зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1441338 - Change pgo certificates to use certspec/keyspec files r=keeler r=franziskus
(This also fixes Bug 879740 and Bug 1204543.) build/pgo/certs contains an NSS database set that has a bunch of hand-generated certificates, and many of these hand-generated certificates are specifically depended upon for a variety of unit tests. This patch changes all of these to use the "pycert.py" and "pykey.py" utilities that produce deterministic keys and certificates. The naming convention here is new, and defined in the README. It is based on the mochitest runtest.py naming convention that imports .ca and .client PEM-encoded certificates. Unfortunately, the updates to build/pgo/genpgocert.py to generate these files depends on OpenSSL in order to produce PKCS12 archives for pk11tool to import into NSS. This could be done with pure-NSS tooling, but it'd require some new command line functionality, which is out-of-scope for this change. Note that build/pgo/genpgocert.py no longer takes arguments when run. It's not run automatically anywhere that I can see, but could (reasonably) be, now. Differential Revision: https://phabricator.services.mozilla.com/D971 --HG-- extra : amend_source : bc389b9b0a807a4889feb14db439daa28635dfe9
This commit is contained in:
Родитель
94dd5a92a4
Коммит
6fad8e3ff1
|
@ -31,7 +31,6 @@ add_task(async function test_send_report_neterror() {
|
|||
await testSetAutomatic(URL_NO_CERT, "nocert", "neterror");
|
||||
});
|
||||
|
||||
|
||||
add_task(async function test_send_report_certerror() {
|
||||
await testSendReportAutomatically(URL_BAD_CERT, "badcert", "certerror");
|
||||
await testSetAutomatic(URL_BAD_CERT, "badcert", "certerror");
|
||||
|
@ -159,6 +158,9 @@ function createReportResponseStatusPromise(expectedURI) {
|
|||
let requestURI = subject.URI.spec;
|
||||
if (requestURI == expectedURI) {
|
||||
Services.obs.removeObserver(observer, "http-on-examine-response");
|
||||
console.log(subject.responseStatus);
|
||||
console.log(subject.URI);
|
||||
console.log(requestURI);
|
||||
resolve(subject.responseStatus);
|
||||
}
|
||||
};
|
||||
|
@ -169,6 +171,6 @@ function createReportResponseStatusPromise(expectedURI) {
|
|||
function checkErrorPage(browser, suffix) {
|
||||
return ContentTask.spawn(browser, { suffix }, async function(args) {
|
||||
let uri = content.document.documentURI;
|
||||
Assert.ok(uri.startsWith(`about:${args.suffix}`), "correct error page loaded");
|
||||
Assert.ok(uri.startsWith(`about:${args.suffix}`), `correct error page loaded: ${args.suffix}`);
|
||||
});
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
const INVALIDPIN1 = "pin-sha256=\"d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=\";";
|
||||
const INVALIDPIN2 = "pin-sha256=\"AAAAAAAAAAAAAAAAAAAAAAAAAj0e1Md7GkYYkVoZWmM=\";";
|
||||
const VALIDPIN = "pin-sha256=\"hXweb81C3HnmM2Ai1dnUzFba40UJMhuu8qZmvN/6WWc=\";";
|
||||
const VALIDPIN = "pin-sha256=\"VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=\";";
|
||||
|
||||
function handleRequest(request, response)
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
const EXPECTED_CHAIN = [
|
||||
"MIIDCjCCAfKgAwIBAgIENUiGYDANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBbHRlcm5hdGUgVHJ1c3RlZCBBdXRob3JpdHkwHhcNMTQxMDAxMjExNDE5WhcNMjQxMDAxMjExNDE5WjAxMS8wLQYDVQQDEyZpbmNsdWRlLXN1YmRvbWFpbnMucGlubmluZy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxYrge8C4eVfTb6/lJ4k/+/4J6wlnWpp5Szxy1MHhsLB+LJh/HRHqkO/tsigT204kTeU3dxuAfQHz0g+Td8dr6KICLLNVFUPw+XjhBV4AtxV8wcprs6EmdBhJgAjkFB4M76BL7/Ow0NfH012WNESn8TTbsp3isgkmrXjTZhWR33vIL1eDNimykp/Os/+JO+x9KVfdCtDCrPwO9Yusial5JiaW7qemRtVuUDL87NSJ7xokPEOSc9luv/fBamZ3rgqf3K6epqg+0o3nNCCcNFnfLW52G0t69+dIjr39WISHnqqZj3Sb7JPU6OmxTd13ByoLkoM3ZUQ2Lpas+RJvQyGXkCAwEAAaM1MDMwMQYDVR0RBCowKIImaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAAmzXfeoOS59FkNABRonFPRyFl7BoGpVJENUteFfTa2pdAhGYdo19Y4uILTTj+vtDAa5yryb5Uvd+YuJnExosbMMkzCrmZ9+VJCJdqUTb+idwk9/sgPl2gtGeRmefB0hXSUFHc/p1CDufSpYOmj9NCUZD2JEsybgJQNulkfAsVnS3lzDcxAwcO+RC/1uJDSiUtcBpWS4FW58liuDYE7PD67kLJHZPVUV2WCMuIl4VM2tKPtvShz1JkZ5UytOLs6jPfviNAk/ftXczaE2/RJgM2MnDX9nGzOxG6ONcVNCljL8avhFBCosutE6i5LYSZR6V14YY/xOn15WDSuWdnIsJCo=",
|
||||
"MIIC2jCCAcKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBbHRlcm5hdGUgVHJ1c3RlZCBBdXRob3JpdHkwHhcNMTQwOTI1MjEyMTU0WhcNMjQwOTI1MjEyMTU0WjAmMSQwIgYDVQQDExtBbHRlcm5hdGUgVHJ1c3RlZCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBT+BwAhO52IWgSIdZZifU9LHOs3IR/+8DCC0WP5d/OuyKlZ6Rqd0tsd3i7durhQyjHSbLf2lJStcnFjcVEbEnNI76RuvlN8xLLn5eV+2Ayr4cZYKztudwRmw+DV/iYAiMSy0hs7m3ssfX7qpoi1aNRjUanwU0VTCPQhF1bEKAC2du+C5Z8e92zN5t87w7bYr7lt+m8197XliXEu+0s9RgnGwGaZ296BIRz6NOoJYTa43n06LU1I1+Z4d6lPdzUFrSR0GBaMhUSurUBtOin3yWiMhg1VHX/KwqGc4als5GyCVXy8HGrA/0zQPOhetxrlhEVAdK/xBt7CZvByj1Rcc7AgMBAAGjEzARMA8GA1UdEwQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAJq/hogSRqzPWTwX4wTn/DVSNdWwFLv53qep9YrSMJ8ZsfbfK9Es4VP4dBLRQAVMJ0Z5mW1I6d/n0KayTanuUBvemYdxPi/qQNSs8UJcllqdhqWzmzAg6a0LxrMnEeKzPBPD6q8PwQ7tYP+B4sBN9tnnsnyPgti9ZiNZn5FwXZliHXseQ7FE9/SqHlLw5LXW3YtKjuti6RmuV6fq3j+D4oeC5vb1mKgIyoTqGN6ze57v8RHi+pQ8Q+kmoUn/L3Z2YmFe4SKN/4WoyXr8TdejpThGOCGCAd3565s5gOx5QfSQX11P8NZKO8hcN0tme3VzmGpHK0Z/6MTmdpNaTwQ6odk="
|
||||
"MIIDHjCCAgagAwIBAgIUf1y0AgcMQaVC6jwUyh6Ixiij2hYwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UEAwwbQWx0ZXJuYXRlIFRydXN0ZWQgQXV0aG9yaXR5MCIYDzIwMTYxMTI3MDAwMDAwWhgPMjAxOTAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABozUwMzAxBgNVHREEKjAogiZpbmNsdWRlLXN1YmRvbWFpbnMucGlubmluZy5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAXn+yS5JdGRm8dqTCG7hUWrlgHL/85FhSTYQ4wt+m90/mb8ARr+XIZtP9GdTloHfZYepc9dRDT9E8wOC7f/nOAQWzyzLqRHrldYNpMAmQIqBmh1tJ/91aKhqbc+lvm1gAOTF5bh5wpEOJBczH0AqDkXP1rX27DI3PyCMT1lqHvFTjVXVOwiZHSOSWRsI89IqAo8Dlfs+y733bJ6/rAmnTK85IHu3Fod7nHviWXkWVDdrbsblvQ6fjMFKS0mj6Vip10++/PwX9rhXyB1seGI+0uXqZ65t3xDZR+yvPtxhc7tbwPdyiUTbVjh43vPHHMCyuK1HqmPrMbAlxZBX3EqkBHQ==",
|
||||
"MIIC+zCCAeOgAwIBAgIUb/+pohOlRCuQgMy2GJLCUQq+HeMwDQYJKoZIhvcNAQELBQAwJjEkMCIGA1UEAwwbQWx0ZXJuYXRlIFRydXN0ZWQgQXV0aG9yaXR5MCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaMCYxJDAiBgNVBAMMG0FsdGVybmF0ZSBUcnVzdGVkIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAS+qy/sIFV+oia7zsyFhe3Xj3ZHSvmqJ4mxIg5KOPVP2NvDaxD/+pysxGLf69QDRjIsePBdRJz0zZoVl9pSXIn1Kpk0sjzKX2bJtAomog+ZnAZUxtLzoXy/aqaheWm8cRJ8qFOJtSMDRrLISqBXCQLOECqXIxf3Nt3S+Riu2Pam3YymFdtmqUJvLhhekWtEEnXyh/xfAsoUgS3SQ27c4dCYR7XGnFsaXrKXv93QeJmtfvrAZMXEuKaBGPSNHV6QH0S0Loh9Jed2Zp7GxnFtIPYeJ2Q5qtxa8KD/tgGFpAD74eMBdgQ4SxbA/YqqXIt1lLNcr7wm0cPRpP0vIY3hk8k="
|
||||
];
|
||||
|
||||
const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = -16384;
|
||||
|
|
|
@ -1,16 +1,31 @@
|
|||
The certificate authority and server certificates here are generated by $topsrcdir/build/pgo/genpgocert.py.
|
||||
The certificate authority and server certificates here are generated by
|
||||
$topsrcdir/build/pgo/genpgocert.py.
|
||||
|
||||
You can generate a new CA cert by running:
|
||||
./mach python build/pgo/genpgocert.py --gen-ca
|
||||
You can regenerate the certificates by running: ./mach python
|
||||
build/pgo/genpgocert.py
|
||||
|
||||
You can generate new server certificates by running:
|
||||
./mach python build/pgo/genpgocert.py --gen-server
|
||||
To add a new CA, add a ${cert_name}.ca.keyspec as well as a corresponding
|
||||
${cert_name}.certspec to this folder.
|
||||
|
||||
To add new server certificates, add a ${cert_name}.certspec file to this folder.
|
||||
If it needs a non-default private key, add a corresponding
|
||||
${cert_name}.server.keyspec.
|
||||
|
||||
For new client certificates, add a ${cert_name}.client.keyspec and corresponding
|
||||
${cert_name}.certspec.
|
||||
|
||||
The naming convention here is because the generated ".client" and ".ca" PEM
|
||||
files need to be copied into this folder for Mochitests' runtests.py to import.
|
||||
|
||||
These commands will modify cert9.db and key4.db. The changes to these should be
|
||||
committed.
|
||||
|
||||
WARNING: These commands do not recreate all necessary certificates; some are
|
||||
mentioned only on their tests. Before completely replacing these DBs, you should
|
||||
be careful that you include all the correct certificates. Or fix genpgocert.py
|
||||
to create the correct certs. See bug 1441338.
|
||||
Specific notes for certs:
|
||||
|
||||
dynamicPinningGood: Changing this keyspec will require changing
|
||||
browser/base/content/test/general/pinning_headers.sjs . You can obtain a new
|
||||
valid pin via:
|
||||
|
||||
certutil -L -d . -n dynamicPinningGood -r | openssl x509 -inform der -pubkey \
|
||||
-noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary \
|
||||
| openssl enc -base64
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIC2jCCAcKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDExtBbHRl
|
||||
cm5hdGUgVHJ1c3RlZCBBdXRob3JpdHkwHhcNMTQwOTI1MjEyMTU0WhcNMjQwOTI1
|
||||
MjEyMTU0WjAmMSQwIgYDVQQDExtBbHRlcm5hdGUgVHJ1c3RlZCBBdXRob3JpdHkw
|
||||
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBT+BwAhO52IWgSIdZZifU
|
||||
9LHOs3IR/+8DCC0WP5d/OuyKlZ6Rqd0tsd3i7durhQyjHSbLf2lJStcnFjcVEbEn
|
||||
NI76RuvlN8xLLn5eV+2Ayr4cZYKztudwRmw+DV/iYAiMSy0hs7m3ssfX7qpoi1aN
|
||||
RjUanwU0VTCPQhF1bEKAC2du+C5Z8e92zN5t87w7bYr7lt+m8197XliXEu+0s9Rg
|
||||
nGwGaZ296BIRz6NOoJYTa43n06LU1I1+Z4d6lPdzUFrSR0GBaMhUSurUBtOin3yW
|
||||
iMhg1VHX/KwqGc4als5GyCVXy8HGrA/0zQPOhetxrlhEVAdK/xBt7CZvByj1Rcc7
|
||||
AgMBAAGjEzARMA8GA1UdEwQIMAYBAf8CAQAwDQYJKoZIhvcNAQELBQADggEBAJq/
|
||||
hogSRqzPWTwX4wTn/DVSNdWwFLv53qep9YrSMJ8ZsfbfK9Es4VP4dBLRQAVMJ0Z5
|
||||
mW1I6d/n0KayTanuUBvemYdxPi/qQNSs8UJcllqdhqWzmzAg6a0LxrMnEeKzPBPD
|
||||
6q8PwQ7tYP+B4sBN9tnnsnyPgti9ZiNZn5FwXZliHXseQ7FE9/SqHlLw5LXW3YtK
|
||||
juti6RmuV6fq3j+D4oeC5vb1mKgIyoTqGN6ze57v8RHi+pQ8Q+kmoUn/L3Z2YmFe
|
||||
4SKN/4WoyXr8TdejpThGOCGCAd3565s5gOx5QfSQX11P8NZKO8hcN0tme3VzmGpH
|
||||
K0Z/6MTmdpNaTwQ6odk=
|
||||
MIIC+zCCAeOgAwIBAgIUb/+pohOlRCuQgMy2GJLCUQq+HeMwDQYJKoZIhvcNAQEL
|
||||
BQAwJjEkMCIGA1UEAwwbQWx0ZXJuYXRlIFRydXN0ZWQgQXV0aG9yaXR5MCIYDzIw
|
||||
MTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAwMDBaMCYxJDAiBgNVBAMMG0FsdGVy
|
||||
bmF0ZSBUcnVzdGVkIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
|
||||
AQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSj
|
||||
s8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMT
|
||||
ud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvF
|
||||
o+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UT
|
||||
H5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4
|
||||
xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMdMBswCwYDVR0PBAQDAgEGMAwG
|
||||
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAS+qy/sIFV+oia7zsyFhe3X
|
||||
j3ZHSvmqJ4mxIg5KOPVP2NvDaxD/+pysxGLf69QDRjIsePBdRJz0zZoVl9pSXIn1
|
||||
Kpk0sjzKX2bJtAomog+ZnAZUxtLzoXy/aqaheWm8cRJ8qFOJtSMDRrLISqBXCQLO
|
||||
ECqXIxf3Nt3S+Riu2Pam3YymFdtmqUJvLhhekWtEEnXyh/xfAsoUgS3SQ27c4dCY
|
||||
R7XGnFsaXrKXv93QeJmtfvrAZMXEuKaBGPSNHV6QH0S0Loh9Jed2Zp7GxnFtIPYe
|
||||
J2Q5qtxa8KD/tgGFpAD74eMBdgQ4SxbA/YqqXIt1lLNcr7wm0cPRpP0vIY3hk8k=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
alternate
|
|
@ -0,0 +1,7 @@
|
|||
issuer:Alternate Trusted Authority
|
||||
subject:Alternate Trusted Authority
|
||||
validity:20100101-20500101
|
||||
extension:keyUsage:keyCertSign,cRLSign
|
||||
extension:basicConstraints:cA,
|
||||
issuerKey:alternate
|
||||
subjectKey:alternate
|
|
@ -0,0 +1,3 @@
|
|||
subject:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
|
Двоичные данные
build/pgo/certs/cert9.db
Двоичные данные
build/pgo/certs/cert9.db
Двоичный файл не отображается.
|
@ -0,0 +1,5 @@
|
|||
subject:bad.include-subdomains.pinning-dynamic.example.com
|
||||
issuer:Alternate Trusted Authority
|
||||
extension:subjectAlternativeName:bad.include-subdomains.pinning-dynamic.example.com
|
||||
subjectKey:alternate
|
||||
issuerKey:alternate
|
|
@ -0,0 +1 @@
|
|||
alternate
|
|
@ -0,0 +1,3 @@
|
|||
subject:dynamic-pinning.example.com
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
extension:subjectAlternativeName:*.include-subdomains.pinning-dynamic.example.com,*.pinning-dynamic.example.com
|
|
@ -0,0 +1,3 @@
|
|||
subject:www.bank1.com\00www.bad-guy.com
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
extension:subjectAlternativeName:www.bank1.com\00www.bad-guy.com
|
|
@ -1,34 +1,26 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIF9zCCBN+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADCB4TELMAkGA1UEBhMCVVMx
|
||||
CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSMwIQYDVQQKExpN
|
||||
b3ppbGxhIC0gRVYgZGVidWcgdGVzdCBDQTEdMBsGA1UECxMUU2VjdXJpdHkgRW5n
|
||||
aW5lZXJpbmcxJjAkBgNVBAMTHUVWIFRlc3RpbmcgKHVudHJ1c3R3b3J0aHkpIENB
|
||||
MRMwEQYDVQQpEwpldi10ZXN0LWNhMSwwKgYJKoZIhvcNAQkBFh1jaGFybGF0YW5A
|
||||
dGVzdGluZy5leGFtcGxlLmNvbTAeFw0xMzAyMTQxNzU5MDlaFw0yMzAyMTIxNzU5
|
||||
MDlaMIHRMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50
|
||||
YWluIFZpZXcxIzAhBgNVBAoTGk1vemlsbGEgLSBFViBkZWJ1ZyB0ZXN0IENBMR0w
|
||||
GwYDVQQLExRTZWN1cml0eSBFbmdpbmVlcmluZzEWMBQGA1UEAxMNaW50ZXJtZWRp
|
||||
YXRlMzETMBEGA1UEKRMKZXYtdGVzdC1jYTEsMCoGCSqGSIb3DQEJARYdY2hhcmxh
|
||||
dGFuQHRlc3RpbmcuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
|
||||
ggEKAoIBAQDAfzrlJdawr7v8m7lslODk5FTqCiBO7tPxnWhAOEL5g05knLTZTc5J
|
||||
3ywmGoW6ae6RwPlWuqRuFd2Ea+yCawyjkUoLOpFH/xziDzvaS6LXNdJoxQqWk/LX
|
||||
8YYQVFfmxh8E11fz74IoCzX++mY1byaNONf3bLU2HU8vnVvENr1gy9Bzpm8wUuKm
|
||||
HkBYuG0SVzaeym2H/mo5PJICPVhPa+YxfEVS8EIFCigXGH7xrz/bPXnpfgsSJTnN
|
||||
4amBNkORfjf7H9x6IWkJGEkIvkVoYKT4iQ9q6/C4YDjWa9p5lA4F/qxnJefezH/I
|
||||
6hcqEODSaDsY+I6vsN8ks8r8MTTnd7BjAgMBAAGjggHGMIIBwjAdBgNVHQ4EFgQU
|
||||
fluXMAT0ZS21pV13vv46m8k7nRkwggEYBgNVHSMEggEPMIIBC4AUyJg651hwk+3B
|
||||
V0rQvQZv9n2bWPahgeekgeQwgeExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEW
|
||||
MBQGA1UEBxMNTW91bnRhaW4gVmlldzEjMCEGA1UEChMaTW96aWxsYSAtIEVWIGRl
|
||||
YnVnIHRlc3QgQ0ExHTAbBgNVBAsTFFNlY3VyaXR5IEVuZ2luZWVyaW5nMSYwJAYD
|
||||
VQQDEx1FViBUZXN0aW5nICh1bnRydXN0d29ydGh5KSBDQTETMBEGA1UEKRMKZXYt
|
||||
dGVzdC1jYTEsMCoGCSqGSIb3DQEJARYdY2hhcmxhdGFuQHRlc3RpbmcuZXhhbXBs
|
||||
ZS5jb22CCQCvxT0iZiZJMjAMBgNVHRMEBTADAQH/MDYGA1UdHwQvMC0wK6ApoCeG
|
||||
JWh0dHA6Ly9leGFtcGxlLmNvbS9yb290LWV2LXRlc3Rlci5jcmwwPwYDVR0gBDgw
|
||||
NjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly9teXRlc3Rkb21haW4ubG9j
|
||||
YWwvY3BzOzANBgkqhkiG9w0BAQUFAAOCAQEAC4grNTV5K8yqiAJ/0f6oIkTMqyJ4
|
||||
lyHXvvKXMHTpRZ7Jdy0aq5KTSHswx64ZRN7V2ds+czzDWgxX3rBuZZAgOW1JYva3
|
||||
Ps3XRYUiaTW8eeaWjuVRFAp7ytRmSsOGeOtHbez8jDmTqPRQ1mTMsMzpY4bFD8do
|
||||
5y0xsbz4DYIeeNnX9+XGB5u2ml8t5L8Cj65wwMAx9HlsjTrfQTMIwpwbNle6GuZ3
|
||||
9FzmE2piAND73yCgU5W66K2lZg8N6vHBq0UhPDCF72y8MlHxQOpTr3/jIGr4X7k9
|
||||
uyYq0Pw5Y/LKyGbyW5iMFdLzabm1ua8IWAf7DSFMH6L3WlK8mngCfJ1icQ==
|
||||
MIIEfDCCA2SgAwIBAgIUETbLA86peOWkUFhyKYIuZVGUEygwDQYJKoZIhvcNAQEL
|
||||
BQAwgdwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRh
|
||||
aW4gVmlldzEjMCEGA1UEChMaTW96aWxsYSAtIEVWIGRlYnVnIHRlc3QgQ0ExHTAb
|
||||
BgNVBAsTFFNlY3VyaXR5IEVuZ2luZWVyaW5nMTYwNAYDVQQDEy1FViBUZXN0aW5n
|
||||
ICh1bnRydXN0d29ydGh5KSBDQS9uYW1lPWV2LXRlc3QtY2ExLDAqBgkqhkiG9w0B
|
||||
CQEWHWNoYXJsYXRhbkB0ZXN0aW5nLmV4YW1wbGUuY29tMCIYDzIwMTAwMTAxMDAw
|
||||
MDAwWhgPMjA1MDAxMDEwMDAwMDBaMIHcMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
|
||||
Q0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxIzAhBgNVBAoTGk1vemlsbGEgLSBF
|
||||
ViBkZWJ1ZyB0ZXN0IENBMR0wGwYDVQQLExRTZWN1cml0eSBFbmdpbmVlcmluZzE2
|
||||
MDQGA1UEAxMtRVYgVGVzdGluZyAodW50cnVzdHdvcnRoeSkgQ0EvbmFtZT1ldi10
|
||||
ZXN0LWNhMSwwKgYJKoZIhvcNAQkBFh1jaGFybGF0YW5AdGVzdGluZy5leGFtcGxl
|
||||
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVJiVydABCNEaH5
|
||||
n4ep49Gl21367PGI2le/ZBNojyzkciz/EJA4wXQCyToqRz29KGrtP9zTY89aKRR3
|
||||
Ab3YGNdhW/k1a9XTyDNqqowJcTaKBsPNRGG5PlFCThdEuy6q1GqrOM4ZaCGWH4dx
|
||||
ShZjaT8JdhzfTWuhJerOx74nDTiPeJ9s33iuMUTtKMReeSk4Y6eiKkiYCjakDnLV
|
||||
ecm5Jd/4x5M2L/1ol6fBdUxel8lnw+rdGq6KoszONIoBabgOKKLXDBqWDG8zXy2g
|
||||
m5tkP1q/uknoqqmB6WDifYdIC91V3ZQX+hhQn7tVTM+BpDl+i6gSijS98nhlwYnl
|
||||
c0+yKQUCAwEAAaMwMC4wCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wEQYDVR0g
|
||||
BAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQArG5slgBRJuytlKFa4qcHW
|
||||
pAOfjN9fwi57fDds1yNv6tXhESdkbVPhIgw+GanVbrVcorGdCkfB51+dPJM+cBgH
|
||||
HSwEB7TQnNYvm/csA1zH4n+CnX9nBL7dwK63n6dyR9f1uvu6KSB+YJm3amKil85a
|
||||
d7HeDWdh+gNhC58lEC2QzuOMivP593aS5vLJHfp8pjc21XJkO8M7SRw44OJKYq9/
|
||||
v0k6v4SznbfZzSLg3gM4aSNuCLExUtUY2myxPFwJs9QQ4xx5zJTjJTRlpxUm630Z
|
||||
n4IYlseao949U+UbBNU4PZKH7dzSQzfhdFJpvK3dsPOPNnHYiXO0xAhsEvvjq8zQ
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
ev
|
|
@ -0,0 +1,7 @@
|
|||
issuer:printableString/C=US/ST=CA/L=Mountain View/O=Mozilla - EV debug test CA/OU=Security Engineering/CN=EV Testing (untrustworthy) CA/name=ev-test-ca/emailAddress=charlatan@testing.example.com
|
||||
subject:printableString/C=US/ST=CA/L=Mountain View/O=Mozilla - EV debug test CA/OU=Security Engineering/CN=EV Testing (untrustworthy) CA/name=ev-test-ca/emailAddress=charlatan@testing.example.com
|
||||
subjectKey:ev
|
||||
validity:20100101-20500101
|
||||
extension:keyUsage:keyCertSign,cRLSign
|
||||
extension:basicConstraints:cA,
|
||||
extension:certificatePolicies:any
|
|
@ -0,0 +1,4 @@
|
|||
subject:expired.example.com
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
extension:subjectAlternativeName:expired.example.com
|
||||
validity:20100105-20100106
|
|
@ -0,0 +1,4 @@
|
|||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
subject:printableString/CN=Imminently Distrusted End Entity
|
||||
validity:20100101-20500101
|
||||
extension:subjectAlternativeName:imminently-distrusted.example.com
|
|
@ -1,15 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQUFADBaMRMwEQYDVQQLEwpVbml0
|
||||
IFRlc3RzMRgwFgYDVQQKEw9Nb3ppbGxhIFRlc3RpbmcxKTAnBgNVBAMTIFNpZ25l
|
||||
ZCBKQVIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA5MDExNTE0MDkwM1oXDTM0
|
||||
MDExNTE0MDkwM1owWjETMBEGA1UECxMKVW5pdCBUZXN0czEYMBYGA1UEChMPTW96
|
||||
aWxsYSBUZXN0aW5nMSkwJwYDVQQDEyBTaWduZWQgSkFSIENlcnRpZmljYXRlIEF1
|
||||
dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsQd8eUw4WSK7YoKl
|
||||
hqe+CjEgI5Rs3TirWtDsfmMtMBmTvRhJpdTeMAFTpWvlOPuXJwkKXMMFLxE8ayNX
|
||||
fO5ixCgJ7LrpguOVZ3pY4RvEyE6yh3Hv81Ztblbo120IdcrkyN4KMs5EgeauDllU
|
||||
ehhbq9lmnmQxIQs3KPcoMteqAXcCAwEAAaMjMCEwEQYJYIZIAYb4QgEBBAQDAgAH
|
||||
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAAZHhPT133TcavAKnn37X
|
||||
0VE9davrX7t20CLb06KYpgkg7yO0BjIjTnYeJBQgaH652pZVEFT7dbi0JTn4BMXz
|
||||
EwOQ2JjzjwNUDHpWAopiCKxAnjwy/kGcZfkKUydwQHKr8m1Faywu1Cyrj0gBHClL
|
||||
b2b9ywK4pb545mE6V9pi1zg=
|
||||
-----END CERTIFICATE-----
|
Двоичные данные
build/pgo/certs/key4.db
Двоичные данные
build/pgo/certs/key4.db
Двоичный файл не отображается.
|
@ -0,0 +1,3 @@
|
|||
subject:Mochitest client
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
serialNumber:3
|
Двоичные данные
build/pgo/certs/mochitest.client
Двоичные данные
build/pgo/certs/mochitest.client
Двоичный файл не отображается.
|
@ -0,0 +1 @@
|
|||
default
|
|
@ -1,15 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICXTCCAcagAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMSQwIgYDVQQLExtQcm9m
|
||||
aWxlIEd1aWRlZCBPcHRpbWl6YXRpb24xGDAWBgNVBAoTD01vemlsbGEgVGVzdGlu
|
||||
ZzEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0w
|
||||
ODA1MjIwMDM4MDVaFw0xODA1MjIwMDM4MDVaMGoxJDAiBgNVBAsTG1Byb2ZpbGUg
|
||||
R3VpZGVkIE9wdGltaXphdGlvbjEYMBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSgw
|
||||
JgYDVQQDEx9UZW1wb3JhcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqG
|
||||
SIb3DQEBAQUAA4GNADCBiQKBgQDg6iipAXGZYmgTcHfx8M2hcLqmqDalcj7sZ1A7
|
||||
a3LiCBb+1uHKKy9hUxRUe61aJF4NgMAF5oc+HpXN0hpvkiNHxqqD7R6hrkP3gAJ3
|
||||
eczEFKsFUI6AqaCL0+xpyhaaZmmarcHxU+PL2h5zq6VssxfBAsO0DkzWzk6E8vM+
|
||||
jrku7QIDAQABoxMwETAPBgNVHRMECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4GB
|
||||
ALPbn3Ztg0m8qDt8Vkf5You6HEqIxZe+ffDTrfq/L7ofHk/OXEpL7OWKRHU33pNG
|
||||
QS8khBG+sO461C51s6u9giW+eq2PaQv2HGASBpDbvPqc/Hf+zupZsdsXzHv6rt0V
|
||||
lu5B6nOpMse1nhA494i1ARSuBNzLv5mas38YWG8Rr6jR
|
||||
MIIDgzCCAmugAwIBAgIUQx5pxD+JMg1qPztfSg1Ucw8xsz0wDQYJKoZIhvcNAQEL
|
||||
BQAwajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
|
||||
MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
|
||||
ZCBPcHRpbWl6YXRpb24wIhgPMjAxMDAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAw
|
||||
MFowajEoMCYGA1UEAxMfVGVtcG9yYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eTEY
|
||||
MBYGA1UEChMPTW96aWxsYSBUZXN0aW5nMSQwIgYDVQQLExtQcm9maWxlIEd1aWRl
|
||||
ZCBPcHRpbWl6YXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
|
||||
iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
|
||||
4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
|
||||
8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
|
||||
Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
|
||||
77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
|
||||
I/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAMBgNVHRMEBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAYFnzom5ROuxDR3WFQatxHs5ekni4uUbEx
|
||||
6pN8fOzcsllEfCwvmMLVCh36ffSguf/UlmR5Hq1s/S7iMiic5mnK4aaVwixzS4Z3
|
||||
ug7Dc+fG7j0VOcBTKWU983xUK/1F409ghQ5KlO38KA7hyx1kzjYjzvxLaweDXRqr
|
||||
J/RZ1ACP2fKNziEOCbXzzzEx39oc17NBV+LotPFzKZ+pcxMDrtiNts4hwCw/UUw7
|
||||
Gp0tKte2CevGJbzjPHP3/6FUzHfOatZSpxEmvAcSTDp5sjdVuOStx4v6jVrwvyAz
|
||||
VQzDPzaRWh3NtY5JNasrhExr5qxQlygfBngCMgZ9gESG9FvLG+sx
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
default
|
|
@ -0,0 +1,5 @@
|
|||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
subject:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
validity:20100101-20500101
|
||||
extension:keyUsage:keyCertSign,cRLSign
|
||||
extension:basicConstraints:cA,
|
Двоичные данные
build/pgo/certs/pgoca.p12
Двоичные данные
build/pgo/certs/pgoca.p12
Двоичный файл не отображается.
Двоичные данные
build/pgo/certs/secmod.db
Двоичные данные
build/pgo/certs/secmod.db
Двоичный файл не отображается.
|
@ -0,0 +1,3 @@
|
|||
issuer:self-signed.example.com
|
||||
subject:self-signed.example.com
|
||||
extension:subjectAlternativeName:self-signed.example.com
|
|
@ -0,0 +1,4 @@
|
|||
subject:sha1ee.example.com
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
extension:subjectAlternativeName:sha1ee.example.com
|
||||
signature:sha1WithRSAEncryption
|
|
@ -0,0 +1,4 @@
|
|||
subject:sha256ee.example.com
|
||||
issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization
|
||||
extension:subjectAlternativeName:sha256ee.example.com
|
||||
signature:sha256WithRSAEncryption
|
|
@ -0,0 +1,5 @@
|
|||
subject:include-subdomains.pinning.example.com
|
||||
issuer:Alternate Trusted Authority
|
||||
extension:subjectAlternativeName:include-subdomains.pinning.example.com
|
||||
subjectKey:alternate
|
||||
issuerKey:alternate
|
|
@ -0,0 +1 @@
|
|||
alternate
|
|
@ -0,0 +1,5 @@
|
|||
issuer:Unknown CA
|
||||
subject:Unknown CA
|
||||
validity:20100101-20500101
|
||||
extension:keyUsage:keyCertSign,cRLSign
|
||||
extension:basicConstraints:cA,
|
|
@ -0,0 +1,3 @@
|
|||
subject:untrusted.example.com
|
||||
issuer:Unknown CA
|
||||
extension:subjectAlternativeName:untrusted.example.com
|
|
@ -0,0 +1,4 @@
|
|||
subject:untrusted-expired.example.com
|
||||
issuer:Unknown CA
|
||||
extension:subjectAlternativeName:untrusted-expired.example.com
|
||||
validity:20121012-20121012
|
|
@ -15,9 +15,10 @@ import shutil
|
|||
import subprocess
|
||||
import sys
|
||||
import tempfile
|
||||
import distutils
|
||||
|
||||
from mozbuild.base import MozbuildObject
|
||||
from mozfile import NamedTemporaryFile
|
||||
from mozfile import NamedTemporaryFile, TemporaryDirectory
|
||||
from mozprofile.permissions import ServerLocations
|
||||
|
||||
dbFiles = [
|
||||
|
@ -41,8 +42,7 @@ def dbFilesExist(path):
|
|||
return True
|
||||
return False
|
||||
|
||||
|
||||
def runUtil(util, args, inputdata = None):
|
||||
def runUtil(util, args, inputdata = None, outputstream = None):
|
||||
env = os.environ.copy()
|
||||
if mozinfo.os == "linux":
|
||||
pathvar = "LD_LIBRARY_PATH"
|
||||
|
@ -52,165 +52,132 @@ def runUtil(util, args, inputdata = None):
|
|||
else:
|
||||
env[pathvar] = app_path
|
||||
proc = subprocess.Popen([util] + args, env=env,
|
||||
stdin=subprocess.PIPE if inputdata else None)
|
||||
stdin=subprocess.PIPE if inputdata else None,
|
||||
stdout=outputstream)
|
||||
proc.communicate(inputdata)
|
||||
return proc.returncode
|
||||
|
||||
|
||||
def createRandomFile(randomFile):
|
||||
for count in xrange(0, 2048):
|
||||
randomFile.write(chr(random.randint(0, 255)))
|
||||
|
||||
|
||||
def createCertificateAuthority(build, srcDir):
|
||||
certutil = build.get_binary_path(what="certutil")
|
||||
pk12util = build.get_binary_path(what="pk12util")
|
||||
|
||||
#TODO: mozfile.TemporaryDirectory
|
||||
tempDbDir = tempfile.mkdtemp()
|
||||
with NamedTemporaryFile() as pwfile, NamedTemporaryFile() as rndfile:
|
||||
pgoCAModulePathSrc = os.path.join(srcDir, "pgoca.p12")
|
||||
pgoCAPathSrc = os.path.join(srcDir, "pgoca.ca")
|
||||
|
||||
pwfile.write("\n")
|
||||
|
||||
# Create temporary certification database for CA generation
|
||||
status = runUtil(certutil, ["-N", "-d", tempDbDir, "-f", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
createRandomFile(rndfile)
|
||||
status = runUtil(certutil, ["-S", "-d", tempDbDir, "-s", "CN=Temporary Certificate Authority, O=Mozilla Testing, OU=Profile Guided Optimization", "-t", "C,,", "-x", "-m", "1", "-v", "120", "-n", "pgo temporary ca", "-2", "-f", pwfile.name, "-z", rndfile.name], "Y\n0\nN\n")
|
||||
if status:
|
||||
return status
|
||||
|
||||
status = runUtil(certutil, ["-L", "-d", tempDbDir, "-n", "pgo temporary ca", "-a", "-o", pgoCAPathSrc, "-f", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
status = runUtil(pk12util, ["-o", pgoCAModulePathSrc, "-n", "pgo temporary ca", "-d", tempDbDir, "-w", pwfile.name, "-k", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
shutil.rmtree(tempDbDir)
|
||||
return 0
|
||||
|
||||
|
||||
def createSSLServerCertificate(build, srcDir):
|
||||
certutil = build.get_binary_path(what="certutil")
|
||||
pk12util = build.get_binary_path(what="pk12util")
|
||||
|
||||
with NamedTemporaryFile() as pwfile, NamedTemporaryFile() as rndfile:
|
||||
pgoCAPath = os.path.join(srcDir, "pgoca.p12")
|
||||
|
||||
pwfile.write("\n")
|
||||
|
||||
if not dbFilesExist(srcDir):
|
||||
# Make sure all DB files from src are really deleted
|
||||
unlinkDbFiles(srcDir)
|
||||
|
||||
# Create certification database for ssltunnel
|
||||
status = runUtil(certutil, ["-N", "-d", srcDir, "-f", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
status = runUtil(pk12util, ["-i", pgoCAPath, "-w", pwfile.name, "-d", srcDir, "-k", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
# Generate automatic certificate
|
||||
def writeCertspecForServerLocations(fd):
|
||||
locations = ServerLocations(os.path.join(build.topsrcdir,
|
||||
"build", "pgo",
|
||||
"server-locations.txt"))
|
||||
iterator = iter(locations)
|
||||
SAN=[]
|
||||
for loc in [i for i in iter(locations) if i.scheme == "https" and "nocert" not in i.options]:
|
||||
customCertOption = False
|
||||
customCertRE = re.compile("^cert=(?:\w+)")
|
||||
for _ in [i for i in loc.options if customCertRE.match(i)]:
|
||||
customCertOption = True
|
||||
break
|
||||
|
||||
# Skips the first entry, I don't know why: bug 879740
|
||||
iterator.next()
|
||||
if not customCertOption:
|
||||
SAN.append(loc.host)
|
||||
|
||||
locationsParam = ""
|
||||
firstLocation = ""
|
||||
for loc in iterator:
|
||||
if loc.scheme == "https" and "nocert" not in loc.options:
|
||||
customCertOption = False
|
||||
customCertRE = re.compile("^cert=(?:\w+)")
|
||||
for option in loc.options:
|
||||
match = customCertRE.match(option)
|
||||
if match:
|
||||
customCertOption = True
|
||||
break
|
||||
fd.write("issuer:printableString/CN=Temporary Certificate Authority/O=Mozilla Testing/OU=Profile Guided Optimization\n")
|
||||
fd.write("subject:{}\n".format(SAN[0]))
|
||||
fd.write("extension:subjectAlternativeName:{}\n".format(",".join(SAN)))
|
||||
|
||||
if not customCertOption:
|
||||
if len(locationsParam) > 0:
|
||||
locationsParam += ","
|
||||
locationsParam += loc.host
|
||||
def constructCertDatabase(build, srcDir):
|
||||
certutil = build.get_binary_path(what="certutil")
|
||||
pk12util = build.get_binary_path(what="pk12util")
|
||||
openssl = distutils.spawn.find_executable("openssl")
|
||||
pycert = os.path.join(build.topsrcdir, "security", "manager", "ssl", "tests",
|
||||
"unit", "pycert.py")
|
||||
pykey = os.path.join(build.topsrcdir, "security", "manager", "ssl", "tests",
|
||||
"unit", "pykey.py")
|
||||
|
||||
if firstLocation == "":
|
||||
firstLocation = loc.host
|
||||
|
||||
if not firstLocation:
|
||||
print "Nothing to generate, no automatic secure hosts specified"
|
||||
else:
|
||||
createRandomFile(rndfile)
|
||||
with NamedTemporaryFile() as pwfile, NamedTemporaryFile() as rndfile, TemporaryDirectory() as pemfolder:
|
||||
pgoCAPath = os.path.join(srcDir, "pgoca.p12")
|
||||
|
||||
runUtil(certutil, ["-D", "-n", "pgo server certificate", "-d", srcDir, "-z", rndfile.name, "-f", pwfile.name])
|
||||
# Ignore the result, the certificate may not be present when new database is being built
|
||||
pwfile.write("\n")
|
||||
pwfile.flush()
|
||||
|
||||
status = runUtil(certutil, ["-S", "-s", "CN=%s" % firstLocation, "-t", "Pu,,", "-c", "pgo temporary ca", "-m", "2", "-8", locationsParam, "-v", "120", "-n", "pgo server certificate", "-d", srcDir, "-z", rndfile.name, "-f", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
if dbFilesExist(srcDir):
|
||||
# Make sure all DB files from src are really deleted
|
||||
unlinkDbFiles(srcDir)
|
||||
|
||||
status = runUtil(certutil, ["-S", "-s", "CN=Imminently Distrusted End Entity", "-t", "P,,", "-c", "pgo temporary ca", "-k", "rsa", "-g", "2048", "-Z", "SHA256", "-m", "1519140221", "-n", "imminently_distrusted", "-v", "120", "-8", "imminently-distrusted.example.com", "-d", srcDir, "-z", rndfile.name, "-f", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
# Copy all .certspec and .keyspec files to a temporary directory
|
||||
for root, dirs, files in os.walk(srcDir):
|
||||
for spec in [i for i in files if i.endswith(".certspec") or i.endswith(".keyspec")]:
|
||||
shutil.copyfile(os.path.join(root, spec), os.path.join(pemfolder, spec))
|
||||
|
||||
"""
|
||||
As of February 2018, there are 15 more certificates which are not created by
|
||||
this script. See bug 1441338:
|
||||
# Write a certspec for the "server-locations.txt" file to that temporary directory
|
||||
pgoserver_certspec = os.path.join(pemfolder, "pgoserver.certspec")
|
||||
if os.path.exists(pgoserver_certspec):
|
||||
raise Exception("{} already exists, which isn't allowed".format(pgoserver_certspec))
|
||||
with open(pgoserver_certspec, "w") as fd:
|
||||
writeCertspecForServerLocations(fd)
|
||||
|
||||
selfsigned Pu,u,u
|
||||
Unknown CA Cu,u,u
|
||||
escapeattack1 Pu,u,u
|
||||
untrustedandexpired Pu,u,u
|
||||
alternateTrustedAuthority Cu,u,u
|
||||
dynamicPinningGood Pu,u,u
|
||||
staticPinningBad Pu,u,u
|
||||
sha1_end_entity Pu,u,u
|
||||
bug413909cert u,u,u
|
||||
untrusted Pu,u,u
|
||||
escapeattack2 Pu,u,u
|
||||
expired Pu,u,u
|
||||
dynamicPinningBad Pu,u,u
|
||||
sha256_end_entity Pu,u,u
|
||||
"""
|
||||
# Generate certs for all certspecs
|
||||
for root, dirs, files in os.walk(pemfolder):
|
||||
for certspec in [i for i in files if i.endswith(".certspec")]:
|
||||
name = certspec.split(".certspec")[0]
|
||||
pem = os.path.join(pemfolder, "{}.cert.pem".format(name))
|
||||
|
||||
print("Generating public certificate {} (pem={})".format(name, pem))
|
||||
|
||||
with open(os.path.join(root, certspec), "r") as certspec_file:
|
||||
certspec_data = certspec_file.read()
|
||||
with open(pem, "w") as pem_file:
|
||||
status = runUtil(pycert, [], inputdata=certspec_data, outputstream=pem_file)
|
||||
if status:
|
||||
return status
|
||||
|
||||
status = runUtil(certutil, ["-A", "-n", name, "-t", "P,,", "-i", pem, "-d", srcDir, "-f", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
|
||||
for keyspec in [i for i in files if i.endswith(".keyspec")]:
|
||||
parts = keyspec.split(".")
|
||||
name = parts[0]
|
||||
key_type = parts[1]
|
||||
if key_type not in ["ca", "client", "server"]:
|
||||
raise Exception("{}: keyspec filenames must be of the form XXX.client.keyspec or XXX.ca.keyspec (key_type={})".format(keyspec, key_type))
|
||||
key_pem = os.path.join(pemfolder, "{}.key.pem".format(name))
|
||||
|
||||
print("Generating private key {} (pem={})".format(name, key_pem))
|
||||
|
||||
with open(os.path.join(root, keyspec), "r") as keyspec_file:
|
||||
keyspec_data = keyspec_file.read()
|
||||
with open(key_pem, "w") as pem_file:
|
||||
status = runUtil(pykey, [], inputdata=keyspec_data, outputstream=pem_file)
|
||||
if status:
|
||||
return status
|
||||
|
||||
cert_pem = os.path.join(pemfolder, "{}.cert.pem".format(name))
|
||||
if not os.path.exists(cert_pem):
|
||||
raise Exception("There has to be a corresponding certificate named {} for the keyspec {}".format(cert_pem, keyspec))
|
||||
|
||||
p12 = os.path.join(pemfolder, "{}.key.p12".format(name))
|
||||
print("Converting private key {} to PKCS12 (p12={})".format(key_pem, p12))
|
||||
status = runUtil(openssl, ["pkcs12", "-export", "-inkey", key_pem, "-in", cert_pem, "-name", name, "-out", p12, "-passout", "file:"+pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
print("Importing private key {} to database".format(key_pem))
|
||||
status = runUtil(pk12util, ["-i", p12, "-d", srcDir, "-w", pwfile.name, "-k", pwfile.name])
|
||||
if status:
|
||||
return status
|
||||
|
||||
if key_type == "ca":
|
||||
shutil.copyfile(cert_pem, os.path.join(srcDir, "{}.ca".format(name)))
|
||||
elif key_type == "client":
|
||||
shutil.copyfile(p12, os.path.join(srcDir, "{}.client".format(name)))
|
||||
elif key_type == "server":
|
||||
pass # Nothing to do for server keys
|
||||
else:
|
||||
raise Exception("State error: Unknown keyspec key_type: {}".format(key_type))
|
||||
|
||||
return 0
|
||||
|
||||
if len(sys.argv) == 1:
|
||||
print "Specify --gen-server or --gen-ca"
|
||||
sys.exit(1)
|
||||
|
||||
build = MozbuildObject.from_environment()
|
||||
certdir = os.path.join(build.topsrcdir, "build", "pgo", "certs")
|
||||
if sys.argv[1] == "--gen-server":
|
||||
certificateStatus = createSSLServerCertificate(build, certdir)
|
||||
if certificateStatus:
|
||||
print "TEST-UNEXPECTED-FAIL | SSL Server Certificate generation"
|
||||
|
||||
sys.exit(certificateStatus)
|
||||
|
||||
if sys.argv[1] == "--gen-ca":
|
||||
certificateStatus = createCertificateAuthority(build, certdir)
|
||||
if certificateStatus:
|
||||
print "TEST-UNEXPECTED-FAIL | Certificate Authority generation"
|
||||
else:
|
||||
print "\n\n"
|
||||
print "==================================================="
|
||||
print " IMPORTANT:"
|
||||
print " To use this new certificate authority in tests"
|
||||
print " run 'make' at testing/mochitest"
|
||||
print "==================================================="
|
||||
|
||||
sys.exit(certificateStatus)
|
||||
|
||||
print "Invalid option specified"
|
||||
sys.exit(1)
|
||||
certificateStatus = constructCertDatabase(build, certdir)
|
||||
if certificateStatus:
|
||||
print "TEST-UNEXPECTED-FAIL | SSL Server Certificate generation"
|
||||
sys.exit(certificateStatus)
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
"ansi-escapes": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.0.0.tgz",
|
||||
"integrity": "sha512-O/klc27mWNUigtv0F8NJWbLF00OcegQalkqKURWdosW08YZKi4m6CnSUSvIZG1otNJbTWhN01Hhz389DW7mvDQ=="
|
||||
"integrity": "sha1-7D6LTp+AZPwCw6ybZfHCdb2o75I="
|
||||
},
|
||||
"ansi-regex": {
|
||||
"version": "2.1.1",
|
||||
|
@ -175,7 +175,7 @@
|
|||
"circular-json": {
|
||||
"version": "0.3.3",
|
||||
"resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
|
||||
"integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A=="
|
||||
"integrity": "sha1-gVyZ6oT2gJUp0vRXkb34JxE1LWY="
|
||||
},
|
||||
"cli-cursor": {
|
||||
"version": "2.1.0",
|
||||
|
@ -198,7 +198,7 @@
|
|||
"color-convert": {
|
||||
"version": "1.9.1",
|
||||
"resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.1.tgz",
|
||||
"integrity": "sha512-mjGanIiwQJskCC18rPR6OmrZ6fm2Lc7PeGFYwCmy5J34wC6F1PzdGL6xeMfmgicfYcNLGuVFA3WzXtIDCQSZxQ==",
|
||||
"integrity": "sha1-wSYRB66y8pTr/+ye2eytUppgl+0=",
|
||||
"requires": {
|
||||
"color-name": "1.1.3"
|
||||
}
|
||||
|
@ -241,7 +241,7 @@
|
|||
"debug": {
|
||||
"version": "3.1.0",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
|
||||
"integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
|
||||
"integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
|
||||
"requires": {
|
||||
"ms": "2.0.0"
|
||||
}
|
||||
|
@ -268,7 +268,7 @@
|
|||
"doctrine": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
|
||||
"integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
|
||||
"integrity": "sha1-XNAfwQFiG0LEzX9dGmYkNxbT850=",
|
||||
"requires": {
|
||||
"esutils": "2.0.2"
|
||||
}
|
||||
|
@ -368,7 +368,7 @@
|
|||
"eslint-plugin-html": {
|
||||
"version": "4.0.2",
|
||||
"resolved": "https://registry.npmjs.org/eslint-plugin-html/-/eslint-plugin-html-4.0.2.tgz",
|
||||
"integrity": "sha512-CrQd0F8GWdNWnu4PFrYZl+LjUCXNVy2h0uhDMtnf/7VKc9HRcnkXSrlg0BSGfptZPSzmwnnwCaREAa9+fnQhYw==",
|
||||
"integrity": "sha1-DlYUnkLC/8Pw32JhqLuWsanyKA0=",
|
||||
"requires": {
|
||||
"htmlparser2": "3.9.2"
|
||||
}
|
||||
|
@ -410,7 +410,7 @@
|
|||
"eslint-visitor-keys": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
|
||||
"integrity": "sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ=="
|
||||
"integrity": "sha1-PzGA+y4pEBdxastMnW1bXDSmqB0="
|
||||
},
|
||||
"espree": {
|
||||
"version": "3.5.4",
|
||||
|
@ -424,7 +424,7 @@
|
|||
"esprima": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.0.tgz",
|
||||
"integrity": "sha512-oftTcaMu/EGrEIu904mWteKIv8vMuOgGYo7EhVJJN00R/EED9DCua/xxHRdYnKtcECzVg7xOWhflvJMnqcFZjw=="
|
||||
"integrity": "sha1-RJnt3NERDgshi6zy+n9/WfVcqAQ="
|
||||
},
|
||||
"esquery": {
|
||||
"version": "1.0.0",
|
||||
|
@ -455,7 +455,7 @@
|
|||
"external-editor": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.1.0.tgz",
|
||||
"integrity": "sha512-E44iT5QVOUJBKij4IIV3uvxuNlbKS38Tw1HiupxEIHPv9qtC2PrDYohbXV5U+1jnfIXttny8gUhj+oZvflFlzA==",
|
||||
"integrity": "sha1-PQJqIbf5W1cmOH1CAKwWDTcsO0g=",
|
||||
"requires": {
|
||||
"chardet": "0.4.2",
|
||||
"iconv-lite": "0.4.19",
|
||||
|
@ -513,7 +513,7 @@
|
|||
"function-bind": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
|
||||
"integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
|
||||
"integrity": "sha1-pWiZ0+o8m6uHS7l3O3xe3pL0iV0="
|
||||
},
|
||||
"functional-red-black-tree": {
|
||||
"version": "1.0.1",
|
||||
|
@ -523,7 +523,7 @@
|
|||
"glob": {
|
||||
"version": "7.1.2",
|
||||
"resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
|
||||
"integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
|
||||
"integrity": "sha1-wZyd+aAocC1nhhI4SmVSQExjbRU=",
|
||||
"requires": {
|
||||
"fs.realpath": "1.0.0",
|
||||
"inflight": "1.0.6",
|
||||
|
@ -536,7 +536,7 @@
|
|||
"globals": {
|
||||
"version": "11.3.0",
|
||||
"resolved": "https://registry.npmjs.org/globals/-/globals-11.3.0.tgz",
|
||||
"integrity": "sha512-kkpcKNlmQan9Z5ZmgqKH/SMbSmjxQ7QjyNqfXVc8VJcoBV2UEg+sxQD15GQofGRh2hfpwUb70VC31DR7Rq5Hdw=="
|
||||
"integrity": "sha1-4E/be5eW2K2snI9kwUg3sjEzeLA="
|
||||
},
|
||||
"globby": {
|
||||
"version": "5.0.0",
|
||||
|
@ -593,12 +593,12 @@
|
|||
"iconv-lite": {
|
||||
"version": "0.4.19",
|
||||
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.19.tgz",
|
||||
"integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ=="
|
||||
"integrity": "sha1-90aPYBNfXl2tM5nAqBvpoWA6CCs="
|
||||
},
|
||||
"ignore": {
|
||||
"version": "3.3.7",
|
||||
"resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.7.tgz",
|
||||
"integrity": "sha512-YGG3ejvBNHRqu0559EOxxNFihD0AjpvHlC/pdGKd3X3ofe+CoJkYazwNJYTNebqpPKN+VVQbh4ZFn1DivMNuHA=="
|
||||
"integrity": "sha1-YSKJv7PCIOGGpYEYYY1b6MG6sCE="
|
||||
},
|
||||
"imurmurhash": {
|
||||
"version": "0.1.4",
|
||||
|
@ -627,7 +627,7 @@
|
|||
"inquirer": {
|
||||
"version": "3.3.0",
|
||||
"resolved": "https://registry.npmjs.org/inquirer/-/inquirer-3.3.0.tgz",
|
||||
"integrity": "sha512-h+xtnyk4EwKvFWHrUYsWErEVR+igKtLdchu+o0Z1RL7VU/jVMFbYir2bp6bAj8efFNxWqHX0dIss6fJQ+/+qeQ==",
|
||||
"integrity": "sha1-ndLyrXZdyrH/BEO0kUQqILoifck=",
|
||||
"requires": {
|
||||
"ansi-escapes": "3.0.0",
|
||||
"chalk": "2.3.2",
|
||||
|
@ -679,7 +679,7 @@
|
|||
"is-resolvable": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/is-resolvable/-/is-resolvable-1.1.0.tgz",
|
||||
"integrity": "sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg=="
|
||||
"integrity": "sha1-+xj4fOH+uSUWnJpAfBkxijIG7Yg="
|
||||
},
|
||||
"isarray": {
|
||||
"version": "1.0.0",
|
||||
|
@ -732,7 +732,7 @@
|
|||
"lodash": {
|
||||
"version": "4.17.5",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz",
|
||||
"integrity": "sha512-svL3uiZf1RwhH+cWrfZn3A4+U58wbP0tGVTLQPbjplZxZ8ROD9VLuNgsRniTlLe7OlSqR79RUehXgpBW/s0IQw=="
|
||||
"integrity": "sha1-maktZcAnLevoyWtgV7yPv6O+1RE="
|
||||
},
|
||||
"lru-cache": {
|
||||
"version": "4.1.2",
|
||||
|
@ -746,12 +746,12 @@
|
|||
"mimic-fn": {
|
||||
"version": "1.2.0",
|
||||
"resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz",
|
||||
"integrity": "sha512-jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ=="
|
||||
"integrity": "sha1-ggyGo5M0ZA6ZUWkovQP8qIBX0CI="
|
||||
},
|
||||
"minimatch": {
|
||||
"version": "3.0.4",
|
||||
"resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
|
||||
"integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
|
||||
"integrity": "sha1-UWbihkV/AzBgZL5Ul+jbsMPTIIM=",
|
||||
"requires": {
|
||||
"brace-expansion": "1.1.11"
|
||||
}
|
||||
|
@ -854,7 +854,7 @@
|
|||
"pluralize": {
|
||||
"version": "7.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
|
||||
"integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow=="
|
||||
"integrity": "sha1-KYuJ34uTsCIdv0Ia0rGx6iP8Z3c="
|
||||
},
|
||||
"prelude-ls": {
|
||||
"version": "1.1.2",
|
||||
|
@ -916,7 +916,7 @@
|
|||
"rimraf": {
|
||||
"version": "2.6.2",
|
||||
"resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz",
|
||||
"integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==",
|
||||
"integrity": "sha1-LtgVDSShbqhlHm1u8PR8QVjOejY=",
|
||||
"requires": {
|
||||
"glob": "7.1.2"
|
||||
}
|
||||
|
@ -945,7 +945,7 @@
|
|||
"safe-buffer": {
|
||||
"version": "5.1.1",
|
||||
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
|
||||
"integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
|
||||
"integrity": "sha1-iTMSr2myEj3vcfV4iQAWce6yyFM="
|
||||
},
|
||||
"sax": {
|
||||
"version": "1.2.4",
|
||||
|
@ -955,7 +955,7 @@
|
|||
"semver": {
|
||||
"version": "5.5.0",
|
||||
"resolved": "https://registry.npmjs.org/semver/-/semver-5.5.0.tgz",
|
||||
"integrity": "sha512-4SJ3dm0WAwWy/NVeioZh5AntkdJoWKxHxcmyP622fOkgHa4z3R0TdBJICINyaSDE6uNwVc8gZr+ZinwZAH4xIA=="
|
||||
"integrity": "sha1-3Eu8emyp2Rbe5dQ1FvAJK1j3uKs="
|
||||
},
|
||||
"shebang-command": {
|
||||
"version": "1.2.0",
|
||||
|
@ -978,7 +978,7 @@
|
|||
"slice-ansi": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-1.0.0.tgz",
|
||||
"integrity": "sha512-POqxBK6Lb3q6s047D/XsDVNPnF9Dl8JSaqe9h9lURl0OdNqy/ujDrOiIHtsqXMGbWWTIomRzAMaTyawAU//Reg==",
|
||||
"integrity": "sha1-BE8aSdiEL/MHqta1Be0Xi9lQE00=",
|
||||
"requires": {
|
||||
"is-fullwidth-code-point": "2.0.0"
|
||||
}
|
||||
|
@ -991,7 +991,7 @@
|
|||
"string-width": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
|
||||
"integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
|
||||
"integrity": "sha1-q5Pyeo3BPSjKyBXEYhQ6bZASrp4=",
|
||||
"requires": {
|
||||
"is-fullwidth-code-point": "2.0.0",
|
||||
"strip-ansi": "4.0.0"
|
||||
|
@ -1000,7 +1000,7 @@
|
|||
"string_decoder": {
|
||||
"version": "1.0.3",
|
||||
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz",
|
||||
"integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==",
|
||||
"integrity": "sha1-D8Z9fBQYJd6UKC3VNr7GubzoYKs=",
|
||||
"requires": {
|
||||
"safe-buffer": "5.1.1"
|
||||
}
|
||||
|
@ -1033,7 +1033,7 @@
|
|||
"table": {
|
||||
"version": "4.0.2",
|
||||
"resolved": "https://registry.npmjs.org/table/-/table-4.0.2.tgz",
|
||||
"integrity": "sha512-UUkEAPdSGxtRpiV9ozJ5cMTtYiqz7Ni1OGqLXRCynrvzdtR1p+cfOWe2RJLwvUG8hNanaSRjecIqwOjqeatDsA==",
|
||||
"integrity": "sha1-ozRHN1OR52atNNNIbm4q7chNLjY=",
|
||||
"requires": {
|
||||
"ajv": "5.5.2",
|
||||
"ajv-keywords": "2.1.1",
|
||||
|
@ -1056,7 +1056,7 @@
|
|||
"tmp": {
|
||||
"version": "0.0.33",
|
||||
"resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
|
||||
"integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
|
||||
"integrity": "sha1-bTQzWIl2jSGyvNoKonfO07G/rfk=",
|
||||
"requires": {
|
||||
"os-tmpdir": "1.0.2"
|
||||
}
|
||||
|
@ -1082,7 +1082,7 @@
|
|||
"which": {
|
||||
"version": "1.3.0",
|
||||
"resolved": "https://registry.npmjs.org/which/-/which-1.3.0.tgz",
|
||||
"integrity": "sha512-xcJpopdamTuY5duC/KnTTNBraPK54YwpenP4lzxU8H91GudWpFv38u0CKjclE1Wi2EH2EDz5LRcHcKbCIzqGyg==",
|
||||
"integrity": "sha1-/wS9/AEO5UfXgL7DjhrBwnd9JTo=",
|
||||
"requires": {
|
||||
"isexe": "2.0.0"
|
||||
}
|
||||
|
|
|
@ -82,8 +82,8 @@ function checkDialogContents(win, notBefore, notAfter) {
|
|||
Assert.equal(validity, `Valid from ${notBefore} to ${notAfter}`,
|
||||
"Actual and expected validity should be equal");
|
||||
Assert.equal(issuer,
|
||||
"Issued by: CN=Temporary Certificate Authority,O=Mozilla " +
|
||||
"Testing,OU=Profile Guided Optimization",
|
||||
"Issued by: OU=Profile Guided Optimization,O=Mozilla Testing," +
|
||||
"CN=Temporary Certificate Authority",
|
||||
"Actual and expected issuer should be equal");
|
||||
Assert.equal(tokenName, "Stored on: Software Security Device",
|
||||
"Actual and expected token name should be equal");
|
||||
|
|
|
@ -726,7 +726,7 @@ class Certificate(object):
|
|||
while b64:
|
||||
output += '\n' + b64[:64]
|
||||
b64 = b64[64:]
|
||||
output += '\n-----END CERTIFICATE-----\n'
|
||||
output += '\n-----END CERTIFICATE-----'
|
||||
return output
|
||||
|
||||
|
||||
|
|
|
@ -756,4 +756,4 @@ def main(output, inputPath):
|
|||
# When run as a standalone program, this will read a specification from
|
||||
# stdin and output the certificate as PEM to stdout.
|
||||
if __name__ == '__main__':
|
||||
print keyFromSpecification(sys.stdin.read()).toPEM()
|
||||
print keyFromSpecification(sys.stdin.read().strip()).toPEM()
|
||||
|
|
|
@ -621,7 +621,7 @@ class SSLTunnel:
|
|||
config.write(
|
||||
"websocketserver:%s:%s\n" %
|
||||
(self.webServer, self.webSocketPort))
|
||||
config.write("listen:*:%s:pgo server certificate\n" % self.sslPort)
|
||||
config.write("listen:*:%s:pgoserver\n" % self.sslPort)
|
||||
|
||||
for loc in locations:
|
||||
if loc.scheme == "https" and "nocert" not in loc.options:
|
||||
|
|
Загрузка…
Ссылка в новой задаче