Improve OEMCrypto unit tests

This change updates the unit tests to have more comments so that it is
more clear what went wrong if a test fails.

Also, some utility code has been changed to make it easier to support
new platforms and read/write locks.

Also, the reference code has had some refactoring added to make it
easier for Widevine to test CDM code.  There should be no
functionality differences in the reference code.

Also, in the main API doc, there was an obsolete paragraph in the
description of the threading model.  This paragraph has been removed.

oem_certificate_generator/oem_certificate.py

@@ -1,15 +1,15 @@
-# Copyright 2017 Google Inc. All Rights Reserved.
+# Copyright 2017 Google LLC. All Rights Reserved.
 
 """OEM certificate generation tool.
 
 Supports:
   - Generating CSR (certificate signing request)
-  - Generating OEM intermediate certificate (for testing)
+  - Generating OEM intermediate certificate (for testing only)
   - Generating OEM leaf certificate chain
   - Erasing file securely
   - Getting CSR/certificate/certificate chain information
 
-Prerequirements:
+Prerequirements (if running the script directly):
   - Install pip: https://pip.pypa.io/en/stable/installing/
   - Install python cryptography: https://cryptography.io/en/latest/installation/
 
@@ -124,9 +124,9 @@ class X509CertificateChain(object):
     for certificate in self._certificates:
       backend._lib.sk_X509_push(x509_stack, certificate._x509)
 
-    pkcs7_partial = 0x4000
     p7 = backend._lib.PKCS7_sign(backend._ffi.NULL, backend._ffi.NULL,
-                                 x509_stack, backend._ffi.NULL, pkcs7_partial)
+                                 x509_stack, backend._ffi.NULL,
+                                 backend._lib.PKCS7_DETACHED)
     p7 = backend._ffi.gc(p7, backend._lib.PKCS7_free)
 
     bio = backend._create_mem_bio_gc()
@@ -247,8 +247,14 @@ def generate_intermediate_certificate(args):
 def generate_leaf_certificate(args):
   """Subparser handler for generating leaf certificate."""
   intermediate_cert_bytes = args.intermediate_certificate_file.read()
-  intermediate_cert = x509.load_der_x509_certificate(intermediate_cert_bytes,
-                                                     backends.default_backend())
+
+  try:
+    intermediate_cert = x509.load_pem_x509_certificate(
+        intermediate_cert_bytes, backends.default_backend())
+  except ValueError:
+    intermediate_cert = x509.load_der_x509_certificate(
+        intermediate_cert_bytes, backends.default_backend())
+
   intermediate_private_key = serialization.load_der_private_key(
       args.intermediate_private_key_file.read(),
       password=args.intermediate_private_key_passphrase,
@@ -334,8 +340,14 @@ def _handle_csr(data):
       x509.load_pem_x509_csr(data, backends.default_backend()))
 
 
-def _handle_certificate(data):
-  """Utility function for get_info to parse certificate."""
+def _handle_pem_certificate(data):
+  """Utility function for get_info to parse pem certificate."""
+  return _certificate_as_string(
+      x509.load_pem_x509_certificate(data, backends.default_backend()))
+
+
+def _handle_der_certificate(data):
+  """Utility function for get_info to parse der certificate."""
   return _certificate_as_string(
       x509.load_der_x509_certificate(data, backends.default_backend()))
 
@@ -353,7 +365,10 @@ def get_info(args, out=sys.stdout):
   # The input is either a CSR or a certificate, or a certificate chain.
   # Loop through the corresponding handlers one by one.
   data = args.file.read()
-  for handler in [_handle_csr, _handle_certificate, _handle_certificate_chain]:
+  for handler in [
+      _handle_csr, _handle_der_certificate, _handle_pem_certificate,
+      _handle_certificate_chain
+  ]:
     try:
       out.write(handler(data))
       return