Google Git
Sign in
boringssl / boringssl / 51ae1b26478c5fda3006f2ec5fad5467c872ec17 / . / pki / testdata / certificate_policies_unittest / generate_policies.py
blob: 8ed6d77a9a819283abc78ea14da2200769cdaf31 [file] [log] [blame]
#!/usr/bin/env python
# Copyright 2015 The Chromium Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import base64
import copy
import os
import random
import subprocess
import sys
import tempfile
def generate(token, s, out_fn):
with tempfile.NamedTemporaryFile() as der_tmpfile:
with tempfile.NamedTemporaryFile() as conf_tempfile:
conf_tempfile.write(str(s))
conf_tempfile.flush()
description_tmpfile = tempfile.NamedTemporaryFile()
subprocess.check_call(["openssl", "asn1parse", "-genconf",
conf_tempfile.name, "-i", "-out",
der_tmpfile.name],
stdout=description_tmpfile)
with open(out_fn, "w") as output_file:
description_tmpfile.seek(0)
output_file.write(description_tmpfile.read())
output_file.write("-----BEGIN %s-----\n" % token)
output_file.write(base64.encodestring(der_tmpfile.read()))
output_file.write("-----END %s-----\n" % token)
class CertificatePoliciesGenerator:
def __init__(self):
self.policies = []
def generate(self, out_fn):
generate("CERTIFICATE POLICIES", self, out_fn)
def add_policy(self, policy):
self.policies.append(policy)
def __str__(self):
s = "asn1 = SEQUENCE:certificatePoliciesSequence\n"
s += "[certificatePoliciesSequence]\n"
s_suffix = ""
for n, policy in enumerate(self.policies):
n1, n2 = (str(policy) + "\n").split("\n", 1)
if n2:
s_suffix += n2 + "\n"
s += "%s%s\n" % (n, n1)
return s + s_suffix
def policy_qualifier(qualifier_id, qualifier):
i = random.randint(0, sys.maxint)
s = "asn1 = SEQUENCE:PolicyQualifierInfoSequence%i\n" % i
s += "[PolicyQualifierInfoSequence%i]\n" % i
s += "policyQualifierId = %s\n" % qualifier_id
s += qualifier
return s
def cps_uri_qualifier(url):
return policy_qualifier("OID:id-qt-cps", "cPSUri = IA5STRING:%s\n" % url)
def policy_information(policy_id, qualifiers):
i = random.randint(0, sys.maxint)
s = "policyInformation = SEQUENCE:PolicyInformationSequence%i\n" % i
s += "[PolicyInformationSequence%i]\n" % i
s += "policyIdentifier = OID:%s\n" % policy_id
s_suffix = ""
if qualifiers is not None:
s += "policyQualifiers = SEQUENCE:PolicyQualifiersSequence%i\n" % i
s += "[PolicyQualifiersSequence%i]\n" % i
for n, qualifier in enumerate(qualifiers):
n1, n2 = (str(qualifier) + "\n").split("\n", 1)
if n2:
s_suffix += n2 + "\n"
s += "%s%s\n" % (n, n1)
return s + s_suffix
def main():
p = CertificatePoliciesGenerator()
p.generate("invalid-empty.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("anyPolicy", None))
p.generate("anypolicy.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("anyPolicy", [
cps_uri_qualifier("https://example.com/1_2_3")]))
p.generate("anypolicy_with_qualifier.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("anyPolicy", [
policy_qualifier("OID:1.2.3.4", 'foo = UTF8:"hi"')]))
p.generate("invalid-anypolicy_with_custom_qualifier.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", None))
p.generate("policy_1_2_3.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", [
cps_uri_qualifier("https://example.com/1_2_3")]))
p.generate("policy_1_2_3_with_qualifier.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", [
policy_qualifier("OID:1.2.3.4", 'foo = UTF8:"hi"')]))
p.generate("policy_1_2_3_with_custom_qualifier.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", None))
p.add_policy(policy_information("1.2.3", [
cps_uri_qualifier("https://example.com/1_2_3")]))
p.generate("invalid-policy_1_2_3_dupe.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", []))
p.generate("invalid-policy_1_2_3_with_empty_qualifiers_sequence.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", None))
p.add_policy(policy_information("1.2.4", None))
p.generate("policy_1_2_3_and_1_2_4.pem")
p = CertificatePoliciesGenerator()
p.add_policy(policy_information("1.2.3", [
cps_uri_qualifier("https://example.com/1_2_3")]))
p.add_policy(policy_information("1.2.4", [
cps_uri_qualifier("http://example.com/1_2_4")]))
p.generate("policy_1_2_3_and_1_2_4_with_qualifiers.pem")
generate("CERTIFICATE POLICIES",
"asn1 = SEQUENCE:certificatePoliciesSequence\n"
"[certificatePoliciesSequence]\n"
"policyInformation = SEQUENCE:PolicyInformationSequence\n"
'extradata = IA5STRING:"unconsumed data"\n'
"[PolicyInformationSequence]\n"
"policyIdentifier = OID:1.2.3\n",
"invalid-policy_1_2_3_policyinformation_unconsumed_data.pem")
generate("CERTIFICATE POLICIES",
"asn1 = SEQUENCE:certificatePoliciesSequence\n"
"[certificatePoliciesSequence]\n"
"policyInformation = SEQUENCE:PolicyInformationSequence\n"
"[PolicyInformationSequence]\n"
"policyIdentifier = OID:1.2.3\n"
"policyQualifiers = SEQUENCE:PolicyQualifiersSequence\n"
"[PolicyQualifiersSequence]\n"
"policyQualifierInfo = SEQUENCE:PolicyQualifierInfoSequence\n"
"[PolicyQualifierInfoSequence]\n"
"policyQualifierId = OID:id-qt-cps\n"
"cPSUri = IA5STRING:https://example.com/1_2_3\n"
'extradata = IA5STRING:"unconsumed data"\n',
"invalid-policy_1_2_3_policyqualifierinfo_unconsumed_data.pem")
generate("CERTIFICATE POLICIES",
"asn1 = SEQUENCE:certificatePoliciesSequence\n"
"[certificatePoliciesSequence]\n"
"policyInformation = SEQUENCE:PolicyInformationSequence\n"
"[PolicyInformationSequence]\n"
'policyIdentifier = IA5STRING:"1.2.3"\n',
"invalid-policy_identifier_not_oid.pem")
if __name__ == "__main__":
main()