The Tor Browser / annotate

security/manager/ssl/tests/unit/test_cert_signatures/generate.py@b8a032363ba2 (annotated)

security/manager/ssl/tests/unit/test_cert_signatures/generate.py

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rwxr-xr-x

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 #!/usr/bin/python
michael@0 2
michael@0 3 # This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 # License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0 6
michael@0 7 import tempfile, os, sys
michael@0 8 import random
michael@0 9 libpath = os.path.abspath('../psm_common_py')
michael@0 10
michael@0 11 sys.path.append(libpath)
michael@0 12
michael@0 13 import CertUtils
michael@0 14
michael@0 15 srcdir = os.getcwd()
michael@0 16 db = tempfile.mkdtemp()
michael@0 17
michael@0 18 CA_basic_constraints = "basicConstraints=critical,CA:TRUE\n"
michael@0 19
michael@0 20 CA_min_ku = "keyUsage=critical, keyCertSign\n"
michael@0 21
michael@0 22 pk_name = {'rsa': 'rsa', 'dsa': 'dsa', 'p384': 'secp384r1'}
michael@0 23
michael@0 24
michael@0 25 def tamper_cert(cert_name):
michael@0 26 f = open(cert_name, 'r+b')
michael@0 27 f.seek(-3, 2) # third byte from the end to ensure we only touch the
michael@0 28 # signature value. The location for the perturbation ensures that we are
michael@0 29 # modifying just the tbsCertificate without the need of parsing the
michael@0 30 # certificate. Also this guarantees that if a failure occurs it is because
michael@0 31 # of an invalid signature and not another field that might have become
michael@0 32 # invalid.
michael@0 33 b = bytearray(f.read(1))
michael@0 34 for i in range(len(b)):
michael@0 35 b[i] ^= 0x77
michael@0 36 f.seek(-1, 1)
michael@0 37 f.write(b)
michael@0 38 f.close()
michael@0 39 return 1
michael@0 40
michael@0 41 def generate_certs():
michael@0 42
michael@0 43 CertUtils.init_dsa(db)
michael@0 44 ee_ext_text = ""
michael@0 45 for name, key_type in pk_name.iteritems():
michael@0 46 ca_name = "ca-" + name
michael@0 47 [ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
michael@0 48 srcdir,
michael@0 49 random.randint(100,4000000),
michael@0 50 key_type,
michael@0 51 ca_name,
michael@0 52 CA_basic_constraints + CA_min_ku)
michael@0 53
michael@0 54 [valid_int_key, valid_int_cert, ee_key, ee_cert] = (
michael@0 55 CertUtils.generate_int_and_ee(db,
michael@0 56 srcdir,
michael@0 57 ca_key,
michael@0 58 ca_cert,
michael@0 59 name + "-valid",
michael@0 60 CA_basic_constraints,
michael@0 61 ee_ext_text,
michael@0 62 key_type) )
michael@0 63
michael@0 64 [int_key, int_cert] = CertUtils.generate_cert_generic(db,
michael@0 65 srcdir,
michael@0 66 random.randint(100,4000000),
michael@0 67 key_type,
michael@0 68 "int-" + name + "-tampered",
michael@0 69 ee_ext_text,
michael@0 70 ca_key,
michael@0 71 ca_cert)
michael@0 72
michael@0 73
michael@0 74 [ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
michael@0 75 srcdir,
michael@0 76 random.randint(100,4000000),
michael@0 77 key_type,
michael@0 78 name + "-tampered-int-valid-ee",
michael@0 79 ee_ext_text,
michael@0 80 int_key,
michael@0 81 int_cert)
michael@0 82 #only tamper after ee has been generated
michael@0 83 tamper_cert(int_cert);
michael@0 84
michael@0 85 [ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
michael@0 86 srcdir,
michael@0 87 random.randint(100,4000000),
michael@0 88 key_type,
michael@0 89 name + "-valid-int-tampered-ee",
michael@0 90 ee_ext_text,
michael@0 91 valid_int_key,
michael@0 92 valid_int_cert)
michael@0 93 tamper_cert(ee_cert);
michael@0 94
michael@0 95
michael@0 96 generate_certs()

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial