980b15fd7e
[ Merge of http://go/wvgerrit/71204 ] - Also renames oem_certificate_generator_help to oem_certificate_generator_test_helper to better reflect what it is. - Use PKCS7_DETACHED instead of PKCS7_PARTIAL. Bug: 122610083. Test: WV unit/integration tests Change-Id: Iee84598512cafb6092a857da1582c741c6ee7693
OEM certificate generation tool
Supports
- Generating CSR (certificate signing request)
- Generating OEM intermediate certificate (for testing)
- Generating OEM leaf certificate chain
- Erasing file securely
- Getting CSR/certificate/certificate chain information
Prerequirements
- Install pip: https://pip.pypa.io/en/stable/installing/
- Install python cryptography: https://cryptography.io/en/latest/installation/
Usage
Run python oem_certificate.py --help to see available commands.
The arguments can be partially or fully loaded from a configuration file, for example, if file "location.cfg" is,
-C=US
-ST=CA
-L=Kirkland
-O=Some Company
-OU=Some Unit
A command of
python oem_certificate.py generate_csr @location.cfg -CN TestDevice1 \
--output_csr_file=csr.pem --output_private_key_file=key.der
is equivalent to
python oem_certificate.py generate_csr -CN TestDevice1 -C=US -ST=CA \
-L=Kirkland -O='Some Company' -OU='Some Unit' --output_csr_file=csr.pem \
--output_private_key_file=key.der.
Note that
- The arguments in the config file must be one per line;
- The arguments should not be quoted in the config file.
The script uses a default configuration file 'oem_certificate.cfg', which will be loaded automatically if exists.