certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER

This allows to follow upcoming changes in certdata.txt:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613

Signed-off-by: Daiki Ueno <dueno@redhat.com>
This commit is contained in:
Daiki Ueno 2019-12-04 10:53:31 +01:00
parent 8702798203
commit 6aec97d9bd

View File

@ -177,6 +177,11 @@ openssl_trust = {
"CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
}
cert_distrust_types = {
"CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
"CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
}
for tobj in objects:
if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
key = tobj['CKA_LABEL'] + printable_serial(tobj)
@ -369,6 +374,16 @@ for tobj in objects:
f.write("nss-mozilla-ca-policy: true\n")
f.write("modifiable: false\n");
# requires p11-kit >= 0.23.19
for t in list(cert_distrust_types.keys()):
if t in obj:
value = obj[t]
if value == 'CK_FALSE':
value = bytearray(1)
f.write(cert_distrust_types[t] + ": \"")
f.write(urllib.parse.quote(value));
f.write("\"\n")
f.write("-----BEGIN CERTIFICATE-----\n")
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)