security/manager/ssl/tests/unit/test_cert_trust/generate.py@6474c204b198 (annotated)
security/manager/ssl/tests/unit/test_cert_trust/generate.py
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rwxr-xr-x
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | #!/usr/bin/python |
| michael@0 | 2 | # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- |
| michael@0 | 3 | # vim: set filetype=python: |
| michael@0 | 4 | # |
| michael@0 | 5 | # This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 6 | # License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 7 | # file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| michael@0 | 8 | |
| michael@0 | 9 | import tempfile, os, sys |
| michael@0 | 10 | import random |
| michael@0 | 11 | import pexpect |
| michael@0 | 12 | import subprocess |
| michael@0 | 13 | import shutil |
| michael@0 | 14 | |
| michael@0 | 15 | libpath = os.path.abspath('../psm_common_py') |
| michael@0 | 16 | |
| michael@0 | 17 | sys.path.append(libpath) |
| michael@0 | 18 | |
| michael@0 | 19 | import CertUtils |
| michael@0 | 20 | |
| michael@0 | 21 | srcdir = os.getcwd() |
| michael@0 | 22 | db = tempfile.mkdtemp() |
| michael@0 | 23 | |
| michael@0 | 24 | CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n" |
| michael@0 | 25 | EE_basic_constraints = "basicConstraints = CA:FALSE\n" |
| michael@0 | 26 | |
| michael@0 | 27 | CA_full_ku = ("keyUsage = digitalSignature, nonRepudiation, keyEncipherment, " + |
| michael@0 | 28 | "dataEncipherment, keyAgreement, keyCertSign, cRLSign\n") |
| michael@0 | 29 | |
| michael@0 | 30 | CA_eku = ("extendedKeyUsage = critical, serverAuth, clientAuth, " + |
| michael@0 | 31 | "emailProtection, codeSigning\n") |
| michael@0 | 32 | |
| michael@0 | 33 | authority_key_ident = "authorityKeyIdentifier = keyid, issuer\n" |
| michael@0 | 34 | subject_key_ident = "subjectKeyIdentifier = hash\n" |
| michael@0 | 35 | |
| michael@0 | 36 | |
| michael@0 | 37 | |
| michael@0 | 38 | def generate_certs(): |
| michael@0 | 39 | key_type = 'rsa' |
| michael@0 | 40 | ca_ext = CA_basic_constraints + CA_full_ku + subject_key_ident + CA_eku; |
| michael@0 | 41 | ee_ext_text = (EE_basic_constraints + authority_key_ident) |
| michael@0 | 42 | [ca_key, ca_cert] = CertUtils.generate_cert_generic(db, |
| michael@0 | 43 | srcdir, |
| michael@0 | 44 | 1, |
| michael@0 | 45 | key_type, |
| michael@0 | 46 | 'ca', |
| michael@0 | 47 | ca_ext) |
| michael@0 | 48 | |
| michael@0 | 49 | [int_key, int_cert] = CertUtils.generate_cert_generic(db, |
| michael@0 | 50 | srcdir, |
| michael@0 | 51 | 103, |
| michael@0 | 52 | key_type, |
| michael@0 | 53 | 'int', |
| michael@0 | 54 | ca_ext, |
| michael@0 | 55 | ca_key, |
| michael@0 | 56 | ca_cert) |
| michael@0 | 57 | |
| michael@0 | 58 | #now the ee |
| michael@0 | 59 | CertUtils.generate_cert_generic(db, |
| michael@0 | 60 | srcdir, |
| michael@0 | 61 | 100, |
| michael@0 | 62 | key_type, |
| michael@0 | 63 | 'ee', |
| michael@0 | 64 | ee_ext_text, |
| michael@0 | 65 | int_key, |
| michael@0 | 66 | int_cert) |
| michael@0 | 67 | |
| michael@0 | 68 | |
| michael@0 | 69 | |
| michael@0 | 70 | |
| michael@0 | 71 | |
| michael@0 | 72 | generate_certs() |
