зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1464869 - Run autopep8 on security/ r=fkiefer
MozReview-Commit-ID: K3aWVqsO0O8 --HG-- extra : rebase_source : 6bcf97b8b4a6e70113f36d8097f26816ce4b0acf
This commit is contained in:
Родитель
288239cebe
Коммит
9fa6cfa8d4
|
@ -4,6 +4,7 @@
|
|||
|
||||
import binascii
|
||||
|
||||
|
||||
def _file_byte_generator(filename):
|
||||
with open(filename, "rb") as f:
|
||||
contents = f.read()
|
||||
|
@ -16,11 +17,13 @@ def _file_byte_generator(filename):
|
|||
|
||||
return contents
|
||||
|
||||
|
||||
def _create_header(array_name, cert_bytes):
|
||||
hexified = ["0x" + binascii.hexlify(byte) for byte in cert_bytes]
|
||||
substs = { 'array_name': array_name, 'bytes': ', '.join(hexified) }
|
||||
substs = {'array_name': array_name, 'bytes': ', '.join(hexified)}
|
||||
return "const uint8_t %(array_name)s[] = {\n%(bytes)s\n};\n" % substs
|
||||
|
||||
|
||||
# Create functions named the same as the data arrays that we're going to
|
||||
# write to the headers, so we don't have to duplicate the names like so:
|
||||
#
|
||||
|
@ -35,4 +38,5 @@ array_names = [
|
|||
|
||||
for n in array_names:
|
||||
# Make sure the lambda captures the right string.
|
||||
globals()[n] = lambda header, cert_filename, name=n: header.write(_create_header(name, _file_byte_generator(cert_filename)))
|
||||
globals()[n] = lambda header, cert_filename, name=n: header.write(
|
||||
_create_header(name, _file_byte_generator(cert_filename)))
|
||||
|
|
|
@ -7,8 +7,9 @@ import buildconfig
|
|||
import os
|
||||
import subprocess
|
||||
|
||||
|
||||
def main(output, *inputs):
|
||||
env=dict(os.environ)
|
||||
env = dict(os.environ)
|
||||
env['PERL'] = str(buildconfig.substs['PERL'])
|
||||
output.write(subprocess.check_output([buildconfig.substs['PYTHON'],
|
||||
inputs[0], inputs[2]], env=env))
|
||||
|
|
|
@ -105,6 +105,7 @@ class Error(Exception):
|
|||
|
||||
class UnknownBaseError(Error):
|
||||
"""Base class for handling unexpected input in this module."""
|
||||
|
||||
def __init__(self, value):
|
||||
super(UnknownBaseError, self).__init__()
|
||||
self.value = value
|
||||
|
@ -222,6 +223,7 @@ def getASN1Tag(asn1Type):
|
|||
type from the pyasn1 package"""
|
||||
return asn1Type.tagSet.baseTag.tagId
|
||||
|
||||
|
||||
def stringToAccessDescription(string):
|
||||
"""Helper function that takes a string representing a URI
|
||||
presumably identifying an OCSP authority information access
|
||||
|
@ -234,6 +236,7 @@ def stringToAccessDescription(string):
|
|||
sequence.setComponentByPosition(1, accessLocation)
|
||||
return sequence
|
||||
|
||||
|
||||
def stringToDN(string, tag=None):
|
||||
"""Takes a string representing a distinguished name or directory
|
||||
name and returns a Name for use by pyasn1. See the documentation
|
||||
|
@ -291,6 +294,7 @@ def stringToDN(string, tag=None):
|
|||
name.setComponentByPosition(0, rdns)
|
||||
return name
|
||||
|
||||
|
||||
def stringToAlgorithmIdentifiers(string):
|
||||
"""Helper function that converts a description of an algorithm
|
||||
to a representation usable by the pyasn1 package and a hash
|
||||
|
@ -330,6 +334,7 @@ def stringToAlgorithmIdentifiers(string):
|
|||
algorithmIdentifier['parameters'] = univ.Any(nullEncapsulated)
|
||||
return (algorithmIdentifier, algorithmType)
|
||||
|
||||
|
||||
def datetimeToTime(dt):
|
||||
"""Takes a datetime object and returns an rfc2459.Time object with
|
||||
that time as its value as a GeneralizedTime"""
|
||||
|
@ -337,6 +342,7 @@ def datetimeToTime(dt):
|
|||
time['generalTime'] = useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ'))
|
||||
return time
|
||||
|
||||
|
||||
def serialBytesToString(serialBytes):
|
||||
"""Takes a list of integers in the interval [0, 255] and returns
|
||||
the corresponding serial number string."""
|
||||
|
@ -347,6 +353,7 @@ def serialBytesToString(serialBytes):
|
|||
stringBytes = [getASN1Tag(univ.Integer), serialBytesLen] + serialBytes
|
||||
return ''.join(chr(b) for b in stringBytes)
|
||||
|
||||
|
||||
class Certificate(object):
|
||||
"""Utility class for reading a certificate specification and
|
||||
generating a signed x509 certificate"""
|
||||
|
|
|
@ -36,6 +36,7 @@ import pycert
|
|||
import pykey
|
||||
import sys
|
||||
|
||||
|
||||
class Error(Exception):
|
||||
"""Base class for exceptions in this module."""
|
||||
pass
|
||||
|
|
|
@ -18,8 +18,10 @@ import hashlib
|
|||
|
||||
import pykey
|
||||
|
||||
|
||||
class InvalidKeyError(Exception):
|
||||
"""Helper exception to handle unknown key types."""
|
||||
|
||||
def __init__(self, key):
|
||||
self.key = key
|
||||
|
||||
|
|
|
@ -48,6 +48,7 @@ HASH_SHA256 = 'hash:sha256'
|
|||
HASH_SHA384 = 'hash:sha384'
|
||||
HASH_SHA512 = 'hash:sha512'
|
||||
|
||||
|
||||
def byteStringToHexifiedBitString(string):
|
||||
"""Takes a string of bytes and returns a hex string representing
|
||||
those bytes for use with pyasn1.type.univ.BitString. It must be of
|
||||
|
@ -55,8 +56,10 @@ def byteStringToHexifiedBitString(string):
|
|||
pyasn1 that the input is a hex string."""
|
||||
return "'%s'H" % binascii.hexlify(string)
|
||||
|
||||
|
||||
class UnknownBaseError(Exception):
|
||||
"""Base class for handling unexpected input in this module."""
|
||||
|
||||
def __init__(self, value):
|
||||
super(UnknownBaseError, self).__init__()
|
||||
self.value = value
|
||||
|
@ -84,6 +87,7 @@ class UnknownHashAlgorithmError(UnknownBaseError):
|
|||
|
||||
class UnsupportedHashAlgorithmError(Exception):
|
||||
"""Helper exception type for unsupported hash algorithms."""
|
||||
|
||||
def __init__(self, value):
|
||||
super(UnsupportedHashAlgorithmError, self).__init__()
|
||||
self.value = value
|
||||
|
@ -624,15 +628,18 @@ secp256k1Params = (long('fffffffffffffffffffffffffffffffffffffffffffffffffffffff
|
|||
long('79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', 16),
|
||||
long('483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', 16))
|
||||
|
||||
|
||||
def longToEvenLengthHexString(val):
|
||||
h = format(val, 'x')
|
||||
if not len(h) % 2 == 0:
|
||||
h = '0' + h
|
||||
return h
|
||||
|
||||
|
||||
def notRandom(n):
|
||||
return n * '\x04'
|
||||
|
||||
|
||||
class ECCKey(object):
|
||||
secp256k1Encoded = str('08fd87b04fba98090100004035ee7c7289d8fef7a8'
|
||||
'6afe5da66d8bc2ebb6a8543fd2fead089f45ce7acd0fa64382a9500c41dad'
|
||||
|
@ -748,6 +755,8 @@ def keyFromSpecification(specification):
|
|||
# The build harness will call this function with an output file-like
|
||||
# object and a path to a file containing a specification. This will
|
||||
# read the specification and output the key as ASCII-encoded PKCS #8.
|
||||
|
||||
|
||||
def main(output, inputPath):
|
||||
with open(inputPath) as configStream:
|
||||
output.write(keyFromSpecification(configStream.read().strip()).toPEM())
|
||||
|
|
|
@ -30,6 +30,7 @@ KID = 4
|
|||
ALG = 1
|
||||
COSE_Sign = 98
|
||||
|
||||
|
||||
def coseAlgorithmToPykeyHash(algorithm):
|
||||
"""Helper function that takes one of (ES256, ES384, ES512)
|
||||
and returns the corresponding pykey.HASH_* identifier."""
|
||||
|
@ -47,6 +48,8 @@ def coseAlgorithmToPykeyHash(algorithm):
|
|||
# unprotected : {},
|
||||
# signature : bstr
|
||||
# ]
|
||||
|
||||
|
||||
def coseSignature(payload, algorithm, signingKey, signingCertificate,
|
||||
bodyProtected):
|
||||
"""Returns a COSE_Signature structure.
|
||||
|
@ -78,6 +81,8 @@ def coseSignature(payload, algorithm, signingKey, signingCertificate,
|
|||
# payload : nil,
|
||||
# signatures : [+ COSE_Signature]
|
||||
# ]
|
||||
|
||||
|
||||
def coseSig(payload, intermediates, signatures):
|
||||
"""Returns the entire (tagged) COSE_Sign structure.
|
||||
payload is a string representing the data to be signed
|
||||
|
@ -96,6 +101,7 @@ def coseSig(payload, intermediates, signatures):
|
|||
tagged = CBORTag(COSE_Sign, [protectedEncoded, {}, None, coseSignatures])
|
||||
return dumps(tagged)
|
||||
|
||||
|
||||
def walkDirectory(directory):
|
||||
"""Given a relative path to a directory, enumerates the
|
||||
files in the tree rooted at that location. Returns a list
|
||||
|
@ -110,6 +116,7 @@ def walkDirectory(directory):
|
|||
paths.append((fullPath, internalPath))
|
||||
return paths
|
||||
|
||||
|
||||
def addManifestEntry(filename, hashes, contents, entries):
|
||||
"""Helper function to fill out a manifest entry.
|
||||
Takes the filename, a list of (hash function, hash function name)
|
||||
|
@ -121,6 +128,7 @@ def addManifestEntry(filename, hashes, contents, entries):
|
|||
entry += '%s-Digest: %s\n' % (name, base64hash)
|
||||
entries.append(entry)
|
||||
|
||||
|
||||
def getCert(subject, keyName, issuerName, ee, issuerKey=""):
|
||||
"""Helper function to create an X509 cert from a specification.
|
||||
Takes the subject, the subject key name to use, the issuer name,
|
||||
|
@ -141,6 +149,7 @@ def getCert(subject, keyName, issuerName, ee, issuerKey=""):
|
|||
certSpecificationStream.seek(0)
|
||||
return pycert.Certificate(certSpecificationStream)
|
||||
|
||||
|
||||
def coseAlgorithmToSignatureParams(coseAlgorithm, issuerName):
|
||||
"""Given a COSE algorithm ('ES256', 'ES384', 'ES512') and an issuer
|
||||
name, returns a (algorithm id, pykey.ECCKey, encoded certificate)
|
||||
|
@ -159,9 +168,11 @@ def coseAlgorithmToSignatureParams(coseAlgorithm, issuerName):
|
|||
raise UnknownCOSEAlgorithmError(coseAlgorithm)
|
||||
key = pykey.ECCKey(keyName)
|
||||
# The subject must differ to avoid errors when importing into NSS later.
|
||||
ee = getCert('xpcshell signed app test signer ' + keyName, keyName, issuerName, True, 'default')
|
||||
ee = getCert('xpcshell signed app test signer ' + keyName,
|
||||
keyName, issuerName, True, 'default')
|
||||
return (algId, key, ee.toDER())
|
||||
|
||||
|
||||
def signZip(appDirectory, outputFile, issuerName, rootName, manifestHashes,
|
||||
signatureHashes, pkcs7Hashes, coseAlgorithms, emptySignerInfos):
|
||||
"""Given a directory containing the files to package up,
|
||||
|
@ -230,6 +241,7 @@ def signZip(appDirectory, outputFile, issuerName, rootName, manifestHashes,
|
|||
outZip.writestr('META-INF/A.SF', sfContents)
|
||||
outZip.writestr('META-INF/MANIFEST.MF', mfContents)
|
||||
|
||||
|
||||
class Error(Exception):
|
||||
"""Base class for exceptions in this module."""
|
||||
pass
|
||||
|
@ -264,6 +276,7 @@ def hashNameToFunctionAndIdentifier(name):
|
|||
return (sha256, 'SHA256')
|
||||
raise UnknownHashAlgorithmError(name)
|
||||
|
||||
|
||||
def main(outputFile, appPath, *args):
|
||||
"""Main entrypoint. Given an already-opened file-like
|
||||
object, a path to the app directory to sign, and some
|
||||
|
|
|
@ -43,6 +43,7 @@ basicConstraintsTypes = {
|
|||
'BC-cA': 'extension:basicConstraints:cA,'
|
||||
}
|
||||
|
||||
|
||||
def writeCertspec(issuer, subject, fields):
|
||||
filename = '%s_%s.pem.certspec' % (subject, issuer)
|
||||
if issuer == subject:
|
||||
|
|
|
@ -30,12 +30,15 @@ from cryptography.x509.oid import NameOID
|
|||
|
||||
assert sys.version_info >= (3, 2), "Requires Python 3.2 or later"
|
||||
|
||||
|
||||
def hex_string_for_struct(bytes):
|
||||
return ["0x{:02X}".format(x) for x in bytes]
|
||||
|
||||
|
||||
def hex_string_human_readable(bytes):
|
||||
return ["{:02X}".format(x) for x in bytes]
|
||||
|
||||
|
||||
def nameOIDtoString(oid):
|
||||
if oid == NameOID.COUNTRY_NAME:
|
||||
return "C"
|
||||
|
@ -49,6 +52,7 @@ def nameOIDtoString(oid):
|
|||
return "OU"
|
||||
raise Exception("Unknown OID: {}".format(oid))
|
||||
|
||||
|
||||
def print_block(pemData, identifierType="DN", crtshId=None):
|
||||
substrate = pem.readPemFromFile(io.StringIO(pemData.decode("utf-8")))
|
||||
cert, rest = decoder.decode(substrate, asn1Spec=rfc5280.Certificate())
|
||||
|
|
|
@ -188,6 +188,7 @@ def generate_cpp_header_file(json_data, out_file):
|
|||
logs="\n".join(log_info_initializers),
|
||||
operators="\n".join(operator_info_initializers)))
|
||||
|
||||
|
||||
def patch_in_test_logs(json_data):
|
||||
""" Insert Mozilla-specific test log data. """
|
||||
max_id = 0
|
||||
|
@ -237,6 +238,7 @@ def patch_in_test_logs(json_data):
|
|||
json_data["logs"].append(mozilla_rsa_log_2)
|
||||
json_data["logs"].append(mozilla_ec_log)
|
||||
|
||||
|
||||
def run(args):
|
||||
"""
|
||||
Load the input JSON file and generate the C++ header according to the
|
||||
|
|
|
@ -24,6 +24,7 @@ import argparse
|
|||
import itertools
|
||||
import sys
|
||||
|
||||
|
||||
def base128(value):
|
||||
"""
|
||||
Given an integral value, returns an array of the base-128 representation
|
||||
|
@ -50,6 +51,7 @@ def base128(value):
|
|||
|
||||
return result
|
||||
|
||||
|
||||
def dottedOIDToEncodedArray(dottedOID):
|
||||
"""
|
||||
Takes a dotted OID string (e.g. '1.2.840.10045.4.3.4') as input, and
|
||||
|
@ -68,6 +70,7 @@ def dottedOIDToEncodedArray(dottedOID):
|
|||
restBase128 = [base128(x) for x in nodes[2:]]
|
||||
return [firstByte] + list(itertools.chain.from_iterable(restBase128))
|
||||
|
||||
|
||||
def dottedOIDToCArray(dottedOID, mode):
|
||||
"""
|
||||
Takes a dotted OID string (e.g. '1.2.840.10045.4.3.4') as input, and
|
||||
|
@ -86,6 +89,7 @@ def dottedOIDToCArray(dottedOID, mode):
|
|||
|
||||
return ", ".join(["0x%.2x" % b for b in bytes])
|
||||
|
||||
|
||||
def specNameToCName(specName):
|
||||
"""
|
||||
Given an string containing an ASN.1 name, returns a string that is a valid
|
||||
|
@ -97,6 +101,7 @@ def specNameToCName(specName):
|
|||
"""
|
||||
return specName.replace("-", "_")
|
||||
|
||||
|
||||
def toCode(programName, specName, dottedOID, mode):
|
||||
"""
|
||||
Given an ASN.1 name and a string containing the dotted representation of an
|
||||
|
@ -180,6 +185,7 @@ def toCode(programName, specName, dottedOID, mode):
|
|||
" };\n") % (programNameWithOptions, specName, dottedOID, varName,
|
||||
dottedOIDToCArray(dottedOID, mode))
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
parser = argparse.ArgumentParser(
|
||||
description="Generate code snippets to handle OIDs in C++",
|
||||
|
|
Загрузка…
Ссылка в новой задаче