The Tor Browser / file diff

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/manager/ssl/tests/unit/test_getchain/generate.py	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,73 @@
     1.4 +#!/usr/bin/python
     1.5 +
     1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
     1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
     1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
     1.9 +
    1.10 +import tempfile, os, sys
    1.11 +import random
    1.12 +import pexpect
    1.13 +import subprocess
    1.14 +import shutil
    1.15 +
    1.16 +libpath = os.path.abspath('../psm_common_py')
    1.17 +
    1.18 +sys.path.append(libpath)
    1.19 +
    1.20 +import CertUtils
    1.21 +
    1.22 +srcdir = os.getcwd()
    1.23 +db = tempfile.mkdtemp()
    1.24 +
    1.25 +CA_basic_constraints = "basicConstraints = critical, CA:TRUE\n"
    1.26 +EE_basic_constraints = "basicConstraints = CA:FALSE\n"
    1.27 +
    1.28 +CA_full_ku = ("keyUsage = digitalSignature, nonRepudiation, keyEncipherment, " +
    1.29 +              "dataEncipherment, keyAgreement, keyCertSign, cRLSign\n")
    1.30 +
    1.31 +CA_eku = ("extendedKeyUsage = critical, serverAuth, clientAuth, " +
    1.32 +          "emailProtection, codeSigning\n")
    1.33 +
    1.34 +authority_key_ident = "authorityKeyIdentifier = keyid, issuer\n"
    1.35 +subject_key_ident = "subjectKeyIdentifier = hash\n"
    1.36 +
    1.37 +
    1.38 +def self_sign_csr(db_dir, dst_dir, csr_name, key_file, serial_num, ext_text,
    1.39 +                  out_prefix):
    1.40 +    extensions_filename = db_dir + "/openssl-exts"
    1.41 +    f = open(extensions_filename, 'w')
    1.42 +    f.write(ext_text)
    1.43 +    f.close()
    1.44 +    cert_name = dst_dir + "/" + out_prefix + ".der"
    1.45 +    os.system ("openssl x509 -req -sha256 -days 3650 -in " + csr_name +
    1.46 +               " -signkey " + key_file +
    1.47 +               " -set_serial " + str(serial_num) +
    1.48 +               " -extfile " + extensions_filename +
    1.49 +               " -outform DER -out " + cert_name)
    1.50 +
    1.51 +
    1.52 +
    1.53 +def generate_certs():
    1.54 +    key_type = 'rsa'
    1.55 +    ca_ext = CA_basic_constraints + CA_full_ku + subject_key_ident + CA_eku;
    1.56 +    ee_ext_text = (EE_basic_constraints + authority_key_ident)
    1.57 +    [ca_key, ca_cert] = CertUtils.generate_cert_generic(db,
    1.58 +                                                        srcdir,
    1.59 +                                                        1,
    1.60 +                                                        key_type,
    1.61 +                                                        'ca',
    1.62 +                                                        ca_ext)
    1.63 +    CertUtils.generate_cert_generic(db,
    1.64 +                                    srcdir,
    1.65 +                                    100,
    1.66 +                                    key_type,
    1.67 +                                    'ee',
    1.68 +                                    ee_ext_text,
    1.69 +                                    ca_key,
    1.70 +                                    ca_cert)
    1.71 +
    1.72 +    shutil.copy(ca_cert, srcdir + "/" + "ca-1.der")
    1.73 +    self_sign_csr(db, srcdir, db + "/ca.csr", ca_key, 2, ca_ext, "ca-2")
    1.74 +    os.remove(ca_cert);
    1.75 +
    1.76 +generate_certs()