def generate_chain(intermediate_digest_algorithm): # Self-signed root certificate. root = gencerts.create_self_signed_root_certificate('Root') # Intermediate certificate. intermediate = gencerts.create_intermediate_certificate( 'Intermediate', root) intermediate.set_signature_hash(intermediate_digest_algorithm) intermediate.get_extensions().set_property('extendedKeyUsage', 'nsSGC') # Target certificate. target = gencerts.create_end_entity_certificate('Target', intermediate) target.get_extensions().set_property('extendedKeyUsage', 'serverAuth,clientAuth') chain = [target, intermediate, root] gencerts.write_chain(__doc__, chain, '%s-chain.pem' % intermediate_digest_algorithm)
def generate_chain(intermediate_digest_algorithm): # Self-signed root certificate. root = gencerts.create_self_signed_root_certificate('Root') # Intermediate certificate. intermediate = gencerts.create_intermediate_certificate( 'Intermediate', root) intermediate.set_signature_hash(intermediate_digest_algorithm) intermediate.get_extensions().set_property('extendedKeyUsage', 'nsSGC') # Target certificate. target = gencerts.create_end_entity_certificate('Target', intermediate) target.get_extensions().set_property('extendedKeyUsage', 'serverAuth,clientAuth') # TODO(eroman): Set subjectAltName by default rather than specifically in # this test. target.get_extensions().set_property('subjectAltName', 'DNS:test.example') chain = [target, intermediate, root] gencerts.write_chain(__doc__, chain, '%s-chain.pem' % intermediate_digest_algorithm)
#!/usr/bin/python # Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain where the intermediate has an unknown critical extension.""" import sys sys.path += ['../..'] import gencerts # Self-signed root certificate. root = gencerts.create_self_signed_root_certificate('Root') # Intermediate that has an unknown critical extension. intermediate = gencerts.create_intermediate_certificate('Intermediate', root) intermediate.get_extensions().add_property('1.2.3.4', 'critical,DER:01:02:03:04') # Target certificate. target = gencerts.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate, root] gencerts.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python # Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain where the root certificate is not self-signed (or self-issued for that matter).""" import sys sys.path += ['../..'] import gencerts shadow_root = gencerts.create_self_signed_root_certificate('ShadowRoot') # Non-self-signed root certificate. root = gencerts.create_intermediate_certificate('Root', shadow_root) # Intermediate certificate. intermediate = gencerts.create_intermediate_certificate('Intermediate', root) # Target certificate. target = gencerts.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate, root] gencerts.write_chain(__doc__, chain, 'chain.pem')
# found in the LICENSE file. """ A chain with a self-signed Root1 and a Root1 cross signed by Root2. The cross-signed root has a newer notBefore date than the self-signed one. """ import sys sys.path += ['../..'] import gencerts DATE_A = '150101120000Z' DATE_B = '150102120000Z' DATE_Z = '180101120000Z' root1 = gencerts.create_self_signed_root_certificate('Root1') root1.set_validity_range(DATE_A, DATE_Z) root2 = gencerts.create_self_signed_root_certificate('Root2') root2.set_validity_range(DATE_A, DATE_Z) root1_cross = gencerts.create_intermediate_certificate('Root1', root2) root1_cross.set_key(root1.get_key()) root1_cross.set_validity_range(DATE_B, DATE_Z) target = gencerts.create_end_entity_certificate('Target', root1) target.set_validity_range(DATE_A, DATE_Z) gencerts.write_chain('Root1', [root1], out_pem='root1.pem') gencerts.write_chain('Root2', [root2], out_pem='root2.pem') gencerts.write_chain(