# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate and a trust anchor. The trust anchor
has a basic constraints extension that indicates it is NOT a CA. Verification
is expected to succeed as constraints on the root certificate are not applied
to the trust anchor."""
import common
# Self-signed root certificate (used as trust anchor) with non-CA basic
# constraints.
root = common.create_self_signed_root_certificate('Root')
root.get_extensions().set_property('basicConstraints', 'critical,CA:false')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate]
trusted = common.TrustAnchor(root, constrained=False)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = True
errors = None
common.write_test_file(__doc__, chain, trusted, time, key_purpose,
verify_result, errors)
oldintermediate.set_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2016_UTC)
# Intermediate signed by newroot. Same key as oldintermediate.
newintermediate = common.create_intermediate_certificate(
'Intermediate', newroot)
newintermediate.set_key(oldintermediate.get_key())
newintermediate.set_validity_range(JANUARY_2_2015_UTC,
common.JANUARY_1_2016_UTC)
# Target certificate.
target = common.create_end_entity_certificate('Target', oldintermediate)
oldchain = [target, oldintermediate]
rolloverchain = [target, newintermediate, newrootrollover]
longrolloverchain = [target, newintermediate, newroot, newrootrollover]
oldtrusted = common.TrustAnchor(oldroot, constrained=False)
newchain = [target, newintermediate]
newtrusted = common.TrustAnchor(newroot, constrained=False)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = True
errors = None
common.write_test_file(__doc__,
oldchain,
oldtrusted,
time,
key_purpose,
verify_result,
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
root.get_extensions().set_property('basicConstraints',
'critical,CA:true,pathlen:1')
# Intermediate 1 (no pathlen restriction).
intermediate1 = common.create_intermediate_certificate('Intermediate1', root)
# Intermediate 2 (no pathlen restriction).
intermediate2 = common.create_intermediate_certificate('Intermediate2',
intermediate1)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate2)
chain = [target, intermediate2, intermediate1]
trusted = common.TrustAnchor(root, constrained=True)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = False
errors = """----- Certificate i=1 (CN=Intermediate2) -----
ERROR: max_path_length reached
"""
common.write_test_file(__doc__, chain, trusted, time, key_purpose,
verify_result, errors)
