Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Wed, 29 Jul 2015 23:56:33 -0700
changeset 287531 ea2c3ec477c6e1cea5111975cae0f01c5080cc00
parent 287530 4a78aef5ef0dacb2f7258efbaf522ae7c1534593
child 287532 1ddb3a3a725577047292f98a34b4272540729f57
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdkeeler
bugs1189166, 1181823
milestone42.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1189166 - Cleanup some PSM test generation files post Bug 1181823. r=dkeeler
security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
security/manager/ssl/tests/unit/test_keysize/cert9.db
security/manager/ssl/tests/unit/test_keysize/generate.py
security/manager/ssl/tests/unit/test_keysize/key4.db
security/manager/ssl/tests/unit/test_keysize/pkcs11.txt
--- a/security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
+++ b/security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
@@ -5,25 +5,16 @@
 # This file requires openssl 1.0.0 at least
 
 import os
 import random
 import pexpect
 import time
 import sys
 
-aia_prefix = 'authorityInfoAccess = OCSP;URI:http://www.example.com:8888/'
-aia_suffix = '/\n'
-
-mozilla_testing_ev_policy = ('certificatePolicies = @v3_ca_ev_cp\n\n' +
-                             '[ v3_ca_ev_cp ]\n' +
-                             'policyIdentifier = ' +
-                             '1.3.6.1.4.1.13769.666.666.666.1.500.9.1\n\n' +
-                             'CPS.1 = "http://mytestdomain.local/cps"')
-
 default_validity_in_days = 10 * 365
 
 def generate_cert_generic(db_dir, dest_dir, serial_num,  key_type, name,
                           ext_text, signer_key_filename = "",
                           signer_cert_filename = "",
                           subject_string = "",
                           key_size = '2048',
                           validity_in_days = default_validity_in_days):
@@ -178,34 +169,16 @@ def generate_pkcs12(db_dir, dest_dir, de
                           pk12_filename)
     child.expect('Enter Export Password:')
     child.sendline('')
     child.expect('Verifying - Enter Export Password:')
     child.sendline('')
     child.expect(pexpect.EOF)
     return pk12_filename
 
-def import_cert_and_pkcs12(db_dir, cert_filename, pkcs12_filename, nickname,
-                           trust_flags):
-    """
-    Imports a given certificate file and PKCS12 file into the SQL NSS DB.
-
-    Arguments:
-      db_dir -- the location of the database and password file
-      cert_filename -- the filename of the cert in DER format
-      pkcs12_filename -- the filename of the private key of the cert in PEM
-                         format
-      nickname -- the nickname to assign to the cert
-      trust_flags -- the trust flags the cert should have
-    """
-    os.system('certutil -A -d sql:' + db_dir + ' -n ' + nickname + ' -i ' +
-              cert_filename + ' -t "' + trust_flags + '"')
-    os.system('pk12util -i ' + pkcs12_filename + ' -d sql:' + db_dir +
-              ' -w ' + db_dir + '/pwfile')
-
 def print_cert_info(cert_filename):
     """
     Prints out information (such as fingerprints) for the given cert.
     The information printed is sufficient for enabling EV for the given cert
     if necessary.
 
     Note: The utility 'pp' is available as part of NSS.
 
deleted file mode 100644
index b7aefed976938cfe4abcd08e4069b98fa0118ff7..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
--- a/security/manager/ssl/tests/unit/test_keysize/generate.py
+++ b/security/manager/ssl/tests/unit/test_keysize/generate.py
@@ -1,9 +1,9 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 import tempfile, os, sys
 import random
 
@@ -15,24 +15,22 @@ import CertUtils
 
 srcdir = os.getcwd()
 db_dir = tempfile.mkdtemp()
 
 ca_ext_text = ('basicConstraints = critical, CA:TRUE\n' +
                'keyUsage = keyCertSign, cRLSign\n')
 ee_ext_text = ''
 
-generated_ev_root_filenames = []
 generated_certs = []
 
-def generate_and_maybe_import_cert(key_type, cert_name_prefix, cert_name_suffix,
-                                   base_ext_text, signer_key_filename,
-                                   signer_cert_filename, key_size, generate_ev):
+def generate_cert(key_type, cert_name_prefix, cert_name_suffix, base_ext_text,
+                  signer_key_filename, signer_cert_filename, key_size):
     """
-    Generates a certificate and imports it into the NSS DB if appropriate.
+    Generates a certificate.
     If an equivalent certificate has already been generated, it is reused.
 
     Arguments:
       key_type -- the type of key generated: potential values: 'rsa', or any of
                   the curves found by 'openssl ecparam -list_curves'
       cert_name_prefix -- prefix of the generated cert name
       cert_name_suffix -- suffix of the generated cert name
       base_ext_text -- the base text for the x509 extensions to be added to the
@@ -41,52 +39,35 @@ def generate_and_maybe_import_cert(key_t
       signer_key_filename -- the filename of the key from which the cert will
                              be signed. If an empty string is passed in the cert
                              will be self signed (think CA roots).
       signer_cert_filename -- the filename of the signer cert that will sign the
                               certificate being generated. Ignored if an empty
                               string is passed in for signer_key_filename.
                               Must be in DER format.
       key_size -- public key size for RSA certs
-      generate_ev -- whether an EV cert should be generated
 
     Output:
       cert_name -- the resultant (nick)name of the certificate
       key_filename -- the filename of the key file (PEM format)
       cert_filename -- the filename of the certificate (DER format)
     """
     cert_name = cert_name_prefix + '_' + key_type + '_' + key_size
 
     # If the suffix is not the empty string, add a hyphen for visual separation
     if cert_name_suffix:
         cert_name += '-' + cert_name_suffix
 
     ev_ext_text = ''
     subject_string = ('/CN=XPCShell Key Size Testing %s %s-bit' %
                       (key_type, key_size))
-    if generate_ev:
-        cert_name = 'ev_' + cert_name
-        ev_ext_text = (CertUtils.aia_prefix + cert_name + CertUtils.aia_suffix +
-                       CertUtils.mozilla_testing_ev_policy)
-        subject_string += ' (EV)'
 
     # Use the organization field to store the cert nickname for easier debugging
     subject_string += '/O=' + cert_name
 
-    # Reuse the existing RSA EV root
-    if (generate_ev and key_type == 'rsa' and signer_key_filename == ''
-            and signer_cert_filename == '' and key_size == '2048'):
-        cert_name = 'evroot'
-        key_filename = '../test_ev_certs/evroot.key'
-        cert_filename = '../test_ev_certs/evroot.der'
-        CertUtils.import_cert_and_pkcs12(srcdir, cert_filename,
-                                         '../test_ev_certs/evroot.p12',
-                                         cert_name, ',,')
-        return [cert_name, key_filename, cert_filename]
-
     # Don't regenerate a previously generated cert
     for cert in generated_certs:
         if cert_name == cert[0]:
             return cert
 
     [key_filename, cert_filename] = CertUtils.generate_cert_generic(
         db_dir,
         srcdir,
@@ -96,147 +77,113 @@ def generate_and_maybe_import_cert(key_t
         base_ext_text + ev_ext_text,
         signer_key_filename,
         signer_cert_filename,
         subject_string,
         key_size,
         3 * 365 + 3 * 31) # 39 months
     generated_certs.append([cert_name, key_filename, cert_filename])
 
-    if generate_ev:
-        # The dest_dir argument of generate_pkcs12() is also set to db_dir as
-        # the .p12 files do not need to be kept once they have been imported.
-        pkcs12_filename = CertUtils.generate_pkcs12(db_dir, db_dir,
-                                                    cert_filename, key_filename,
-                                                    cert_name)
-        CertUtils.import_cert_and_pkcs12(srcdir, cert_filename, pkcs12_filename,
-                                         cert_name, ',,')
-
-        if not signer_key_filename:
-            generated_ev_root_filenames.append(cert_filename)
-
     return [cert_name, key_filename, cert_filename]
 
 def generate_cert_chain(root_key_type, root_key_size, int_key_type, int_key_size,
-                        ee_key_type, ee_key_size, generate_ev):
+                        ee_key_type, ee_key_size):
     """
-    Generates a certificate chain and imports the individual certificates into
-    the NSS DB if appropriate.
+    Generates a certificate chain.
 
     Arguments:
     (root|int|ee)_key_type -- the type of key generated: potential values: 'rsa',
                               or any of the curves found by
                               'openssl ecparam -list_curves'
     (root|int|ee)_key_size -- public key size for the relevant cert
-    generate_ev -- whether EV certs should be generated
     """
-    [root_nick, root_key_file, root_cert_file] = generate_and_maybe_import_cert(
+    [root_nick, root_key_file, root_cert_file] = generate_cert(
         root_key_type,
         'root',
         '',
         ca_ext_text,
         '',
         '',
-        root_key_size,
-        generate_ev)
+        root_key_size)
 
-    [int_nick, int_key_file, int_cert_file] = generate_and_maybe_import_cert(
+    [int_nick, int_key_file, int_cert_file] = generate_cert(
         int_key_type,
         'int',
         root_nick,
         ca_ext_text,
         root_key_file,
         root_cert_file,
-        int_key_size,
-        generate_ev)
+        int_key_size)
 
-    generate_and_maybe_import_cert(
+    generate_cert(
         ee_key_type,
         'ee',
         int_nick,
         ee_ext_text,
         int_key_file,
         int_cert_file,
-        ee_key_size,
-        generate_ev)
+        ee_key_size)
 
-def generate_rsa_chains(inadequate_key_size, adequate_key_size, generate_ev):
+def generate_rsa_chains(inadequate_key_size, adequate_key_size):
     """
     Generates various RSA chains with different combinations of adequately and
     inadequately sized certs.
 
     Arguments:
       inadequate_key_size -- a string defining the inadequate public key size
                              for the generated certs
       adequate_key_size -- a string defining the adequate public key size for
                            the generated certs
-      generate_ev -- whether EV certs should be generated
     """
     # Generate chain with certs that have adequate sizes
     generate_cert_chain('rsa', adequate_key_size,
                         'rsa', adequate_key_size,
-                        'rsa', adequate_key_size,
-                        generate_ev)
+                        'rsa', adequate_key_size)
 
     # Generate chain with a root cert that has an inadequate size
     generate_cert_chain('rsa', inadequate_key_size,
                         'rsa', adequate_key_size,
-                        'rsa', adequate_key_size,
-                        generate_ev)
+                        'rsa', adequate_key_size)
 
     # Generate chain with an intermediate cert that has an inadequate size
     generate_cert_chain('rsa', adequate_key_size,
                         'rsa', inadequate_key_size,
-                        'rsa', adequate_key_size,
-                        generate_ev)
+                        'rsa', adequate_key_size)
 
     # Generate chain with an end entity cert that has an inadequate size
     generate_cert_chain('rsa', adequate_key_size,
                         'rsa', adequate_key_size,
-                        'rsa', inadequate_key_size,
-                        generate_ev)
+                        'rsa', inadequate_key_size)
 
 def generate_ecc_chains():
     generate_cert_chain('prime256v1', '256',
                         'secp384r1', '384',
-                        'secp521r1', '521',
-                        False)
+                        'secp521r1', '521')
     generate_cert_chain('prime256v1', '256',
                         'secp224r1', '224',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')
     generate_cert_chain('prime256v1', '256',
                         'prime256v1', '256',
-                        'secp224r1', '224',
-                        False)
+                        'secp224r1', '224')
     generate_cert_chain('secp224r1', '224',
                         'prime256v1', '256',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')
     generate_cert_chain('prime256v1', '256',
                         'prime256v1', '256',
-                        'secp256k1', '256',
-                        False)
+                        'secp256k1', '256')
     generate_cert_chain('secp256k1', '256',
                         'prime256v1', '256',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')
 
 def generate_combination_chains():
     generate_cert_chain('rsa', '2048',
                         'prime256v1', '256',
-                        'secp384r1', '384',
-                        False)
+                        'secp384r1', '384')
     generate_cert_chain('rsa', '2048',
                         'prime256v1', '256',
-                        'secp224r1', '224',
-                        False)
+                        'secp224r1', '224')
     generate_cert_chain('prime256v1', '256',
                         'rsa', '1016',
-                        'prime256v1', '256',
-                        False)
+                        'prime256v1', '256')
 
-# Create a NSS DB for use by the OCSP responder.
-CertUtils.init_nss_db(srcdir)
-
-generate_rsa_chains('1016', '1024', False)
+generate_rsa_chains('1016', '1024')
 generate_ecc_chains()
 generate_combination_chains()
deleted file mode 100644
index a5b5f6d2c75f83d584c590a56a4b3f36efe97cd8..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/test_keysize/pkcs11.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-library=
-name=NSS Internal PKCS #11 Module
-parameters=configdir='sql:/home/m-c_drive/mozilla-inbound/security/manager/ssl/tests/unit/test_keysize' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
-NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
-