Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler

--HG--
extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea

security/manager/ssl/tests/unit/psm_common_py/CertUtils.py

@@ -10,41 +10,21 @@ import pexpect
 import time
 import sys
 
-def init_dsa(db_dir, param_filename = 'dsa_param.pem', key_size = '2048'):
-    """
-    Initialize dsa parameters
-
-    Sets up a set of params to be reused for DSA key generation
-
-    Arguments:
-      db_dir     -- location of the temporary params for the certificate
-      param_filename -- the file name for the param file
-      key_size   -- public key size
-    """
-    dsa_key_params = db_dir + '/' + param_filename
-    os.system("openssl dsaparam -out " + dsa_key_params + ' ' + key_size)
-
-
 def generate_cert_generic(db_dir, dest_dir, serial_num,  key_type, name,
                           ext_text, signer_key_filename = "",
                           signer_cert_filename = "",
                           subject_string = "",
-                          dsa_param_filename = 'dsa_param.pem',
                           key_size = '2048'):
     """
     Generate an x509 certificate with a sha256 signature
 
-    Preconditions:
-      if dsa keys are to be generated init_dsa must have been called before.
-
-
     Arguments:
       db_dir     -- location of the temporary params for the certificate
       dest_dir   -- location of the x509 cert
       serial_num -- serial number for the cert (must be unique for each signer
                     key)
-      key_type   -- the type of key generated: potential values: 'rsa', 'dsa',
-                    or any of the curves found by 'openssl ecparam -list_curves'
+      key_type   -- the type of key generated: potential values: 'rsa' or any
+	                of the curves found by 'openssl ecparam -list_curves'
       name       -- the common name for the cert, will match the prefix of the
                     output cert
       ext_text   -- the text for the x509 extensions to be added to the
@@ -54,7 +34,6 @@ def generate_cert_generic(db_dir, dest_dir, serial_num,  key_type, name,
                     roots).
       signer_cert_filename -- the certificate that will sign the certificate
                     (used to extract signer info) it must be in DER format.
-      dsa_param_filename -- the filename for the DSA param file
       key_size   -- public key size for RSA certs
 
     output:
@@ -65,9 +44,6 @@ def generate_cert_generic(db_dir, dest_dir, serial_num,  key_type, name,
     if key_type == 'rsa':
       os.system ("openssl genpkey -algorithm RSA -out " + key_name +
                  " -pkeyopt rsa_keygen_bits:" + key_size)
-    elif key_type == 'dsa':
-      dsa_key_params = db_dir + '/' + dsa_param_filename
-      os.system("openssl gendsa -out " + key_name + "  " + dsa_key_params)
     else:
       #assume is ec
       os.system("openssl ecparam -out " + key_name + " -name "+ key_type +
@@ -126,8 +102,8 @@ def generate_int_and_ee(db_dir, dest_dir, ca_key, ca_cert, name, int_ext_text,
                     intermediate certificate
       ee_ext_text  -- the text for the x509 extensions to be added to the
                     end entity certificate
-      key_type   -- the type of key generated: potential values: 'rsa', 'dsa',
-                    or any of the curves found by 'openssl ecparam -list_curves'
+      key_type   -- the type of key generated: potential values: 'rsa' or any
+	                of the curves found by 'openssl ecparam -list_curves'
 
     output:
       int_key   -- the filename of the intermeidate key file (PEM format)

security/manager/ssl/tests/unit/test_cert_signatures/generate.py

@@ -19,7 +19,7 @@ CA_basic_constraints = "basicConstraints=critical,CA:TRUE\n"
 
 CA_min_ku = "keyUsage=critical, keyCertSign\n"
 
-pk_name = {'rsa': 'rsa', 'dsa': 'dsa', 'p384': 'secp384r1'}
+pk_name = {'rsa': 'rsa', 'p384': 'secp384r1'}
 
 
 def tamper_cert(cert_name):
@@ -40,7 +40,6 @@ def tamper_cert(cert_name):
 
 def generate_certs():
 
-    CertUtils.init_dsa(db)
     ee_ext_text = ""
     for name, key_type in pk_name.iteritems():
         ca_name = "ca-" + name

security/manager/ssl/tests/unit/test_keysize/generate.py

@@ -15,8 +15,6 @@ import CertUtils
 
 srcdir = os.getcwd()
 db_dir = tempfile.mkdtemp()
-dsaNotOK_param_filename = 'dsaNotOK_param.pem'
-dsaOK_param_filename = 'dsaOK_param.pem'
 
 ca_ext_text = ('basicConstraints = critical, CA:TRUE\n' +
                'keyUsage = keyCertSign, cRLSign\n')
@@ -35,14 +33,13 @@ generated_ev_root_filenames = []
 
 def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
                                    base_ext_text, signer_key_filename,
-                                   signer_cert_filename, dsa_param_filename,
-                                   key_size, generate_ev):
+                                   signer_cert_filename, key_size, generate_ev):
     """
     Generates a certificate and imports it into the NSS DB if appropriate.
 
     Arguments:
-      key_type -- the type of key generated: potential values: 'rsa', 'dsa',
-                  or any of the curves found by 'openssl ecparam -list_curves'
+      key_type -- the type of key generated: potential values: 'rsa', or any of
+                  the curves found by 'openssl ecparam -list_curves'
       cert_name_prefix -- prefix of the generated cert name
       cert_name_suffix -- suffix of the generated cert name
       base_ext_text -- the base text for the x509 extensions to be added to the
@@ -55,7 +52,6 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
                               certificate being generated. Ignored if an empty
                               string is passed in for signer_key_filename.
                               Must be in DER format.
-      dsa_param_filename -- the filename for the DSA param file
       key_size -- public key size for RSA certs
       generate_ev -- whether an EV cert should be generated
 
@@ -92,7 +88,6 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
         signer_key_filename,
         signer_cert_filename,
         subject_string,
-        dsa_param_filename,
         key_size)
 
     if generate_ev:
@@ -114,7 +109,7 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
     Generates the various certificates used by the key size tests.
 
     Arguments:
-      key_type -- the type of key generated: potential values: 'rsa', 'dsa',
+      key_type -- the type of key generated: potential values: 'rsa',
                   or any of the curves found by 'openssl ecparam -list_curves'
       inadequate_key_size -- a string defining the inadequate public key size
                              for the generated certs
@@ -122,10 +117,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
                            the generated certs
       generate_ev -- whether an EV cert should be generated
     """
-    if key_type == 'dsa':
-        CertUtils.init_dsa(db_dir, dsaNotOK_param_filename, inadequate_key_size)
-        CertUtils.init_dsa(db_dir, dsaOK_param_filename, adequate_key_size)
-
     # Generate chain with certs that have adequate sizes
     if generate_ev and key_type == 'rsa':
         # Reuse the existing RSA EV root
@@ -143,7 +134,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
             ca_ext_text,
             '',
             '',
-            dsaOK_param_filename,
             adequate_key_size,
             generate_ev)
 
@@ -154,7 +144,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ca_ext_text,
         caOK_key,
         caOK_cert,
-        dsaOK_param_filename,
         adequate_key_size,
         generate_ev)
 
@@ -165,7 +154,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ee_ext_text,
         intOK_key,
         intOK_cert,
-        dsaOK_param_filename,
         adequate_key_size,
         generate_ev)
 
@@ -177,7 +165,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ca_ext_text,
         '',
         '',
-        dsaNotOK_param_filename,
         inadequate_key_size,
         generate_ev)
 
@@ -188,7 +175,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ca_ext_text,
         rootNotOK_key,
         rootNotOK_cert,
-        dsaOK_param_filename,
         adequate_key_size,
         generate_ev)
 
@@ -199,7 +185,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ee_ext_text,
         int_key,
         int_cert,
-        dsaOK_param_filename,
         adequate_key_size,
         generate_ev)
 
@@ -211,7 +196,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ca_ext_text,
         caOK_key,
         caOK_cert,
-        dsaNotOK_param_filename,
         inadequate_key_size,
         generate_ev)
 
@@ -222,7 +206,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ee_ext_text,
         intNotOK_key,
         intNotOK_cert,
-        dsaOK_param_filename,
         adequate_key_size,
         generate_ev)
 
@@ -234,7 +217,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
         ee_ext_text,
         intOK_key,
         intOK_cert,
-        dsaNotOK_param_filename,
         inadequate_key_size,
         generate_ev)
 
@@ -247,8 +229,6 @@ CertUtils.init_nss_db(srcdir)
 generate_certs('rsa', '1016', '1024', False)
 generate_certs('rsa', '2040', '2048', True)
 
-generate_certs('dsa', '960', '1024', False)
-
 # Print a blank line and the information needed to enable EV for any roots
 # generated by this script.
 print