update the compiled test EV root information to match ' +
      'the EV root information printed above. In addition, certs that chain ' +
      'up to this root in other folders will also need to be regenerated.')
Exemplo n.º 2
0
        adequate_key_size,
        generate_ev)

    # Generate chain with an end entity cert that has an inadequate size
    generate_and_maybe_import_cert(
        key_type,
        'ee',
        intOK_nick,
        ee_ext_text,
        intOK_key,
        intOK_cert,
        inadequate_key_size,
        generate_ev)

# Create a NSS DB for use by the OCSP responder.
CertUtils.init_nss_db(srcdir)

# TODO(bug 636807): SECKEY_PublicKeyStrengthInBits() rounds up the number of
# bits to the next multiple of 8 - therefore the highest key size less than 1024
# that can be tested is 1016, less than 2048 is 2040 and so on.
generate_certs('rsa', '1016', '1024', False)
generate_certs('rsa', '2040', '2048', True)

# Print a blank line and the information needed to enable EV for any roots
# generated by this script.
print
for cert_filename in generated_ev_root_filenames:
    CertUtils.print_cert_info(cert_filename)
print ('You now MUST update the compiled test EV root information to match ' +
       'the EV root information printed above.')
Exemplo n.º 3
0
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

import tempfile, os, sys, random

libpath = os.path.abspath("../psm_common_py")
sys.path.append(libpath)

import CertUtils

dest_dir = os.getcwd()
db = tempfile.mkdtemp()

serial = random.randint(100, 40000000)
name = "client-cert"
[key, cert] = CertUtils.generate_cert_generic(db, dest_dir, serial, "rsa",
                                              name, "")
CertUtils.generate_pkcs12(db, dest_dir, cert, key, name)

# Print a blank line and the fingerprint of the cert that ClientAuthServer.cpp
# should be modified with.
print
CertUtils.print_cert_info(cert)
print ('You now MUST update the fingerprint in ClientAuthServer.cpp to match ' +
       'the fingerprint printed above.')

# Remove unnecessary .der file
os.remove(dest_dir + "/" + name + ".der")
Exemplo n.º 4
0
    generate_cert_chain('prime256v1', '256', 'prime256v1', '256', 'secp256k1',
                        '256', False)
    generate_cert_chain('secp256k1', '256', 'prime256v1', '256', 'prime256v1',
                        '256', False)


def generate_combination_chains():
    generate_cert_chain('rsa', '2048', 'prime256v1', '256', 'secp384r1', '384',
                        False)
    generate_cert_chain('rsa', '2048', 'prime256v1', '256', 'secp224r1', '224',
                        False)
    generate_cert_chain('prime256v1', '256', 'rsa', '1016', 'prime256v1',
                        '256', False)


# Create a NSS DB for use by the OCSP responder.
CertUtils.init_nss_db(srcdir)

generate_rsa_chains('1016', '1024', False)
generate_rsa_chains('2040', '2048', True)
generate_ecc_chains()
generate_combination_chains()

# Print a blank line and the information needed to enable EV for any roots
# generated by this script.
print
for cert_filename in generated_ev_root_filenames:
    CertUtils.print_cert_info(cert_filename)
print('You now MUST update the compiled test EV root information to match ' +
      'the EV root information printed above.')