author | Yiteng Zhang <yiteng.zhang@oracle.com> |
Wed, 09 Mar 2016 11:27:23 -0800 | |
changeset 3321 | 52e8eec3014c |
parent 3177 | 173c3b46334b |
child 3333 | f35db3d08c09 |
permissions | -rw-r--r-- |
3177
173c3b46334b
18735388 pkg utilities should switch to Python 2.7
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3158
diff
changeset
|
1 |
#!/usr/bin/python2.7 |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
2 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
3 |
# CDDL HEADER START |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
4 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
5 |
# The contents of this file are subject to the terms of the |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
6 |
# Common Development and Distribution License (the "License"). |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
7 |
# You may not use this file except in compliance with the License. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
8 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
9 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
10 |
# or http://www.opensolaris.org/os/licensing. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
11 |
# See the License for the specific language governing permissions |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
12 |
# and limitations under the License. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
13 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
14 |
# When distributing Covered Code, include this CDDL HEADER in each |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
15 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
16 |
# If applicable, add the following below this CDDL HEADER, with the |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
17 |
# fields enclosed by brackets "[]" replaced with your own identifying |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
18 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
19 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
20 |
# CDDL HEADER END |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
21 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
22 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
23 |
# |
3321
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
24 |
# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
25 |
# |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
26 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
27 |
import os |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
28 |
import subprocess |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
29 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
30 |
class CertGenerator(object): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
31 |
"""A class which creates certificates.""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
32 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
33 |
def __init__(self, base_dir="."): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
34 |
# Allow relative path, but convert it to absolute path first. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
35 |
self.base_dir = os.path.abspath(base_dir) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
36 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
37 |
conf_dict = {"base_dir": self.base_dir} |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
38 |
self.cnf_file = os.path.join(self.base_dir, "openssl.cnf") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
39 |
with open(self.cnf_file, "wb") as fh: |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
40 |
fh.write(self.openssl_conf.format(**conf_dict)) |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
41 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
42 |
# Set up the needed files. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
43 |
fh = open(os.path.join(self.base_dir, "index"), "wb") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
44 |
fh.close() |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
45 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
46 |
fh = open(os.path.join(self.base_dir, "serial"), "wb") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
47 |
fh.write("01\n") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
48 |
fh.close() |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
49 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
50 |
# Set up the names of the needed directories. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
51 |
self.keys_loc = "keys" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
52 |
self.cs_loc = "code_signing_certs" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
53 |
self.chain_certs_loc = "chain_certs" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
54 |
self.trust_anchors_loc = "trust_anchors" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
55 |
self.crl_loc = "crl" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
56 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
57 |
# Set up the paths to the certificates that will be needed. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
58 |
self.keys_dir = os.path.join(self.base_dir, self.keys_loc) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
59 |
self.cs_dir = os.path.join(self.base_dir, self.cs_loc) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
60 |
self.chain_certs_dir = os.path.join(self.base_dir, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
61 |
self.chain_certs_loc) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
62 |
self.raw_trust_anchor_dir = os.path.join(self.base_dir, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
63 |
self.trust_anchors_loc) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
64 |
self.crl_dir = os.path.join(self.base_dir, self.crl_loc) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
65 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
66 |
os.mkdir(self.keys_dir) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
67 |
os.mkdir(self.cs_dir) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
68 |
os.mkdir(self.chain_certs_dir) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
69 |
os.mkdir(self.raw_trust_anchor_dir) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
70 |
os.mkdir(self.crl_dir) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
71 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
72 |
def convert_pem_to_text(self, tmp_pth, out_pth, kind="x509"): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
73 |
"""Convert a pem file to a human friendly text file.""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
74 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
75 |
assert not os.path.exists(out_pth) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
76 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
77 |
cmd = ["openssl", kind, "-in", tmp_pth, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
78 |
"-text"] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
79 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
80 |
fh = open(out_pth, "wb") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
81 |
p = subprocess.Popen(cmd, stdout=fh) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
82 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
83 |
fh.close() |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
84 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
85 |
def make_ca_cert(self, new_name, parent_name, parent_loc=None, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
86 |
ext="v3_ca", ta_path=None, expired=False, future=False, https=False): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
87 |
"""Create a new CA cert.""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
88 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
89 |
if not parent_loc: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
90 |
parent_loc = self.trust_anchors_loc |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
91 |
if not ta_path: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
92 |
ta_path = self.base_dir |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
93 |
subj_str_to_use = self.subj_str |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
94 |
if https: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
95 |
subj_str_to_use = self.https_subj_str |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
96 |
cmd = ["openssl", "req", "-new", "-nodes", |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
97 |
"-keyout", "{0}/{1}_key.pem".format(self.keys_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
98 |
"-out", "{0}/{1}.csr".format(self.chain_certs_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
99 |
"-sha256", "-subj", subj_str_to_use.format(new_name, new_name)] |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
100 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
101 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
102 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
103 |
cmd = ["openssl", "ca", "-policy", "policy_anything", |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
104 |
"-extensions", ext, |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
105 |
"-out", "{0}/{1}_cert.pem".format(self.chain_certs_dir, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
106 |
new_name), |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
107 |
"-in", "{0}/{1}.csr".format(self.chain_certs_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
108 |
"-cert", "{0}/{1}/{2}_cert.pem".format(ta_path, parent_loc, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
109 |
parent_name), |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
110 |
"-outdir", "{0}".format(self.chain_certs_dir), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
111 |
"-keyfile", "{0}/{1}/{2}_key.pem".format(ta_path, self.keys_loc, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
112 |
parent_name), |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
113 |
"-config", self.cnf_file, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
114 |
"-batch"] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
115 |
if expired: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
116 |
cmd.append("-startdate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
117 |
cmd.append("090101010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
118 |
cmd.append("-enddate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
119 |
cmd.append("090102010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
120 |
elif future: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
121 |
cmd.append("-startdate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
122 |
cmd.append("350101010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
123 |
cmd.append("-enddate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
124 |
cmd.append("350102010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
125 |
else: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
126 |
cmd.append("-days") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
127 |
cmd.append("1000") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
128 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
129 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
130 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
131 |
def make_cs_cert(self, new_name, parent_name, parent_loc=None, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
132 |
ext="v3_req", ca_path=None, expiring=False, expired=False, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
133 |
future=False, https=False, passphrase=None): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
134 |
"""Create a new code signing cert.""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
135 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
136 |
if not parent_loc: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
137 |
parent_loc = self.trust_anchors_loc |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
138 |
if not ca_path: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
139 |
ca_path = self.base_dir |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
140 |
subj_str_to_use = self.subj_str |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
141 |
if https: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
142 |
subj_str_to_use = self.https_subj_str |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
143 |
cmd = ["openssl", "genrsa", "-out", "{0}/{1}_key.pem".format( |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
144 |
self.keys_dir, new_name), "1024"] |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
145 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
146 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
147 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
148 |
cmd = ["openssl", "req", "-new", "-nodes", |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
149 |
"-key", "{0}/{1}_key.pem".format(self.keys_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
150 |
"-out", "{0}/{1}.csr".format(self.cs_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
151 |
"-sha256", "-subj", subj_str_to_use.format(new_name, new_name)] |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
152 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
153 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
154 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
155 |
if passphrase: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
156 |
# Add a passphrase to the key just created using a new filename. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
157 |
cmd = ["openssl", "rsa", "-des3", |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
158 |
"-in", "{0}/{1}_key.pem".format(self.keys_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
159 |
"-out", "{0}/{1}_reqpass_key.pem".format(self.keys_dir, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
160 |
new_name), |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
161 |
"-passout", "pass:{0}".format(passphrase)] |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
162 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
163 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
164 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
165 |
cmd = ["openssl", "ca", "-policy", "policy_anything", |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
166 |
"-extensions", ext, |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
167 |
"-out", "{0}/{1}_cert.pem".format(self.cs_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
168 |
"-in", "{0}/{1}.csr".format(self.cs_dir, new_name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
169 |
"-cert", "{0}/{1}/{2}_cert.pem".format(ca_path, parent_loc, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
170 |
parent_name), |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
171 |
"-outdir", "{0}".format(self.cs_dir), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
172 |
"-keyfile", "{0}/{1}/{2}_key.pem".format(ca_path, self.keys_loc, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
173 |
parent_name), |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
174 |
"-config", self.cnf_file, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
175 |
"-batch"] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
176 |
if expired: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
177 |
cmd.append("-startdate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
178 |
cmd.append("090101010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
179 |
cmd.append("-enddate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
180 |
cmd.append("090102010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
181 |
elif future: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
182 |
cmd.append("-startdate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
183 |
cmd.append("350101010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
184 |
cmd.append("-enddate") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
185 |
cmd.append("350102010101Z") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
186 |
elif expiring: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
187 |
cmd.append("-days") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
188 |
cmd.append("27") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
189 |
else: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
190 |
cmd.append("-days") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
191 |
cmd.append("1000") |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
192 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
193 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
194 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
195 |
def make_trust_anchor(self, name, https=False): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
196 |
"""Make a new trust anchor.""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
197 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
198 |
subj_str_to_use = self.subj_str |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
199 |
if https: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
200 |
subj_str_to_use = self.https_subj_str |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
201 |
cmd = ["openssl", "req", "-new", "-x509", "-nodes", |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
202 |
"-keyout", "{0}/{1}_key.pem".format(self.keys_dir, name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
203 |
"-subj", subj_str_to_use.format(name, name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
204 |
"-out", "{0}/{1}/{2}_cert.tmp".format(self.base_dir, name, name), |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
205 |
"-days", "1000", |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
206 |
"-sha256"] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
207 |
|
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
208 |
os.mkdir("{0}/{1}".format(self.base_dir, name)) |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
209 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
210 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
211 |
assert p.wait() == 0 |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
212 |
self.convert_pem_to_text("{0}/{1}/{2}_cert.tmp".format(self.base_dir, |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
213 |
name, name), "{0}/{1}/{2}_cert.pem".format(self.base_dir, name, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
214 |
name)) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
215 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
216 |
try: |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
217 |
os.link("{0}/{1}/{2}_cert.pem".format(self.base_dir, name, name), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
218 |
"{0}/{1}_cert.pem".format(self.raw_trust_anchor_dir, name)) |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
219 |
except: |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
220 |
shutil.copy("{0}/{1}/{2}_cert.pem".format(self.base_dir, name, |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
221 |
name), "{0}/{1}_cert.pem".format(self.raw_trust_anchor_dir, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
222 |
name)) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
223 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
224 |
def revoke_cert(self, ca, revoked_cert, ca_dir=None, cert_dir=None, |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
225 |
ca_path=None): |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
226 |
"""Revoke a certificate using the CA given.""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
227 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
228 |
if not ca_dir: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
229 |
ca_dir = ca |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
230 |
if not cert_dir: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
231 |
cert_dir = self.cs_loc |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
232 |
if not ca_path: |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
233 |
ca_path = self.base_dir |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
234 |
cmd = ["openssl", "ca", "-keyfile", "{0}/{1}/{2}_key.pem".format( |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
235 |
ca_path, self.keys_loc, ca), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
236 |
"-cert", "{0}/{1}/{2}_cert.pem".format(ca_path, ca_dir, ca), |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
237 |
"-config", self.cnf_file, |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
238 |
"-revoke", "{0}/{1}/{2}_cert.pem".format(self.base_dir, cert_dir, |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
239 |
revoked_cert)] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
240 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
241 |
assert p.wait() == 0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
242 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
243 |
cmd = ["openssl", "ca", "-gencrl", |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
244 |
"-keyfile", "{0}/{1}/{2}_key.pem".format(ca_path, self.keys_loc, ca), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
245 |
"-cert", "{0}/{1}/{2}_cert.pem".format(ca_path, ca_dir, ca), |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
246 |
"-config", self.cnf_file, |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
247 |
"-out", "{0}/{1}_crl.tmp".format(self.crl_dir, ca), |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
248 |
"-crldays", "1000"] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
249 |
p = subprocess.Popen(cmd) |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
250 |
assert p.wait() == 0 |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
251 |
self.convert_pem_to_text("{0}/{1}_crl.tmp".format(self.crl_dir, ca), |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
252 |
"{0}/{1}_crl.pem".format(self.crl_dir, ca), kind="crl") |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
253 |
|
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
254 |
subj_str = "/C=US/ST=California/L=Santa Clara/O=pkg5/CN={0}/emailAddress={1}" |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
255 |
https_subj_str = "/C=US/ST=California/L=Santa Clara/O=pkg5/OU={0}/" \ |
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
256 |
"CN=localhost/emailAddress={1}" |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
257 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
258 |
openssl_conf = """\ |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
259 |
HOME = . |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
260 |
RANDFILE = $ENV::HOME/.rnd |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
261 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
262 |
[ ca ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
263 |
default_ca = CA_default |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
264 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
265 |
[ CA_default ] |
3158
58c9c2c21e67
20177033 change string formatting for python 3 migration
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3010
diff
changeset
|
266 |
dir = {base_dir} |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
267 |
crl_dir = $dir/crl |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
268 |
database = $dir/index |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
269 |
serial = $dir/serial |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
270 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
271 |
x509_extensions = usr_cert |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
272 |
unique_subject = no |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
273 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
274 |
default_md = sha256 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
275 |
preserve = no |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
276 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
277 |
policy = policy_match |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
278 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
279 |
# For the 'anything' policy |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
280 |
# At this point in time, you must list all acceptable 'object' |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
281 |
# types. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
282 |
[ policy_anything ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
283 |
countryName = optional |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
284 |
stateOrProvinceName = optional |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
285 |
localityName = optional |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
286 |
organizationName = optional |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
287 |
organizationalUnitName = optional |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
288 |
commonName = supplied |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
289 |
emailAddress = optional |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
290 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
291 |
#################################################################### |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
292 |
[ req ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
293 |
default_bits = 2048 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
294 |
default_keyfile = ./private/ca-key.pem |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
295 |
default_md = sha256 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
296 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
297 |
prompt = no |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
298 |
distinguished_name = root_ca_distinguished_name |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
299 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
300 |
x509_extensions = v3_ca |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
301 |
string_mask = nombstr |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
302 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
303 |
[ root_ca_distinguished_name ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
304 |
commonName = ta1 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
305 |
countryName = US |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
306 |
stateOrProvinceName = California |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
307 |
localityName = Santa Clara |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
308 |
0.organizationName = pkg5 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
309 |
emailAddress = ta1@pkg5 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
310 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
311 |
[ usr_cert ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
312 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
313 |
# These extensions are added when 'ca' signs a request. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
314 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
315 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
316 |
authorityKeyIdentifier=keyid,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
317 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
318 |
[ v3_req ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
319 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
320 |
# Extensions to add to a certificate request. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
321 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
322 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
323 |
keyUsage = critical, digitalSignature |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
324 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
325 |
[ v3_confused_cs ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
326 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
327 |
# Have CA be true, but don't have keyUsage allow certificate signing to created |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
328 |
# a confused certificate. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
329 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
330 |
basicConstraints = critical,CA:true |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
331 |
keyUsage = critical, digitalSignature |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
332 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
333 |
[ v3_no_keyUsage ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
334 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
335 |
# The extensions to use for a code signing certificate without a keyUsage |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
336 |
# extension. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
337 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
338 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
339 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
340 |
[ v3_ca ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
341 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
342 |
# Extensions for a typical CA. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
343 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
344 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
345 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
346 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
347 |
basicConstraints = critical,CA:true |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
348 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
349 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
350 |
[ v3_ca_lp4 ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
351 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
352 |
# Extensions for a typical CA. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
353 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
354 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
355 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
356 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
357 |
basicConstraints = critical,CA:true,pathlen:4 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
358 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
359 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
360 |
[ v3_ca_lp3 ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
361 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
362 |
# Extensions for a typical CA |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
363 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
364 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
365 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
366 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
367 |
basicConstraints = critical,CA:true,pathlen:3 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
368 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
369 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
370 |
[ v3_ca_lp2 ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
371 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
372 |
# Extensions for a typical CA. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
373 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
374 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
375 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
376 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
377 |
basicConstraints = critical,CA:true,pathlen:2 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
378 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
379 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
380 |
[ v3_ca_lp1 ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
381 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
382 |
# Extensions for a typical CA. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
383 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
384 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
385 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
386 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
387 |
basicConstraints = critical,CA:true,pathlen:1 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
388 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
389 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
390 |
[ v3_ca_lp0 ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
391 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
392 |
# Extensions for a typical CA. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
393 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
394 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
395 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
396 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
397 |
basicConstraints = critical,CA:true,pathlen:0 |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
398 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
399 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
400 |
[ v3_ca_no_crl ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
401 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
402 |
# Extensions for a CA which cannot sign a CRL. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
403 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
404 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
405 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
406 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
407 |
basicConstraints = critical,CA:true |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
408 |
keyUsage = critical, keyCertSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
409 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
410 |
[ v3_ca_no_keyUsage ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
411 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
412 |
# Extensions for a CA without keyUsage information. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
413 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
414 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
415 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
416 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
417 |
basicConstraints = critical,CA:true |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
418 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
419 |
[ issuer_ext ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
420 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
421 |
# Used for a code signing cert with an unsupported critical extension. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
422 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
423 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
424 |
issuerAltName = critical,issuer:copy |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
425 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
426 |
[ issuer_ext_ca ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
427 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
428 |
# Used for a CA cert with an unsupported critical extension. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
429 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
430 |
basicConstraints = critical,CA:TRUE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
431 |
issuerAltName = critical,issuer:copy |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
432 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
433 |
[ issuer_ext_non_critical ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
434 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
435 |
# Used to test a recognized non-critical extension with an unrecognized value. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
436 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
437 |
basicConstraints = critical,CA:FALSE |
3321
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
438 |
keyUsage = keyAgreement |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
439 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
440 |
[ issuer_ext_bad_val ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
441 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
442 |
# Used to test a recognized critical extension with an unrecognized value. |
3321
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
443 |
# keyAgreement needs to be set because otherwise Cryptography complains that |
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
444 |
# encipherOnly requires keyAgreement. |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
445 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
446 |
basicConstraints = critical,CA:FALSE |
3321
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
447 |
keyUsage = critical, encipherOnly, keyAgreement |
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
448 |
|
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
449 |
[ invalid_ext ] |
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
450 |
|
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
451 |
# Used to test an invalid extension. Cryptography complains that enciperOnly |
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
452 |
# requires keyAgreement, so this is an invalid extension. |
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
453 |
|
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
454 |
basicConstraints = critical,CA:FALSE |
52e8eec3014c
17377205 IPS should not use M2Crypto
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
3177
diff
changeset
|
455 |
keyUsage = encipherOnly |
3010
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
456 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
457 |
[ crl_ext ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
458 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
459 |
# Used for testing certificate revocation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
460 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
461 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
462 |
crlDistributionPoints = URI:http://localhost:12001/file/0/ch1_ta4_crl.pem |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
463 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
464 |
[ ch5_ta1_crl ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
465 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
466 |
# Used for testing certificate revocation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
467 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
468 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
469 |
crlDistributionPoints = URI:http://localhost:12001/file/0/ch5_ta1_crl.pem |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
470 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
471 |
[ ch1.1_ta4_crl ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
472 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
473 |
# Used for testing certificate revocation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
474 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
475 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
476 |
crlDistributionPoints = URI:http://localhost:12001/file/0/ch1.1_ta4_crl.pem |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
477 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
478 |
[ ch1_ta1_crl ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
479 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
480 |
# Used for testing certificate revocation at the level of a chain certificate. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
481 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
482 |
basicConstraints = critical,CA:FALSE |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
483 |
crlDistributionPoints = URI:http://localhost:12001/file/0/ch1_pubCA1_crl.pem |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
484 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
485 |
[ crl_ca ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
486 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
487 |
# Used for testing CA certificate revocation by a trust anchor. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
488 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
489 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
490 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
491 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
492 |
basicConstraints = critical,CA:true |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
493 |
crlDistributionPoints = URI:http://localhost:12001/file/0/ta5_crl.pem |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
494 |
keyUsage = critical, keyCertSign, cRLSign |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
495 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
496 |
[ bad_crl ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
497 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
498 |
# Used for testing a CRL with a bad file format. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
499 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
500 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
501 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
502 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
503 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
504 |
basicConstraints = critical,CA:false |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
505 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
506 |
crlDistributionPoints = URI:http://localhost:12001/file/0/example_file |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
507 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
508 |
[ bad_crl_loc ] |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
509 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
510 |
# PKIX recommendation. |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
511 |
subjectKeyIdentifier=hash |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
512 |
authorityKeyIdentifier=keyid:always,issuer:always |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
513 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
514 |
basicConstraints = critical,CA:false |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
515 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
516 |
crlDistributionPoints = URI:foo://bar/baz |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
517 |
""" |
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
518 |
|
2741200f3d9e
17768096 pkg.client.api.image_create should not raise exception for expiring certificates
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
519 |