#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary, where the intermediary is expired
(violates validity.notAfter). Verification is expected to fail."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
intermediary.set_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2016_UTC)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
# March 2nd, 2016 midnight UTC
time = '160302120000Z'
verify_result = False
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary, a trusted root, and a target
certificate that is also a CA. Verification is expected to succeed, as the test
code accepts any target certificate."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
# Target certificate (is also a CA)
target = common.create_intermediary_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = True
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary and a trusted root. The intermediary
lacks the basic constraints extension, and hence is expected to fail validation
(RFC 5280 requires v3 signing certificates have a BasicConstaints)."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary that lacks basic constraints.
intermediary = common.create_intermediary_certificate('Intermediary', root)
intermediary.get_extensions().remove_property('basicConstraints')
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = False
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 2 intermediaries. The first intermediary has a basic
constraints path length of 0. The second one is self-issued so does not count
against the path length."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary with pathlen 0
intermediary1 = common.create_intermediary_certificate('Intermediary', root)
intermediary1.get_extensions().set_property('basicConstraints',
'critical,CA:true,pathlen:0')
# Another intermediary (with the same pathlen restriction).
# Note that this is self-issued but NOT self-signed.
intermediary2 = common.create_intermediary_certificate('Intermediary',
intermediary1)
intermediary2.get_extensions().set_property('basicConstraints',
'critical,CA:true,pathlen:0')
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary2)
chain = [target, intermediary2, intermediary1]
trusted = [root]
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]
import common
# Self-signed root certificate. Not saved to a .pem since the test doesn't need
# it.
root = common.create_self_signed_root_certificate('Root')
# Intermediary certificates. All have the same subject and key.
i_base = common.create_intermediary_certificate('I', root)
common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
i2 = common.create_intermediary_certificate('I', root)
i2.set_key_path(i_base.get_key_path())
common.write_string_to_file(i2.get_cert_pem(), 'i2.pem')
i3 = common.create_intermediary_certificate('I', root)
i3.set_key_path(i_base.get_key_path())
common.write_string_to_file(i3.get_cert_pem(), 'i3.pem')
# More Intermediary certificates, which are just to generate the proper config
# files so the target certs will have the desired Authority Information Access
# values. These ones aren't saved to files.
i_no_aia = common.create_intermediary_certificate('I', root)
i_no_aia.set_key_path(i_base.get_key_path())
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary, where the target is expired (violates
validity.notAfter). Verification is expected to fail."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate("Root")
root.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
# Intermediary certificate.
intermediary = common.create_intermediary_certificate("Intermediary", root)
intermediary.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
# Target certificate.
target = common.create_end_entity_certificate("Target", intermediary)
target.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC)
chain = [target, intermediary]
trusted = [root]
# Both the root and intermediary are valid at this time, however the
# target is not.
time = common.MARCH_2_2015_UTC
verify_result = False
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary and a trusted root. The trusted root
is NOT self signed, however its issuer is not included in the chain or root
store. Verification is expected to succeed since the root is trusted."""
import common
shadow_root = common.create_self_signed_root_certificate('ShadowRoot')
# Non-self-signed root (part of trust store).
root = common.create_intermediary_certificate('Root', shadow_root)
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = True
common.write_test_file(__doc__, chain, trusted, time, verify_result)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 2 intermediaries. The first intermediary has a basic
constraints path length of 0. The second one is self-issued so does not count
against the path length."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary with pathlen 0
intermediary1 = common.create_intermediary_certificate('Intermediary', root)
intermediary1.get_extensions().set_property('basicConstraints',
'critical,CA:true,pathlen:0')
# Another intermediary (with the same pathlen restriction).
# Note that this is self-issued but NOT self-signed.
intermediary2 = common.create_intermediary_certificate('Intermediary',
intermediary1)
intermediary2.get_extensions().set_property('basicConstraints',
'critical,CA:true,pathlen:0')
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary2)
chain = [target, intermediary2, intermediary1]
trusted = [root]
time = common.DEFAULT_TIME
import common
def write_cert_to_file(cert, filename):
common.write_string_to_file(
"Generated by %s.\n"
"Refer to generator script docstring for details.\n%s" %
(sys.argv[0], cert.get_cert_pem()), filename)
# Self-signed root certificate
root = common.create_self_signed_root_certificate('Root')
write_cert_to_file(root, 'root.pem')
# Intermediary certificates
i1_1 = common.create_intermediary_certificate('I1', root)
write_cert_to_file(i1_1, 'i1_1.pem')
# same name (after normalization), different key
i1_2 = common.create_intermediary_certificate('i1', root)
write_cert_to_file(i1_2, 'i1_2.pem')
# different name
i2 = common.create_intermediary_certificate('I2', root)
write_cert_to_file(i2, 'i2.pem')
# target certs
c1 = common.create_end_entity_certificate('C1', i1_1)
write_cert_to_file(c1, 'c1.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary, a trusted root, and a target
certificate that is also a CA. Verification is expected to succeed, as the test
code accepts any target certificate."""
import common
# Self-signed root certificate (part of trust store).
root = common.create_self_signed_root_certificate('Root')
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
# Target certificate (is also a CA)
target = common.create_intermediary_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = True
common.write_test_file(__doc__, chain, trusted, time, verify_result)
# found in the LICENSE file.
import os
import sys
sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]
import common
# Self-signed root certificate. Not saved to a .pem since the test doesn't need
# it.
root = common.create_self_signed_root_certificate('Root')
# Intermediary certificates. All have the same subject and key.
i_base = common.create_intermediary_certificate('I', root)
common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
i2 = common.create_intermediary_certificate('I', root)
i2.set_key_path(i_base.get_key_path())
common.write_string_to_file(i2.get_cert_pem(), 'i2.pem')
i3 = common.create_intermediary_certificate('I', root)
i3.set_key_path(i_base.get_key_path())
common.write_string_to_file(i3.get_cert_pem(), 'i3.pem')
# More Intermediary certificates, which are just to generate the proper config
# files so the target certs will have the desired Authority Information Access
# values. These ones aren't saved to files.
i_no_aia = common.create_intermediary_certificate('I', root)
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediary and a trusted root. The trusted root
is NOT self signed, however its issuer is not included in the chain or root
store. Verification is expected to succeed since the root is trusted."""
import common
shadow_root = common.create_self_signed_root_certificate('ShadowRoot')
# Non-self-signed root (part of trust store).
root = common.create_intermediary_certificate('Root', shadow_root)
# Intermediary certificate.
intermediary = common.create_intermediary_certificate('Intermediary', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediary)
chain = [target, intermediary]
trusted = [root]
time = common.DEFAULT_TIME
verify_result = True
common.write_test_file(__doc__, chain, trusted, time, verify_result)
def write_cert_to_file(cert, filename):
common.write_string_to_file(
"Generated by %s.\n"
"Refer to generator script docstring for details.\n%s" % (
sys.argv[0], cert.get_cert_pem()),
filename)
# Self-signed root certificate
root = common.create_self_signed_root_certificate('Root')
write_cert_to_file(root, 'root.pem')
# Intermediary certificates
i1_1 = common.create_intermediary_certificate('I1', root)
write_cert_to_file(i1_1, 'i1_1.pem')
# same name (after normalization), different key
i1_2 = common.create_intermediary_certificate('i1', root)
write_cert_to_file(i1_2, 'i1_2.pem')
# different name
i2 = common.create_intermediary_certificate('I2', root)
write_cert_to_file(i2, 'i2.pem')
# target certs
c1 = common.create_end_entity_certificate('C1', i1_1)
write_cert_to_file(c1, 'c1.pem')
All of these chains should verify successfully.
"""
import common
# The new certs should have a newer notbefore date than "old" certs. This should
# affect path builder sorting, but otherwise won't matter.
JANUARY_2_2015_UTC = '150102120000Z'
# Self-signed root certificates. Same name, different keys.
oldroot = common.create_self_signed_root_certificate('Root')
oldroot.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
newroot = common.create_self_signed_root_certificate('Root')
newroot.set_validity_range(JANUARY_2_2015_UTC, common.JANUARY_1_2016_UTC)
# Root with the new key signed by the old key.
newrootrollover = common.create_intermediary_certificate('Root', oldroot)
newrootrollover.set_key_path(newroot.get_key_path())
newrootrollover.set_validity_range(JANUARY_2_2015_UTC,
common.JANUARY_1_2016_UTC)
# Intermediate signed by oldroot.
oldintermediate = common.create_intermediary_certificate('Intermediate',
oldroot)
oldintermediate.set_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2016_UTC)
# Intermediate signed by newroot. Same key as oldintermediate.
newintermediate = common.create_intermediary_certificate('Intermediate',
newroot)
newintermediate.set_key_path(oldintermediate.get_key_path())
newintermediate.set_validity_range(JANUARY_2_2015_UTC,
common.JANUARY_1_2016_UTC)