#!/usr/bin/env python
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += ['..']
import gencerts
# Generate the keys -- the same key is used for all intermediates and end entity
# certificates.
root_key = gencerts.get_or_generate_rsa_key(2048,
gencerts.create_key_path('root'))
i_key = gencerts.get_or_generate_rsa_key(2048, gencerts.create_key_path('i'))
target_key = gencerts.get_or_generate_rsa_key(
2048, gencerts.create_key_path('target'))
# Self-signed root certificate.
root = gencerts.create_self_signed_root_certificate('Root')
root.set_key(root_key)
gencerts.write_string_to_file(root.get_cert_pem(), 'root.pem')
# Intermediate certificates. All have the same subject and key.
i_base = gencerts.create_intermediate_certificate('I', root)
i_base.set_key(i_key)
gencerts.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
i2 = gencerts.create_intermediate_certificate('I', root)
i2.set_key(i_key)
for i in range(num_dirnames):
section_name = 'san_dirname%i' % (i + 1)
dirname = cert.config.get_section(section_name)
dirname.set_property('commonName', '"t%i' % i)
sans.set_property('dirName.%i' % (i + 1), section_name)
for i in range(num_uri):
sans.set_property('URI.%i' % (i + 1), 'http://test/%i' % i)
# Self-signed root certificate.
root = gencerts.create_self_signed_root_certificate('Root')
# Use the same keys for all the chains. Fewer key files to check in, and also
# gives stability against re-ordering of the calls to |make_chain|.
intermediate_key = gencerts.get_or_generate_rsa_key(
2048, gencerts.create_key_path('Intermediate'))
target_key = gencerts.get_or_generate_rsa_key(2048,
gencerts.create_key_path('t0'))
def make_chain(name, doc, excluded, permitted, sans):
# Intermediate certificate.
intermediate = gencerts.create_intermediate_certificate(
'Intermediate', root)
intermediate.set_key(intermediate_key)
add_excluded_name_constraints(intermediate, **excluded)
add_permitted_name_constraints(intermediate, **permitted)
# Target certificate.
target = gencerts.create_end_entity_certificate('t0', intermediate)
target.set_key(target_key)
import gencerts
# Self-signed root certificate (used as trust anchor).
root = gencerts.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = gencerts.create_intermediate_certificate('Intermediate', root)
# Use either an RSA key, or an EC key for the target certificate. Generate the
# possible keys ahead of time so as not to duplicate the work.
KEYS = {
'rsa':
gencerts.get_or_generate_rsa_key(2048,
gencerts.create_key_path('Target-rsa')),
'ec':
gencerts.get_or_generate_ec_key('secp384r1',
gencerts.create_key_path('Target-ec'))
}
KEY_USAGES = [
'decipherOnly', 'digitalSignature', 'keyAgreement', 'keyEncipherment'
]
# The proper key usage depends on the key purpose (serverAuth in this case),
# and the key type. Generate a variety of combinations.
for key_type in sorted(KEYS.keys()):
for key_usage in KEY_USAGES:
# Target certificate.
target = gencerts.create_end_entity_certificate('Target', intermediate)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the root certificate holds an RSA key, intermediate
certificate holds an EC key, and target certificate holds an RSA key. The
target certificate has a valid signature using ECDSA."""
import sys
sys.path += ['../..']
import gencerts
# Self-signed root certificate using an RSA key.
root = gencerts.create_self_signed_root_certificate('Root')
# Intermediate using an EC key for the P-384 curve.
intermediate = gencerts.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(
gencerts.get_or_generate_ec_key(
'secp384r1', gencerts.create_key_path(intermediate.name)))
# Target certificate contains an RSA key (but is signed using ECDSA).
target = gencerts.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate, root]
gencerts.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Valid certificate chain where the target certificate contains a public key
with a 512-bit modulus (weak)."""
import sys
sys.path += ['../..']
import gencerts
# Self-signed root certificate.
root = gencerts.create_self_signed_root_certificate('Root')
# Intermediate
intermediate = gencerts.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = gencerts.create_end_entity_certificate('Target', intermediate)
target.set_key(
gencerts.get_or_generate_rsa_key(512,
gencerts.create_key_path(target.name)))
chain = [target, intermediate, root]
gencerts.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the target certificate is signed using a weak RSA
key (512-bit modulus)."""
import sys
sys.path += ['../..']
import gencerts
# Self-signed root certificate.
root = gencerts.create_self_signed_root_certificate('Root')
# Intermediate with a very weak key size (512-bit RSA).
intermediate = gencerts.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(
gencerts.get_or_generate_rsa_key(
512, gencerts.create_key_path(intermediate.name)))
# Target certificate.
target = gencerts.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate, root]
gencerts.write_chain(__doc__, chain, 'chain.pem')