e8add8eed8
Changes included in this CL: 166806: Update OEMCrypto_GetDeviceInformation() | https://widevine-internal-review.googlesource.com/c/cdm/+/166806 166808: Update Android L3 after OEMCrypto_GetDeviceInformation() signature changes | https://widevine-internal-review.googlesource.com/c/cdm/+/166808 166809: Decode device info and write it to CSR payload | https://widevine-internal-review.googlesource.com/c/cdm/+/166809 167158: Fix Android include path and copy_files | https://widevine-internal-review.googlesource.com/c/cdm/+/167158 167159: Fix common typos and use inclusive language suggested by Android linter | https://widevine-internal-review.googlesource.com/c/cdm/+/167159 165618: Explicitly state python3 where needed. | https://widevine-internal-review.googlesource.com/c/cdm/+/165618 166757: Update Android.bp for Android | https://widevine-internal-review.googlesource.com/c/cdm/+/166757 164993: Refactor basic oemcrypto unit tests | https://widevine-internal-review.googlesource.com/c/cdm/+/164993 164978: Update OEMCrypto Unit Test Docs | https://widevine-internal-review.googlesource.com/c/cdm/+/164978 166941: Update make files for OEMCrypto | https://widevine-internal-review.googlesource.com/c/cdm/+/166941 165279: Refactor license unit tests | https://widevine-internal-review.googlesource.com/c/cdm/+/165279 165318: Refactor provisioning unit tests | https://widevine-internal-review.googlesource.com/c/cdm/+/165318 164800: Add extra check for renew on license load unit test | https://widevine-internal-review.googlesource.com/c/cdm/+/164800 165860: Remove duplicate definition of MaybeHex() | https://widevine-internal-review.googlesource.com/c/cdm/+/165860 164889: Updated CoreCommonRequestFromMessage and fix test | https://widevine-internal-review.googlesource.com/c/cdm/+/164889 164967: Add OPK pre-hook and post-hook error codes | https://widevine-internal-review.googlesource.com/c/cdm/+/164967 165140: Add hidden device_id_length to v18 provisioning message | https://widevine-internal-review.googlesource.com/c/cdm/+/165140 165204: Fix memory leak in oemcrypto test | https://widevine-internal-review.googlesource.com/c/cdm/+/165204 165958: Fix oemcrypto_generic_verify_fuzz mutator signature offset | https://widevine-internal-review.googlesource.com/c/cdm/+/165958 166037: Support SHA-256 in OEMCrypto Session Util | https://widevine-internal-review.googlesource.com/c/cdm/+/166037 Test: Run GtsMediaTests on Pixel 7 Bug: 270612144 Change-Id: Iff0820a2de7d043a820470a130af65b0dcadb759
53 lines
1.4 KiB
Markdown
53 lines
1.4 KiB
Markdown
OEM certificate generation tool
|
|
===================================================
|
|
|
|
## Supports
|
|
|
|
- Generating CSR (certificate signing request)
|
|
- Generating OEM intermediate certificate (for testing)
|
|
- Generating OEM leaf certificate chain
|
|
- Erasing file securely
|
|
- Getting CSR/certificate/certificate chain information
|
|
|
|
## Prerequirements
|
|
|
|
- Install pip: https://pip.pypa.io/en/stable/installing/
|
|
- Install python cryptography: https://cryptography.io/en/latest/installation/
|
|
|
|
## Usage
|
|
|
|
Run `python3 oem_certificate.py --help` to see available commands.
|
|
|
|
The arguments can be partially or fully loaded from a configuration file, for
|
|
example, if file "location.cfg" is,
|
|
|
|
```
|
|
-C=US
|
|
-ST=CA
|
|
-L=Kirkland
|
|
-O=Some Company
|
|
-OU=Some Unit
|
|
```
|
|
|
|
A command of
|
|
|
|
```bash
|
|
python3 oem_certificate.py generate_csr @location.cfg -CN TestDevice1 \
|
|
--output_csr_file=csr.pem --output_private_key_file=key.der
|
|
```
|
|
|
|
is equivalent to
|
|
|
|
```bash
|
|
python3 oem_certificate.py generate_csr -CN TestDevice1 -C=US -ST=CA \
|
|
-L=Kirkland -O='Some Company' -OU='Some Unit' --output_csr_file=csr.pem \
|
|
--output_private_key_file=key.der.
|
|
```
|
|
|
|
Note that
|
|
- The arguments in the config file must be one per line;
|
|
- The arguments should not be quoted in the config file.
|
|
|
|
The script uses a default configuration file 'oem_certificate.cfg', which will
|
|
be loaded automatically if exists.
|