• file
• revisions
• annotate
• diff
• comparison
• raw

security/manager/ssl/tests/unit/test_getchain/generate.py@b8a032363ba2 (annotated)

security/manager/ssl/tests/unit/test_getchain/generate.py

Thu, 22 Jan 2015 13:21:57 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Thu, 22 Jan 2015 13:21:57 +0100

branch

TOR_BUG_9701

changeset 15

b8a032363ba2

permissions

-rwxr-xr-x

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0	1	#!/usr/bin/python
michael@0	2
michael@0	3	# This Source Code Form is subject to the terms of the Mozilla Public
michael@0	4	# License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	5	# file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0	6
michael@0	7	import tempfile, os, sys
michael@0	8	import random
michael@0	9	import pexpect
michael@0	10	import subprocess
michael@0	11	import shutil
michael@0	12
michael@0	13	libpath = os.path.abspath('../psm_common_py')
michael@0	14
michael@0	15	sys.path.append(libpath)
michael@0	16
michael@0	17	import CertUtils
michael@0	18
michael@0	19	srcdir = os.getcwd()
michael@0	20	db = tempfile.mkdtemp()
michael@0	21
michael@0	22	CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n"
michael@0	23	EE_basic_constraints = "basicConstraints = CA:FALSE\n"
michael@0	24
michael@0	25	CA_full_ku = ("keyUsage = digitalSignature, nonRepudiation, keyEncipherment, " +
michael@0	26	"dataEncipherment, keyAgreement, keyCertSign, cRLSign\n")
michael@0	27
michael@0	28	CA_eku = ("extendedKeyUsage = critical, serverAuth, clientAuth, " +
michael@0	29	"emailProtection, codeSigning\n")
michael@0	30
michael@0	31	authority_key_ident = "authorityKeyIdentifier = keyid, issuer\n"
michael@0	32	subject_key_ident = "subjectKeyIdentifier = hash\n"
michael@0	33
michael@0	34
michael@0	35	def self_sign_csr(db_dir, dst_dir, csr_name, key_file, serial_num, ext_text,
michael@0	36	out_prefix):
michael@0	37	extensions_filename = db_dir + "/openssl-exts"
michael@0	38	f = open(extensions_filename, 'w')
michael@0	39	f.write(ext_text)
michael@0	40	f.close()
michael@0	41	cert_name = dst_dir + "/" + out_prefix + ".der"
michael@0	42	os.system ("openssl x509 -req -sha256 -days 3650 -in " + csr_name +
michael@0	43	" -signkey " + key_file +
michael@0	44	" -set_serial " + str(serial_num) +
michael@0	45	" -extfile " + extensions_filename +
michael@0	46	" -outform DER -out " + cert_name)
michael@0	47
michael@0	48
michael@0	49
michael@0	50	def generate_certs():
michael@0	51	key_type = 'rsa'
michael@0	52	ca_ext = CA_basic_constraints + CA_full_ku + subject_key_ident + CA_eku;
michael@0	53	ee_ext_text = (EE_basic_constraints + authority_key_ident)
michael@0	54	[ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
michael@0	55	srcdir,
michael@0	56	1,
michael@0	57	key_type,
michael@0	58	'ca',
michael@0	59	ca_ext)
michael@0	60	CertUtils.generate_cert_generic(db,
michael@0	61	srcdir,
michael@0	62	100,
michael@0	63	key_type,
michael@0	64	'ee',
michael@0	65	ee_ext_text,
michael@0	66	ca_key,
michael@0	67	ca_cert)
michael@0	68
michael@0	69	shutil.copy(ca_cert, srcdir + "/" + "ca-1.der")
michael@0	70	self_sign_csr(db, srcdir, db + "/ca.csr", ca_key, 2, ca_ext, "ca-2")
michael@0	71	os.remove(ca_cert);
michael@0	72
michael@0	73	generate_certs()