# Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain with 1 intermediate and a trust anchor. The trust anchor has a basic constraints extension that indicates it is NOT a CA. Verification is expected to succeed as constraints on the root certificate are not applied to the trust anchor.""" import common # Self-signed root certificate (used as trust anchor) with non-CA basic # constraints. root = common.create_self_signed_root_certificate('Root') root.get_extensions().set_property('basicConstraints', 'critical,CA:false') # Intermediate certificate. intermediate = common.create_intermediate_certificate('Intermediate', root) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None common.write_test_file(__doc__, chain, trusted, time, key_purpose, verify_result, errors)
oldintermediate.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) # Intermediate signed by newroot. Same key as oldintermediate. newintermediate = common.create_intermediate_certificate( 'Intermediate', newroot) newintermediate.set_key(oldintermediate.get_key()) newintermediate.set_validity_range(JANUARY_2_2015_UTC, common.JANUARY_1_2016_UTC) # Target certificate. target = common.create_end_entity_certificate('Target', oldintermediate) oldchain = [target, oldintermediate] rolloverchain = [target, newintermediate, newrootrollover] longrolloverchain = [target, newintermediate, newroot, newrootrollover] oldtrusted = common.TrustAnchor(oldroot, constrained=False) newchain = [target, newintermediate] newtrusted = common.TrustAnchor(newroot, constrained=False) time = common.DEFAULT_TIME key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None common.write_test_file(__doc__, oldchain, oldtrusted, time, key_purpose, verify_result,
import common # Self-signed root certificate (used as trust anchor). root = common.create_self_signed_root_certificate('Root') root.get_extensions().set_property('basicConstraints', 'critical,CA:true,pathlen:1') # Intermediate 1 (no pathlen restriction). intermediate1 = common.create_intermediate_certificate('Intermediate1', root) # Intermediate 2 (no pathlen restriction). intermediate2 = common.create_intermediate_certificate('Intermediate2', intermediate1) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate2) chain = [target, intermediate2, intermediate1] trusted = common.TrustAnchor(root, constrained=True) time = common.DEFAULT_TIME key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False errors = """----- Certificate i=1 (CN=Intermediate2) ----- ERROR: max_path_length reached """ common.write_test_file(__doc__, chain, trusted, time, key_purpose, verify_result, errors)