def generate_rsa_cert(leaf_key_size):
JAN_2015 = '150101120000Z'
JAN_2018 = '180101120000Z'
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_validity_range(JAN_2015, JAN_2018)
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_validity_range(JAN_2015, JAN_2018)
# Leaf certificate.
leaf = common.create_end_entity_certificate(
'RSA %d Device Cert' % leaf_key_size, intermediate)
leaf.get_extensions().set_property('extendedKeyUsage', 'clientAuth')
device_key_path = common.create_key_path(leaf.name)
leaf.set_key(common.get_or_generate_rsa_key(leaf_key_size,
device_key_path))
leaf.set_validity_range(JAN_2015, JAN_2018)
chain = [leaf, intermediate, root]
chain_description = """Cast certificate chain where device certificate uses a
%d-bit RSA key""" % leaf_key_size
# Write the certificate chain.
chain_path = 'rsa%d_device_cert.pem' % leaf_key_size
common.write_chain(chain_description, chain, chain_path)
# Write the the signed data file.
create_signatures.create_signed_data(
device_key_path,
'../signeddata/rsa%d_device_cert_data.pem' % leaf_key_size,
'../certificates/' + chain_path)
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Use either an RSA key, or an EC key for the target certificate. Generate the
# possible keys ahead of time so as not to duplicate the work.
KEYS = {
'rsa':
common.get_or_generate_rsa_key(2048, common.create_key_path('Target-rsa')),
'ec':
common.get_or_generate_ec_key('secp384r1',
common.create_key_path('Target-ec'))
}
KEY_USAGES = [
'decipherOnly', 'digitalSignature', 'keyAgreement', 'keyEncipherment'
]
# The proper key usage depends on the key purpose (serverAuth in this case),
# and the key type. Generate a variety of combinations.
for key_type in sorted(KEYS.keys()):
for key_usage in KEY_USAGES:
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]
import common
common.set_default_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2021_UTC)
# Generate the keys -- the same key is used for all intermediates and end entity
# certificates.
root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root'))
i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i'))
target_key = common.get_or_generate_rsa_key(2048,
common.create_key_path('target'))
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_key(root_key)
common.write_string_to_file(root.get_cert_pem(), 'root.pem')
# Intermediate certificates. All have the same subject and key.
i_base = common.create_intermediate_certificate('I', root)
i_base.set_key(i_key)
common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
i2 = common.create_intermediate_certificate('I', root)
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate, a trusted root, and a target
certificate for serverAuth that has only digitalSignature."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.set_key(
common.get_or_generate_rsa_key(2048, common.create_key_path(target.name)))
target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
target.get_extensions().set_property('keyUsage', 'critical,digitalSignature')
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate and a trusted root. The target
certificate is signed using a weak RSA key (512-bit modulus), and so
verification is expected to fail."""
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate with a very weak key size (512-bit RSA).
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(
common.get_or_generate_rsa_key(512,
common.create_key_path(intermediate.name)))
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate]
trusted = common.TrustAnchor(root, constrained=False)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = False
errors = """----- Certificate i=0 (CN=Target) -----
ERROR: RSA modulus too small
actual: 512
minimum: 1024
ERROR: Unacceptable modulus length for RSA key
ERROR: VerifySignedData failed
import sys
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Use either an RSA key, or an EC key for the target certificate. Generate the
# possible keys ahead of time so as not to duplicate the work.
KEYS = {
'rsa': common.get_or_generate_rsa_key(2048,
common.create_key_path('Target-rsa')),
'ec': common.get_or_generate_ec_key('secp384r1',
common.create_key_path('Target-ec'))
};
KEY_USAGES = [ 'decipherOnly',
'digitalSignature',
'keyAgreement',
'keyEncipherment' ]
# The proper key usage depends on the key purpose (serverAuth in this case),
# and the key type. Generate a variety of combinations.
for key_type in sorted(KEYS.keys()):
for key_usage in KEY_USAGES:
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]
import common
common.set_default_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2021_UTC)
# Generate the keys -- the same key is used for all intermediates and end entity
# certificates.
root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root'))
i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i'))
target_key = common.get_or_generate_rsa_key(2048,
common.create_key_path('target'))
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_key(root_key)
common.write_string_to_file(root.get_cert_pem(), 'root.pem')
# Intermediate certificates. All have the same subject and key.
i_base = common.create_intermediate_certificate('I', root)
i_base.set_key(i_key)
common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Valid certificate chain where the target certificate contains a public key
with a 512-bit modulus (weak)."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.set_key(common.get_or_generate_rsa_key(
512, common.create_key_path(target.name)))
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the target certificate is signed using a weak RSA
key (512-bit modulus)."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate with a very weak key size (512-bit RSA).
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(common.get_or_generate_rsa_key(
512, common.create_key_path(intermediate.name)))
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
