The Tor Browser / file diff

diff: security/manager/ssl/tests/unit/test_cert_signatures/generate.py

security/manager/ssl/tests/unit/test_cert_signatures/generate.py

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/manager/ssl/tests/unit/test_cert_signatures/generate.py	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,96 @@
     1.4 +#!/usr/bin/python
     1.5 +
     1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
     1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
     1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
     1.9 +
    1.10 +import tempfile, os, sys
    1.11 +import random
    1.12 +libpath = os.path.abspath('../psm_common_py')
    1.13 +
    1.14 +sys.path.append(libpath)
    1.15 +
    1.16 +import CertUtils
    1.17 +
    1.18 +srcdir = os.getcwd()
    1.19 +db = tempfile.mkdtemp()
    1.20 +
    1.21 +CA_basic_constraints = "basicConstraints=critical,CA:TRUE\n"
    1.22 +
    1.23 +CA_min_ku = "keyUsage=critical, keyCertSign\n"
    1.24 +
    1.25 +pk_name = {'rsa': 'rsa', 'dsa': 'dsa', 'p384': 'secp384r1'}
    1.26 +
    1.27 +
    1.28 +def tamper_cert(cert_name):
    1.29 +    f = open(cert_name, 'r+b')
    1.30 +    f.seek(-3, 2) # third byte from the end to ensure we only touch the
    1.31 +    # signature value. The location for the perturbation ensures that we are
    1.32 +    # modifying just the tbsCertificate without the need of parsing the
    1.33 +    # certificate. Also this guarantees that if a failure occurs it is because
    1.34 +    # of an invalid signature and not another field that might have become
    1.35 +    # invalid.
    1.36 +    b = bytearray(f.read(1))
    1.37 +    for i in range(len(b)):
    1.38 +        b[i] ^= 0x77
    1.39 +    f.seek(-1, 1)
    1.40 +    f.write(b)
    1.41 +    f.close()
    1.42 +    return 1
    1.43 +
    1.44 +def generate_certs():
    1.45 +
    1.46 +    CertUtils.init_dsa(db)
    1.47 +    ee_ext_text = ""
    1.48 +    for name, key_type in pk_name.iteritems():
    1.49 +        ca_name = "ca-" + name
    1.50 +        [ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
    1.51 +                                                            srcdir,
    1.52 +                                                            random.randint(100,4000000),
    1.53 +                                                            key_type,
    1.54 +                                                            ca_name,
    1.55 +                                                            CA_basic_constraints + CA_min_ku)
    1.56 +
    1.57 +        [valid_int_key, valid_int_cert, ee_key, ee_cert] =  (
    1.58 +            CertUtils.generate_int_and_ee(db,
    1.59 +                                          srcdir,
    1.60 +                                          ca_key,
    1.61 +                                          ca_cert,
    1.62 +                                          name + "-valid",
    1.63 +                                          CA_basic_constraints,
    1.64 +                                          ee_ext_text,
    1.65 +                                          key_type) )
    1.66 +
    1.67 +        [int_key, int_cert] = CertUtils.generate_cert_generic(db,
    1.68 +                                                            srcdir,
    1.69 +                                                            random.randint(100,4000000),
    1.70 +                                                            key_type,
    1.71 +                                                            "int-" + name + "-tampered",
    1.72 +                                                            ee_ext_text,
    1.73 +                                                            ca_key,
    1.74 +                                                            ca_cert)
    1.75 +
    1.76 +
    1.77 +        [ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
    1.78 +                                                            srcdir,
    1.79 +                                                            random.randint(100,4000000),
    1.80 +                                                            key_type,
    1.81 +                                                            name + "-tampered-int-valid-ee",
    1.82 +                                                            ee_ext_text,
    1.83 +                                                            int_key,
    1.84 +                                                            int_cert)
    1.85 +        #only tamper after ee has been generated
    1.86 +        tamper_cert(int_cert);
    1.87 +
    1.88 +        [ee_key, ee_cert] = CertUtils.generate_cert_generic(db,
    1.89 +                                                            srcdir,
    1.90 +                                                            random.randint(100,4000000),
    1.91 +                                                            key_type,
    1.92 +                                                            name + "-valid-int-tampered-ee",
    1.93 +                                                            ee_ext_text,
    1.94 +                                                            valid_int_key,
    1.95 +                                                            valid_int_cert)
    1.96 +        tamper_cert(ee_cert);
    1.97 +
    1.98 +
    1.99 +generate_certs()

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial