1190532 - pykey.py: make key specification explicit in all cases (rather than implicit)

Status: RESOLVED FIXED

(Core :: Security: PSM, defect)

Description

[Dana Keeler (she/her) (use needinfo) [:keeler]]

It would be helpful to add comments directly to the .certspec and .keyspec files that are used to generate the PSM xpcshell test certificates. (See e.g. bug 1189427 comment 2).

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Slight modification: it may be a good idea to add comments to certspec files, but I don't think it makes as much sense for the keyspec files. Rather than using comments, specifying the default key should be explicit rather than implicit. That way, the process is the same no matter what specification is being used: a) read the keyspec file, b) read pycert.py, c) ???, d) profit.

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Attachment: MozReview Request: bug 1190532 - change default key specification from implicit to explicit in pycert.py

bug 1190532 - change default key specification from implicit to explicit in pycert.py

Previously using an empty string would result in pycert.py returning the
default shared RSA key. This resulted in empty keyspec files being added
to the tree, which was confusing. This should end the confusion by making
the key specification process explicit rather than implicit.

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Ugh I always do that wrong.

Comment 4

[:Cykesiopka]

Comment on attachment 8644646 [details]
MozReview Request: bug 1190532 - change default key specification from implicit to explicit in pycert.py

https://reviewboard.mozilla.org/r/15281/#review13721

Profit sounds nice.

Comment 5

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/a7d1fa2cb596

Comment 6

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/a7d1fa2cb596