def generate_certs():
CertUtils.init_dsa(db)
ee_ext_text = EE_basic_constraints + EE_full_ku
for name, key_type in pk_name.iteritems():
ca_name = "ca-" + name
[ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
ca_name,
CA_basic_constraints + CA_min_ku)
[valid_int_key, valid_int_cert, ee_key, ee_cert] = (
CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
name + "-valid",
CA_basic_constraints,
ee_ext_text,
key_type) )
[int_key, int_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
"int-" + name + "-tampered",
ee_ext_text,
ca_key,
ca_cert)
[ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
name + "-tampered-int-valid-ee",
ee_ext_text,
int_key,
int_cert)
#only tamper after ee has been generated
tamper_cert(int_cert);
[ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
name + "-valid-int-tampered-ee",
ee_ext_text,
valid_int_key,
valid_int_cert)
tamper_cert(ee_cert);
def generate_certs():
CertUtils.init_dsa(db)
ee_ext_text = ""
for name, key_type in pk_name.iteritems():
ca_name = "ca-" + name
[ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
ca_name,
CA_basic_constraints + CA_min_ku)
[valid_int_key, valid_int_cert, ee_key, ee_cert] = (
CertUtils.generate_int_and_ee(db,
srcdir,
ca_key,
ca_cert,
name + "-valid",
CA_basic_constraints,
ee_ext_text,
key_type) )
[int_key, int_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
"int-" + name + "-tampered",
ee_ext_text,
ca_key,
ca_cert)
[ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
name + "-tampered-int-valid-ee",
ee_ext_text,
int_key,
int_cert)
#only tamper after ee has been generated
tamper_cert(int_cert);
[ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
srcdir,
random.randint(100,4000000),
key_type,
name + "-valid-int-tampered-ee",
ee_ext_text,
valid_int_key,
valid_int_cert)
tamper_cert(ee_cert);
def generate_certs(key_type, bad_key_size, ok_key_size, generate_ev):
"""
Generates the various certificates used by the key size tests.
Arguments:
key_type -- the type of key generated: potential values: 'rsa', 'dsa',
or any of the curves found by 'openssl ecparam -list_curves'
bad_key_size -- the public key size bad certs should have
ok_key_size -- the public key size OK certs should have
generate_ev -- whether an EV cert should be generated
"""
if key_type == 'dsa':
CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size)
CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size)
# OK Chain
if generate_ev and key_type == 'rsa':
# Reuse the existing RSA EV root
caOK_cert_name = 'evroot'
caOK_key = '../test_ev_certs/evroot.key'
caOK_cert = '../test_ev_certs/evroot.der'
caOK_pkcs12_filename = '../test_ev_certs/evroot.p12'
CertUtils.import_cert_and_pkcs12(srcdir, caOK_cert,
caOK_pkcs12_filename, caOK_cert_name,
',,')
else:
[caOK_key,
caOK_cert] = generate_and_maybe_import_cert(key_type, '-caOK',
ca_ext_text, '', '',
dsaOK_param_filename,
ok_key_size, generate_ev)
[intOK_key, intOK_cert] = generate_and_maybe_import_cert(
key_type, '-intOK-caOK', ca_ext_text, caOK_key, caOK_cert,
dsaOK_param_filename, ok_key_size, generate_ev)
generate_and_maybe_import_cert(key_type, '-eeOK-intOK-caOK', ee_ext_text,
intOK_key, intOK_cert, dsaOK_param_filename,
ok_key_size, generate_ev)
# Bad CA
[caBad_key,
caBad_cert] = generate_and_maybe_import_cert(key_type, '-caBad',
ca_ext_text, '', '',
dsaBad_param_filename,
bad_key_size, generate_ev)
[int_key, int_cert] = generate_and_maybe_import_cert(
key_type, '-intOK-caBad', ca_ext_text, caBad_key, caBad_cert,
dsaOK_param_filename, ok_key_size, generate_ev)
generate_and_maybe_import_cert(key_type, '-eeOK-intOK-caBad', ee_ext_text,
int_key, int_cert, dsaOK_param_filename,
ok_key_size, generate_ev)
# Bad Intermediate
[intBad_key, intBad_cert] = generate_and_maybe_import_cert(
key_type, '-intBad-caOK', ca_ext_text, caOK_key, caOK_cert,
dsaBad_param_filename, bad_key_size, generate_ev)
generate_and_maybe_import_cert(key_type, '-eeOK-intBad-caOK', ee_ext_text,
intBad_key, intBad_cert,
dsaOK_param_filename, ok_key_size,
generate_ev)
# Bad End Entity
generate_and_maybe_import_cert(key_type, '-eeBad-intOK-caOK', ee_ext_text,
intOK_key, intOK_cert,
dsaBad_param_filename, bad_key_size,
generate_ev)
def generate_certs(key_type, bad_key_size, ok_key_size):
if key_type == 'dsa':
CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size)
CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size)
# OK Chain
[caOK_key, caOK_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-caOK',
ca_ext_text,
dsa_param_filename=dsaOK_param_filename,
key_size=ok_key_size)
[intOK_key, intOK_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-intOK-caOK',
ca_ext_text,
caOK_key,
caOK_cert,
dsa_param_filename=dsaOK_param_filename,
key_size=ok_key_size)
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeOK-intOK-caOK',
ee_ext_text,
intOK_key,
intOK_cert,
dsa_param_filename=dsaOK_param_filename,
key_size=ok_key_size)
# Bad CA
[caBad_key, caBad_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-caBad',
ca_ext_text,
dsa_param_filename=dsaBad_param_filename,
key_size=bad_key_size)
[int_key, int_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-intOK-caBad',
ca_ext_text,
caBad_key,
caBad_cert,
dsa_param_filename=dsaOK_param_filename,
key_size=ok_key_size)
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeOK-intOK-caBad',
ee_ext_text,
int_key,
int_cert,
dsa_param_filename=dsaOK_param_filename,
key_size=ok_key_size)
# Bad Intermediate
[intBad_key, intBad_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-intBad-caOK',
ca_ext_text,
caOK_key,
caOK_cert,
dsa_param_filename=dsaBad_param_filename,
key_size=bad_key_size)
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeOK-intBad-caOK',
ee_ext_text,
intBad_key,
intBad_cert,
dsa_param_filename=dsaOK_param_filename,
key_size=ok_key_size)
# Bad End Entity
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeBad-intOK-caOK',
ee_ext_text,
intOK_key,
intOK_cert,
dsa_param_filename=dsaBad_param_filename,
key_size=bad_key_size)
def generate_certs(key_type, bad_key_size, ok_key_size):
if key_type == 'dsa':
CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size)
CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size)
# OK Chain
[caOK_key, caOK_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-caOK',
ca_ext_text,
dsa_param_filename = dsaOK_param_filename,
key_size = ok_key_size)
[intOK_key, intOK_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-intOK-caOK',
ca_ext_text,
caOK_key,
caOK_cert,
dsa_param_filename = dsaOK_param_filename,
key_size = ok_key_size)
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeOK-intOK-caOK',
ee_ext_text,
intOK_key,
intOK_cert,
dsa_param_filename = dsaOK_param_filename,
key_size = ok_key_size)
# Bad CA
[caBad_key, caBad_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-caBad',
ca_ext_text,
dsa_param_filename = dsaBad_param_filename,
key_size = bad_key_size)
[int_key, int_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-intOK-caBad',
ca_ext_text,
caBad_key,
caBad_cert,
dsa_param_filename = dsaOK_param_filename,
key_size = ok_key_size)
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeOK-intOK-caBad',
ee_ext_text,
int_key,
int_cert,
dsa_param_filename = dsaOK_param_filename,
key_size = ok_key_size)
# Bad Intermediate
[intBad_key, intBad_cert] = CertUtils.generate_cert_generic(
db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-intBad-caOK',
ca_ext_text,
caOK_key,
caOK_cert,
dsa_param_filename = dsaBad_param_filename,
key_size = bad_key_size)
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeOK-intBad-caOK',
ee_ext_text,
intBad_key,
intBad_cert,
dsa_param_filename = dsaOK_param_filename,
key_size = ok_key_size)
# Bad End Entity
CertUtils.generate_cert_generic(db_dir,
srcdir,
random.randint(100, 40000000),
key_type,
key_type + '-eeBad-intOK-caOK',
ee_ext_text,
intOK_key,
intOK_cert,
dsa_param_filename = dsaBad_param_filename,
key_size = bad_key_size)
def generate_certs(key_type, bad_key_size, ok_key_size, generate_ev):
"""
Generates the various certificates used by the key size tests.
Arguments:
key_type -- the type of key generated: potential values: 'rsa', 'dsa',
or any of the curves found by 'openssl ecparam -list_curves'
bad_key_size -- the public key size bad certs should have
ok_key_size -- the public key size OK certs should have
generate_ev -- whether an EV cert should be generated
"""
if key_type == 'dsa':
CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size)
CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size)
# OK Chain
if generate_ev and key_type == 'rsa':
# Reuse the existing RSA EV root
caOK_cert_name = 'evroot'
caOK_key = '../test_ev_certs/evroot.key'
caOK_cert = '../test_ev_certs/evroot.der'
caOK_pkcs12_filename = '../test_ev_certs/evroot.p12'
CertUtils.import_cert_and_pkcs12(srcdir, caOK_cert, caOK_pkcs12_filename,
caOK_cert_name, ',,')
else:
[caOK_key, caOK_cert] = generate_and_maybe_import_cert(
key_type,
'-caOK',
ca_ext_text,
'',
'',
dsaOK_param_filename,
ok_key_size,
generate_ev)
[intOK_key, intOK_cert] = generate_and_maybe_import_cert(
key_type,
'-intOK-caOK',
ca_ext_text,
caOK_key,
caOK_cert,
dsaOK_param_filename,
ok_key_size,
generate_ev)
generate_and_maybe_import_cert(
key_type,
'-eeOK-intOK-caOK',
ee_ext_text,
intOK_key,
intOK_cert,
dsaOK_param_filename,
ok_key_size,
generate_ev)
# Bad CA
[caBad_key, caBad_cert] = generate_and_maybe_import_cert(
key_type,
'-caBad',
ca_ext_text,
'',
'',
dsaBad_param_filename,
bad_key_size,
generate_ev)
[int_key, int_cert] = generate_and_maybe_import_cert(
key_type,
'-intOK-caBad',
ca_ext_text,
caBad_key,
caBad_cert,
dsaOK_param_filename,
ok_key_size,
generate_ev)
generate_and_maybe_import_cert(
key_type,
'-eeOK-intOK-caBad',
ee_ext_text,
int_key,
int_cert,
dsaOK_param_filename,
ok_key_size,
generate_ev)
# Bad Intermediate
[intBad_key, intBad_cert] = generate_and_maybe_import_cert(
key_type,
'-intBad-caOK',
ca_ext_text,
caOK_key,
caOK_cert,
dsaBad_param_filename,
bad_key_size,
generate_ev)
generate_and_maybe_import_cert(
key_type,
'-eeOK-intBad-caOK',
ee_ext_text,
intBad_key,
intBad_cert,
dsaOK_param_filename,
ok_key_size,
generate_ev)
# Bad End Entity
generate_and_maybe_import_cert(
key_type,
'-eeBad-intOK-caOK',
ee_ext_text,
intOK_key,
intOK_cert,
dsaBad_param_filename,
bad_key_size,
generate_ev)
