def generate_rsa_cert(leaf_key_size):
JAN_2015 = '150101120000Z'
JAN_2018 = '180101120000Z'
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_validity_range(JAN_2015, JAN_2018)
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_validity_range(JAN_2015, JAN_2018)
# Leaf certificate.
leaf = common.create_end_entity_certificate(
'RSA %d Device Cert' % leaf_key_size, intermediate)
leaf.get_extensions().set_property('extendedKeyUsage', 'clientAuth')
device_key_path = common.create_key_path(leaf.name)
leaf.set_key(common.get_or_generate_rsa_key(leaf_key_size,
device_key_path))
leaf.set_validity_range(JAN_2015, JAN_2018)
chain = [leaf, intermediate, root]
chain_description = """Cast certificate chain where device certificate uses a
%d-bit RSA key""" % leaf_key_size
# Write the certificate chain.
chain_path = 'rsa%d_device_cert.pem' % leaf_key_size
common.write_chain(chain_description, chain, chain_path)
# Write the the signed data file.
create_signatures.create_signed_data(
device_key_path,
'../signeddata/rsa%d_device_cert_data.pem' % leaf_key_size,
'../certificates/' + chain_path)
def generate_chain(intermediate_digest_algorithm):
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_signature_hash(intermediate_digest_algorithm)
intermediate.get_extensions().set_property('extendedKeyUsage', 'nsSGC')
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.get_extensions().set_property('extendedKeyUsage',
'serverAuth,clientAuth')
chain = [target, intermediate, root]
common.write_chain(__doc__, chain,
'%s-chain.pem' % intermediate_digest_algorithm)
def generate_chain(intermediate_digest_algorithm):
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_signature_hash(intermediate_digest_algorithm)
intermediate.get_extensions().set_property('extendedKeyUsage',
'nsSGC')
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.get_extensions().set_property('extendedKeyUsage',
'serverAuth,clientAuth')
chain = [target, intermediate, root]
common.write_chain(__doc__, chain,
'%s-chain.pem' % intermediate_digest_algorithm)
def generate_policies_chain(intermediate_policies, leaf_policies):
"""Creates a certificate chain and writes it to a PEM file (in the current
directory).
The chain has 3 certificates (root, intermediate, leaf). The root has no
policies extension, whereas the intermediate has policies given by
|intermediate_policies| and the leaf has policies given by |leaf_policies|.
The policies are specified as a list, with the empty list meaning no policies
extension. Values in the list should be one of the OID constants (AUDIO_ONLY,
ANY_POLICY).
The name of the generated file is a human-readable serialization of this
function's parameters.
"""
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_validity_range(JAN_2015, JAN_2018)
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
set_policies_from_list(intermediate, intermediate_policies)
intermediate.set_validity_range(JAN_2015, JAN_2018)
# Leaf certificate.
leaf = common.create_end_entity_certificate('Leaf', intermediate)
set_policies_from_list(leaf, leaf_policies)
leaf.get_extensions().set_property('extendedKeyUsage', 'clientAuth')
leaf.set_validity_range(JAN_2015, JAN_2018)
chain = [leaf, intermediate, root]
chain_description = """Cast certificate chain with the following policies:
Root: policies={}
Intermediate: policies={%s}
Leaf: policies={%s}""" % (', '.join(intermediate_policies),
', '.join(leaf_policies))
chain_file_name = 'policies_ica_%s_leaf_%s.pem' % (policies_to_filename(
intermediate_policies), policies_to_filename(leaf_policies))
common.write_chain(chain_description, chain, chain_file_name)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the intermediate lacks a keyUsage extension."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate that is missing keyCertSign.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.get_extensions().set_property(
'keyUsage', 'critical,digitalSignature,keyEncipherment')
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary, where the intermediary is expired
(violates validity.notAfter). Verification is expected to fail."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
intermediary.set_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2016_UTC)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
# March 2nd, 2016 midnight UTC
time = '160302120000Z'
verify_result = False
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate and a trusted root. The trusted root
is NOT self signed, however its issuer is not included in the chain or root
store. Verification is expected to succeed since the root is trusted."""
import common
shadow_root = common.create_self_signed_root_certificate('ShadowRoot')
# Non-self-signed root (part of trust store).
root = common.create_intermediate_certificate('Root', shadow_root)
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = True
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary and a trusted root. The trusted root
is NOT self signed, however its issuer is not included in the chain or root
store. Verification is expected to succeed since the root is trusted."""
import common
shadow_root = common.create_self_signed_root_certificate('ShadowRoot')
# Non-self-signed root (part of trust store).
root = common.create_intermediary_certificate('Root', shadow_root)
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = True
common.write_test_file(__doc__, chain, trusted, time, verify_result)