Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler

--HG-- extra : rebase_source : 4f0310323c3e7ac7e9e8c453d41aa0ef9cbd910a
2015-07-29 23:56:33 -07:00 · 2015-07-29 23:56:33 -07:00 · 8a9392bf5e
--- a/security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
+++ b/security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
@ -10,15 +10,6 @@ import pexpect
 import time
 import sys

-aia_prefix = 'authorityInfoAccess = OCSP;URI:http://www.example.com:8888/'
-aia_suffix = '/\n'
-
-mozilla_testing_ev_policy = ('certificatePolicies = @v3_ca_ev_cp\n\n' +
-                             '[ v3_ca_ev_cp ]\n' +
-                             'policyIdentifier = ' +
-                             '1.3.6.1.4.1.13769.666.666.666.1.500.9.1\n\n' +
-                             'CPS.1 = "http://mytestdomain.local/cps"')
-
 default_validity_in_days = 10 * 365

 def generate_cert_generic(db_dir, dest_dir, serial_num,  key_type, name,
@ -183,24 +174,6 @@ def generate_pkcs12(db_dir, dest_dir, der_cert_filename, key_pem_filename,
    child.expect(pexpect.EOF)
    return pk12_filename

-def import_cert_and_pkcs12(db_dir, cert_filename, pkcs12_filename, nickname,
-                           trust_flags):
-    """
-    Imports a given certificate file and PKCS12 file into the SQL NSS DB.
-
-    Arguments:
-      db_dir -- the location of the database and password file
-      cert_filename -- the filename of the cert in DER format
-      pkcs12_filename -- the filename of the private key of the cert in PEM
-                         format
-      nickname -- the nickname to assign to the cert
-      trust_flags -- the trust flags the cert should have
-    """
-    os.system('certutil -A -d sql:' + db_dir + ' -n ' + nickname + ' -i ' +
-              cert_filename + ' -t "' + trust_flags + '"')
-    os.system('pk12util -i ' + pkcs12_filename + ' -d sql:' + db_dir +
-              ' -w ' + db_dir + '/pwfile')
-
 def print_cert_info(cert_filename):
    """
    Prints out information (such as fingerprints) for the given cert.
--- a/security/manager/ssl/tests/unit/test_keysize/cert9.db
+++ b/security/manager/ssl/tests/unit/test_keysize/cert9.db
--- a/security/manager/ssl/tests/unit/test_keysize/generate.py
+++ b/security/manager/ssl/tests/unit/test_keysize/generate.py
@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python

 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
@ -20,14 +20,12 @@ ca_ext_text = ('basicConstraints = critical, CA:TRUE\n' +
               'keyUsage = keyCertSign, cRLSign\n')
 ee_ext_text = ''

-generated_ev_root_filenames = []
 generated_certs = []

-def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
-                                   base_ext_text, signer_key_filename,
-                                   signer_cert_filename, key_size, generate_ev):
+def generate_cert(key_type, cert_name_prefix, cert_name_suffix, base_ext_text,
+                  signer_key_filename, signer_cert_filename, key_size):
    """
-    Generates a certificate and imports it into the NSS DB if appropriate.
+    Generates a certificate.
    If an equivalent certificate has already been generated, it is reused.

    Arguments:
@ -46,7 +44,6 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
                              string is passed in for signer_key_filename.
                              Must be in DER format.
      key_size -- public key size for RSA certs
-      generate_ev -- whether an EV cert should be generated

    Output:
      cert_name -- the resultant (nick)name of the certificate
@ -62,26 +59,10 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
    ev_ext_text = ''
    subject_string = ('/CN=XPCShell Key Size Testing %s %s-bit' %
                      (key_type, key_size))
-    if generate_ev:
-        cert_name = 'ev_' + cert_name
-        ev_ext_text = (CertUtils.aia_prefix + cert_name + CertUtils.aia_suffix +
-                       CertUtils.mozilla_testing_ev_policy)
-        subject_string += ' (EV)'

    # Use the organization field to store the cert nickname for easier debugging
    subject_string += '/O=' + cert_name

-    # Reuse the existing RSA EV root
-    if (generate_ev and key_type == 'rsa' and signer_key_filename == ''
-            and signer_cert_filename == '' and key_size == '2048'):
-        cert_name = 'evroot'
-        key_filename = '../test_ev_certs/evroot.key'
-        cert_filename = '../test_ev_certs/evroot.der'
-        CertUtils.import_cert_and_pkcs12(srcdir, cert_filename,
-                                         '../test_ev_certs/evroot.p12',
-                                         cert_name, ',,')
-        return [cert_name, key_filename, cert_filename]
-
    # Don't regenerate a previously generated cert
    for cert in generated_certs:
        if cert_name == cert[0]:
@ -101,64 +82,47 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
        3 * 365 + 3 * 31) # 39 months
    generated_certs.append([cert_name, key_filename, cert_filename])

-    if generate_ev:
-        # The dest_dir argument of generate_pkcs12() is also set to db_dir as
-        # the .p12 files do not need to be kept once they have been imported.
-        pkcs12_filename = CertUtils.generate_pkcs12(db_dir, db_dir,
-                                                    cert_filename, key_filename,
-                                                    cert_name)
-        CertUtils.import_cert_and_pkcs12(srcdir, cert_filename, pkcs12_filename,
-                                         cert_name, ',,')
-
-        if not signer_key_filename:
-            generated_ev_root_filenames.append(cert_filename)
-
    return [cert_name, key_filename, cert_filename]

 def generate_cert_chain(root_key_type, root_key_size, int_key_type, int_key_size,
-                        ee_key_type, ee_key_size, generate_ev):
+                        ee_key_type, ee_key_size):
    """
-    Generates a certificate chain and imports the individual certificates into
-    the NSS DB if appropriate.
+    Generates a certificate chain.

    Arguments:
    (root|int|ee)_key_type -- the type of key generated: potential values: 'rsa',
                              or any of the curves found by
                              'openssl ecparam -list_curves'
    (root|int|ee)_key_size -- public key size for the relevant cert
-    generate_ev -- whether EV certs should be generated
    """
-    [root_nick, root_key_file, root_cert_file] = generate_and_maybe_import_cert(
+    [root_nick, root_key_file, root_cert_file] = generate_cert(
        root_key_type,
        'root',
        '',
        ca_ext_text,
        '',
        '',
-        root_key_size,
-        generate_ev)
+        root_key_size)

-    [int_nick, int_key_file, int_cert_file] = generate_and_maybe_import_cert(
+    [int_nick, int_key_file, int_cert_file] = generate_cert(
        int_key_type,
        'int',
        root_nick,
        ca_ext_text,
        root_key_file,
        root_cert_file,
-        int_key_size,
-        generate_ev)
+        int_key_size)

-    generate_and_maybe_import_cert(
+    generate_cert(
        ee_key_type,
        'ee',
        int_nick,
        ee_ext_text,
        int_key_file,
        int_cert_file,
-        ee_key_size,
-        generate_ev)
+        ee_key_size)

-def generate_rsa_chains(inadequate_key_size, adequate_key_size, generate_ev):
+def generate_rsa_chains(inadequate_key_size, adequate_key_size):
    """
    Generates various RSA chains with different combinations of adequately and
    inadequately sized certs.
@ -168,75 +132,58 @@ def generate_rsa_chains(inadequate_key_size, adequate_key_size, generate_ev):
                             for the generated certs
      adequate_key_size -- a string defining the adequate public key size for
                           the generated certs
-      generate_ev -- whether EV certs should be generated
    """
    # Generate chain with certs that have adequate sizes
    generate_cert_chain('rsa', adequate_key_size,
                        'rsa', adequate_key_size,
-                        'rsa', adequate_key_size,
-                        generate_ev)
+                        'rsa', adequate_key_size)

    # Generate chain with a root cert that has an inadequate size
    generate_cert_chain('rsa', inadequate_key_size,
                        'rsa', adequate_key_size,
-                        'rsa', adequate_key_size,
-                        generate_ev)
+                        'rsa', adequate_key_size)

    # Generate chain with an intermediate cert that has an inadequate size
    generate_cert_chain('rsa', adequate_key_size,
                        'rsa', inadequate_key_size,
-                        'rsa', adequate_key_size,
-                        generate_ev)
+                        'rsa', adequate_key_size)

    # Generate chain with an end entity cert that has an inadequate size
    generate_cert_chain('rsa', adequate_key_size,
                        'rsa', adequate_key_size,
-                        'rsa', inadequate_key_size,
-                        generate_ev)
+                        'rsa', inadequate_key_size)

 def generate_ecc_chains():
    generate_cert_chain('prime256v1', '256',
                        'secp384r1', '384',
-                        'secp521r1', '521',
-                        False)
+                        'secp521r1', '521')
    generate_cert_chain('prime256v1', '256',
                        'secp224r1', '224',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')
    generate_cert_chain('prime256v1', '256',
                        'prime256v1', '256',
-                        'secp224r1', '224',
-                        False)
+                        'secp224r1', '224')
    generate_cert_chain('secp224r1', '224',
                        'prime256v1', '256',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')
    generate_cert_chain('prime256v1', '256',
                        'prime256v1', '256',
-                        'secp256k1', '256',
-                        False)
+                        'secp256k1', '256')
    generate_cert_chain('secp256k1', '256',
                        'prime256v1', '256',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')

 def generate_combination_chains():
    generate_cert_chain('rsa', '2048',
                        'prime256v1', '256',
-                        'secp384r1', '384',
-                        False)
+                        'secp384r1', '384')
    generate_cert_chain('rsa', '2048',
                        'prime256v1', '256',
-                        'secp224r1', '224',
-                        False)
+                        'secp224r1', '224')
    generate_cert_chain('prime256v1', '256',
                        'rsa', '1016',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')

-# Create a NSS DB for use by the OCSP responder.
-CertUtils.init_nss_db(srcdir)
-
-generate_rsa_chains('1016', '1024', False)
+generate_rsa_chains('1016', '1024')
 generate_ecc_chains()
 generate_combination_chains()
--- a/security/manager/ssl/tests/unit/test_keysize/key4.db
+++ b/security/manager/ssl/tests/unit/test_keysize/key4.db
--- a/security/manager/ssl/tests/unit/test_keysize/pkcs11.txt
+++ b/security/manager/ssl/tests/unit/test_keysize/pkcs11.txt
@ -1,5 +0,0 @@
-library=
-name=NSS Internal PKCS #11 Module
-parameters=configdir='sql:/home/m-c_drive/mozilla-inbound/security/manager/ssl/tests/unit/test_keysize' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
-NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
-