зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1073867, Part 2: Remove now-unused DSA test certificates, r=keeler
--HG-- extra : rebase_source : 150c65abc66a48f70bca6e2dca8727fa402505ea
This commit is contained in:
Родитель
510bbfd05d
Коммит
932b9471a2
|
@ -10,41 +10,21 @@ import pexpect
|
|||
import time
|
||||
import sys
|
||||
|
||||
def init_dsa(db_dir, param_filename = 'dsa_param.pem', key_size = '2048'):
|
||||
"""
|
||||
Initialize dsa parameters
|
||||
|
||||
Sets up a set of params to be reused for DSA key generation
|
||||
|
||||
Arguments:
|
||||
db_dir -- location of the temporary params for the certificate
|
||||
param_filename -- the file name for the param file
|
||||
key_size -- public key size
|
||||
"""
|
||||
dsa_key_params = db_dir + '/' + param_filename
|
||||
os.system("openssl dsaparam -out " + dsa_key_params + ' ' + key_size)
|
||||
|
||||
|
||||
def generate_cert_generic(db_dir, dest_dir, serial_num, key_type, name,
|
||||
ext_text, signer_key_filename = "",
|
||||
signer_cert_filename = "",
|
||||
subject_string = "",
|
||||
dsa_param_filename = 'dsa_param.pem',
|
||||
key_size = '2048'):
|
||||
"""
|
||||
Generate an x509 certificate with a sha256 signature
|
||||
|
||||
Preconditions:
|
||||
if dsa keys are to be generated init_dsa must have been called before.
|
||||
|
||||
|
||||
Arguments:
|
||||
db_dir -- location of the temporary params for the certificate
|
||||
dest_dir -- location of the x509 cert
|
||||
serial_num -- serial number for the cert (must be unique for each signer
|
||||
key)
|
||||
key_type -- the type of key generated: potential values: 'rsa', 'dsa',
|
||||
or any of the curves found by 'openssl ecparam -list_curves'
|
||||
key_type -- the type of key generated: potential values: 'rsa' or any
|
||||
of the curves found by 'openssl ecparam -list_curves'
|
||||
name -- the common name for the cert, will match the prefix of the
|
||||
output cert
|
||||
ext_text -- the text for the x509 extensions to be added to the
|
||||
|
@ -54,7 +34,6 @@ def generate_cert_generic(db_dir, dest_dir, serial_num, key_type, name,
|
|||
roots).
|
||||
signer_cert_filename -- the certificate that will sign the certificate
|
||||
(used to extract signer info) it must be in DER format.
|
||||
dsa_param_filename -- the filename for the DSA param file
|
||||
key_size -- public key size for RSA certs
|
||||
|
||||
output:
|
||||
|
@ -65,9 +44,6 @@ def generate_cert_generic(db_dir, dest_dir, serial_num, key_type, name,
|
|||
if key_type == 'rsa':
|
||||
os.system ("openssl genpkey -algorithm RSA -out " + key_name +
|
||||
" -pkeyopt rsa_keygen_bits:" + key_size)
|
||||
elif key_type == 'dsa':
|
||||
dsa_key_params = db_dir + '/' + dsa_param_filename
|
||||
os.system("openssl gendsa -out " + key_name + " " + dsa_key_params)
|
||||
else:
|
||||
#assume is ec
|
||||
os.system("openssl ecparam -out " + key_name + " -name "+ key_type +
|
||||
|
@ -126,8 +102,8 @@ def generate_int_and_ee(db_dir, dest_dir, ca_key, ca_cert, name, int_ext_text,
|
|||
intermediate certificate
|
||||
ee_ext_text -- the text for the x509 extensions to be added to the
|
||||
end entity certificate
|
||||
key_type -- the type of key generated: potential values: 'rsa', 'dsa',
|
||||
or any of the curves found by 'openssl ecparam -list_curves'
|
||||
key_type -- the type of key generated: potential values: 'rsa' or any
|
||||
of the curves found by 'openssl ecparam -list_curves'
|
||||
|
||||
output:
|
||||
int_key -- the filename of the intermeidate key file (PEM format)
|
||||
|
|
Двоичные данные
security/manager/ssl/tests/unit/test_cert_signatures/ca-dsa.der
Двоичные данные
security/manager/ssl/tests/unit/test_cert_signatures/ca-dsa.der
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
|
@ -19,7 +19,7 @@ CA_basic_constraints = "basicConstraints=critical,CA:TRUE\n"
|
|||
|
||||
CA_min_ku = "keyUsage=critical, keyCertSign\n"
|
||||
|
||||
pk_name = {'rsa': 'rsa', 'dsa': 'dsa', 'p384': 'secp384r1'}
|
||||
pk_name = {'rsa': 'rsa', 'p384': 'secp384r1'}
|
||||
|
||||
|
||||
def tamper_cert(cert_name):
|
||||
|
@ -40,7 +40,6 @@ def tamper_cert(cert_name):
|
|||
|
||||
def generate_certs():
|
||||
|
||||
CertUtils.init_dsa(db)
|
||||
ee_ext_text = ""
|
||||
for name, key_type in pk_name.iteritems():
|
||||
ca_name = "ca-" + name
|
||||
|
|
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
|
@ -15,8 +15,6 @@ import CertUtils
|
|||
|
||||
srcdir = os.getcwd()
|
||||
db_dir = tempfile.mkdtemp()
|
||||
dsaNotOK_param_filename = 'dsaNotOK_param.pem'
|
||||
dsaOK_param_filename = 'dsaOK_param.pem'
|
||||
|
||||
ca_ext_text = ('basicConstraints = critical, CA:TRUE\n' +
|
||||
'keyUsage = keyCertSign, cRLSign\n')
|
||||
|
@ -35,14 +33,13 @@ generated_ev_root_filenames = []
|
|||
|
||||
def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
|
||||
base_ext_text, signer_key_filename,
|
||||
signer_cert_filename, dsa_param_filename,
|
||||
key_size, generate_ev):
|
||||
signer_cert_filename, key_size, generate_ev):
|
||||
"""
|
||||
Generates a certificate and imports it into the NSS DB if appropriate.
|
||||
|
||||
Arguments:
|
||||
key_type -- the type of key generated: potential values: 'rsa', 'dsa',
|
||||
or any of the curves found by 'openssl ecparam -list_curves'
|
||||
key_type -- the type of key generated: potential values: 'rsa', or any of
|
||||
the curves found by 'openssl ecparam -list_curves'
|
||||
cert_name_prefix -- prefix of the generated cert name
|
||||
cert_name_suffix -- suffix of the generated cert name
|
||||
base_ext_text -- the base text for the x509 extensions to be added to the
|
||||
|
@ -55,7 +52,6 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
|
|||
certificate being generated. Ignored if an empty
|
||||
string is passed in for signer_key_filename.
|
||||
Must be in DER format.
|
||||
dsa_param_filename -- the filename for the DSA param file
|
||||
key_size -- public key size for RSA certs
|
||||
generate_ev -- whether an EV cert should be generated
|
||||
|
||||
|
@ -92,7 +88,6 @@ def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
|
|||
signer_key_filename,
|
||||
signer_cert_filename,
|
||||
subject_string,
|
||||
dsa_param_filename,
|
||||
key_size)
|
||||
|
||||
if generate_ev:
|
||||
|
@ -114,7 +109,7 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
Generates the various certificates used by the key size tests.
|
||||
|
||||
Arguments:
|
||||
key_type -- the type of key generated: potential values: 'rsa', 'dsa',
|
||||
key_type -- the type of key generated: potential values: 'rsa',
|
||||
or any of the curves found by 'openssl ecparam -list_curves'
|
||||
inadequate_key_size -- a string defining the inadequate public key size
|
||||
for the generated certs
|
||||
|
@ -122,10 +117,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
the generated certs
|
||||
generate_ev -- whether an EV cert should be generated
|
||||
"""
|
||||
if key_type == 'dsa':
|
||||
CertUtils.init_dsa(db_dir, dsaNotOK_param_filename, inadequate_key_size)
|
||||
CertUtils.init_dsa(db_dir, dsaOK_param_filename, adequate_key_size)
|
||||
|
||||
# Generate chain with certs that have adequate sizes
|
||||
if generate_ev and key_type == 'rsa':
|
||||
# Reuse the existing RSA EV root
|
||||
|
@ -143,7 +134,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ca_ext_text,
|
||||
'',
|
||||
'',
|
||||
dsaOK_param_filename,
|
||||
adequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -154,7 +144,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ca_ext_text,
|
||||
caOK_key,
|
||||
caOK_cert,
|
||||
dsaOK_param_filename,
|
||||
adequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -165,7 +154,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ee_ext_text,
|
||||
intOK_key,
|
||||
intOK_cert,
|
||||
dsaOK_param_filename,
|
||||
adequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -177,7 +165,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ca_ext_text,
|
||||
'',
|
||||
'',
|
||||
dsaNotOK_param_filename,
|
||||
inadequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -188,7 +175,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ca_ext_text,
|
||||
rootNotOK_key,
|
||||
rootNotOK_cert,
|
||||
dsaOK_param_filename,
|
||||
adequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -199,7 +185,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ee_ext_text,
|
||||
int_key,
|
||||
int_cert,
|
||||
dsaOK_param_filename,
|
||||
adequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -211,7 +196,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ca_ext_text,
|
||||
caOK_key,
|
||||
caOK_cert,
|
||||
dsaNotOK_param_filename,
|
||||
inadequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -222,7 +206,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ee_ext_text,
|
||||
intNotOK_key,
|
||||
intNotOK_cert,
|
||||
dsaOK_param_filename,
|
||||
adequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -234,7 +217,6 @@ def generate_certs(key_type, inadequate_key_size, adequate_key_size, generate_ev
|
|||
ee_ext_text,
|
||||
intOK_key,
|
||||
intOK_cert,
|
||||
dsaNotOK_param_filename,
|
||||
inadequate_key_size,
|
||||
generate_ev)
|
||||
|
||||
|
@ -247,8 +229,6 @@ CertUtils.init_nss_db(srcdir)
|
|||
generate_certs('rsa', '1016', '1024', False)
|
||||
generate_certs('rsa', '2040', '2048', True)
|
||||
|
||||
generate_certs('dsa', '960', '1024', False)
|
||||
|
||||
# Print a blank line and the information needed to enable EV for any roots
|
||||
# generated by this script.
|
||||
print
|
||||
|
|
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичный файл не отображается.
Двоичные данные
security/manager/ssl/tests/unit/test_keysize/root_dsa_1024.der
Двоичные данные
security/manager/ssl/tests/unit/test_keysize/root_dsa_1024.der
Двоичный файл не отображается.
Двоичные данные
security/manager/ssl/tests/unit/test_keysize/root_dsa_960.der
Двоичные данные
security/manager/ssl/tests/unit/test_keysize/root_dsa_960.der
Двоичный файл не отображается.
Загрузка…
Ссылка в новой задаче