def generate_certs(): CertUtils.init_dsa(db) ee_ext_text = EE_basic_constraints + EE_full_ku for name, key_type in pk_name.iteritems(): ca_name = "ca-" + name [ca_key, ca_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, ca_name, CA_basic_constraints + CA_min_ku) [valid_int_key, valid_int_cert, ee_key, ee_cert] = ( CertUtils.generate_int_and_ee(db, srcdir, ca_key, ca_cert, name + "-valid", CA_basic_constraints, ee_ext_text, key_type) ) [int_key, int_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, "int-" + name + "-tampered", ee_ext_text, ca_key, ca_cert) [ee_key, ee_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, name + "-tampered-int-valid-ee", ee_ext_text, int_key, int_cert) #only tamper after ee has been generated tamper_cert(int_cert); [ee_key, ee_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, name + "-valid-int-tampered-ee", ee_ext_text, valid_int_key, valid_int_cert) tamper_cert(ee_cert);
def generate_certs(): CertUtils.init_dsa(db) ee_ext_text = "" for name, key_type in pk_name.iteritems(): ca_name = "ca-" + name [ca_key, ca_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, ca_name, CA_basic_constraints + CA_min_ku) [valid_int_key, valid_int_cert, ee_key, ee_cert] = ( CertUtils.generate_int_and_ee(db, srcdir, ca_key, ca_cert, name + "-valid", CA_basic_constraints, ee_ext_text, key_type) ) [int_key, int_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, "int-" + name + "-tampered", ee_ext_text, ca_key, ca_cert) [ee_key, ee_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, name + "-tampered-int-valid-ee", ee_ext_text, int_key, int_cert) #only tamper after ee has been generated tamper_cert(int_cert); [ee_key, ee_cert] = CertUtils.generate_cert_generic(db, srcdir, random.randint(100,4000000), key_type, name + "-valid-int-tampered-ee", ee_ext_text, valid_int_key, valid_int_cert) tamper_cert(ee_cert);
def generate_certs(key_type, bad_key_size, ok_key_size, generate_ev): """ Generates the various certificates used by the key size tests. Arguments: key_type -- the type of key generated: potential values: 'rsa', 'dsa', or any of the curves found by 'openssl ecparam -list_curves' bad_key_size -- the public key size bad certs should have ok_key_size -- the public key size OK certs should have generate_ev -- whether an EV cert should be generated """ if key_type == 'dsa': CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size) CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size) # OK Chain if generate_ev and key_type == 'rsa': # Reuse the existing RSA EV root caOK_cert_name = 'evroot' caOK_key = '../test_ev_certs/evroot.key' caOK_cert = '../test_ev_certs/evroot.der' caOK_pkcs12_filename = '../test_ev_certs/evroot.p12' CertUtils.import_cert_and_pkcs12(srcdir, caOK_cert, caOK_pkcs12_filename, caOK_cert_name, ',,') else: [caOK_key, caOK_cert] = generate_and_maybe_import_cert(key_type, '-caOK', ca_ext_text, '', '', dsaOK_param_filename, ok_key_size, generate_ev) [intOK_key, intOK_cert] = generate_and_maybe_import_cert( key_type, '-intOK-caOK', ca_ext_text, caOK_key, caOK_cert, dsaOK_param_filename, ok_key_size, generate_ev) generate_and_maybe_import_cert(key_type, '-eeOK-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad CA [caBad_key, caBad_cert] = generate_and_maybe_import_cert(key_type, '-caBad', ca_ext_text, '', '', dsaBad_param_filename, bad_key_size, generate_ev) [int_key, int_cert] = generate_and_maybe_import_cert( key_type, '-intOK-caBad', ca_ext_text, caBad_key, caBad_cert, dsaOK_param_filename, ok_key_size, generate_ev) generate_and_maybe_import_cert(key_type, '-eeOK-intOK-caBad', ee_ext_text, int_key, int_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad Intermediate [intBad_key, intBad_cert] = generate_and_maybe_import_cert( key_type, '-intBad-caOK', ca_ext_text, caOK_key, caOK_cert, dsaBad_param_filename, bad_key_size, generate_ev) generate_and_maybe_import_cert(key_type, '-eeOK-intBad-caOK', ee_ext_text, intBad_key, intBad_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad End Entity generate_and_maybe_import_cert(key_type, '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaBad_param_filename, bad_key_size, generate_ev)
def generate_certs(key_type, bad_key_size, ok_key_size): if key_type == 'dsa': CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size) CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size) # OK Chain [caOK_key, caOK_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-caOK', ca_ext_text, dsa_param_filename=dsaOK_param_filename, key_size=ok_key_size) [intOK_key, intOK_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-intOK-caOK', ca_ext_text, caOK_key, caOK_cert, dsa_param_filename=dsaOK_param_filename, key_size=ok_key_size) CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeOK-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsa_param_filename=dsaOK_param_filename, key_size=ok_key_size) # Bad CA [caBad_key, caBad_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-caBad', ca_ext_text, dsa_param_filename=dsaBad_param_filename, key_size=bad_key_size) [int_key, int_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-intOK-caBad', ca_ext_text, caBad_key, caBad_cert, dsa_param_filename=dsaOK_param_filename, key_size=ok_key_size) CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeOK-intOK-caBad', ee_ext_text, int_key, int_cert, dsa_param_filename=dsaOK_param_filename, key_size=ok_key_size) # Bad Intermediate [intBad_key, intBad_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-intBad-caOK', ca_ext_text, caOK_key, caOK_cert, dsa_param_filename=dsaBad_param_filename, key_size=bad_key_size) CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeOK-intBad-caOK', ee_ext_text, intBad_key, intBad_cert, dsa_param_filename=dsaOK_param_filename, key_size=ok_key_size) # Bad End Entity CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsa_param_filename=dsaBad_param_filename, key_size=bad_key_size)
def generate_certs(key_type, bad_key_size, ok_key_size): if key_type == 'dsa': CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size) CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size) # OK Chain [caOK_key, caOK_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-caOK', ca_ext_text, dsa_param_filename = dsaOK_param_filename, key_size = ok_key_size) [intOK_key, intOK_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-intOK-caOK', ca_ext_text, caOK_key, caOK_cert, dsa_param_filename = dsaOK_param_filename, key_size = ok_key_size) CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeOK-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsa_param_filename = dsaOK_param_filename, key_size = ok_key_size) # Bad CA [caBad_key, caBad_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-caBad', ca_ext_text, dsa_param_filename = dsaBad_param_filename, key_size = bad_key_size) [int_key, int_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-intOK-caBad', ca_ext_text, caBad_key, caBad_cert, dsa_param_filename = dsaOK_param_filename, key_size = ok_key_size) CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeOK-intOK-caBad', ee_ext_text, int_key, int_cert, dsa_param_filename = dsaOK_param_filename, key_size = ok_key_size) # Bad Intermediate [intBad_key, intBad_cert] = CertUtils.generate_cert_generic( db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-intBad-caOK', ca_ext_text, caOK_key, caOK_cert, dsa_param_filename = dsaBad_param_filename, key_size = bad_key_size) CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeOK-intBad-caOK', ee_ext_text, intBad_key, intBad_cert, dsa_param_filename = dsaOK_param_filename, key_size = ok_key_size) # Bad End Entity CertUtils.generate_cert_generic(db_dir, srcdir, random.randint(100, 40000000), key_type, key_type + '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsa_param_filename = dsaBad_param_filename, key_size = bad_key_size)
def generate_certs(key_type, bad_key_size, ok_key_size, generate_ev): """ Generates the various certificates used by the key size tests. Arguments: key_type -- the type of key generated: potential values: 'rsa', 'dsa', or any of the curves found by 'openssl ecparam -list_curves' bad_key_size -- the public key size bad certs should have ok_key_size -- the public key size OK certs should have generate_ev -- whether an EV cert should be generated """ if key_type == 'dsa': CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size) CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size) # OK Chain if generate_ev and key_type == 'rsa': # Reuse the existing RSA EV root caOK_cert_name = 'evroot' caOK_key = '../test_ev_certs/evroot.key' caOK_cert = '../test_ev_certs/evroot.der' caOK_pkcs12_filename = '../test_ev_certs/evroot.p12' CertUtils.import_cert_and_pkcs12(srcdir, caOK_cert, caOK_pkcs12_filename, caOK_cert_name, ',,') else: [caOK_key, caOK_cert] = generate_and_maybe_import_cert( key_type, '-caOK', ca_ext_text, '', '', dsaOK_param_filename, ok_key_size, generate_ev) [intOK_key, intOK_cert] = generate_and_maybe_import_cert( key_type, '-intOK-caOK', ca_ext_text, caOK_key, caOK_cert, dsaOK_param_filename, ok_key_size, generate_ev) generate_and_maybe_import_cert( key_type, '-eeOK-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad CA [caBad_key, caBad_cert] = generate_and_maybe_import_cert( key_type, '-caBad', ca_ext_text, '', '', dsaBad_param_filename, bad_key_size, generate_ev) [int_key, int_cert] = generate_and_maybe_import_cert( key_type, '-intOK-caBad', ca_ext_text, caBad_key, caBad_cert, dsaOK_param_filename, ok_key_size, generate_ev) generate_and_maybe_import_cert( key_type, '-eeOK-intOK-caBad', ee_ext_text, int_key, int_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad Intermediate [intBad_key, intBad_cert] = generate_and_maybe_import_cert( key_type, '-intBad-caOK', ca_ext_text, caOK_key, caOK_cert, dsaBad_param_filename, bad_key_size, generate_ev) generate_and_maybe_import_cert( key_type, '-eeOK-intBad-caOK', ee_ext_text, intBad_key, intBad_cert, dsaOK_param_filename, ok_key_size, generate_ev) # Bad End Entity generate_and_maybe_import_cert( key_type, '-eeBad-intOK-caOK', ee_ext_text, intOK_key, intOK_cert, dsaBad_param_filename, bad_key_size, generate_ev)