def generate_rsa_cert(leaf_key_size): JAN_2015 = '150101120000Z' JAN_2018 = '180101120000Z' # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') root.set_validity_range(JAN_2015, JAN_2018) # Intermediate certificate. intermediate = common.create_intermediate_certificate('Intermediate', root) intermediate.set_validity_range(JAN_2015, JAN_2018) # Leaf certificate. leaf = common.create_end_entity_certificate( 'RSA %d Device Cert' % leaf_key_size, intermediate) leaf.get_extensions().set_property('extendedKeyUsage', 'clientAuth') device_key_path = common.create_key_path(leaf.name) leaf.set_key(common.get_or_generate_rsa_key(leaf_key_size, device_key_path)) leaf.set_validity_range(JAN_2015, JAN_2018) chain = [leaf, intermediate, root] chain_description = """Cast certificate chain where device certificate uses a %d-bit RSA key""" % leaf_key_size # Write the certificate chain. chain_path = 'rsa%d_device_cert.pem' % leaf_key_size common.write_chain(chain_description, chain, chain_path) # Write the the signed data file. create_signatures.create_signed_data( device_key_path, '../signeddata/rsa%d_device_cert_data.pem' % leaf_key_size, '../certificates/' + chain_path)
sys.path += ['..'] import common # Self-signed root certificate (used as trust anchor). root = common.create_self_signed_root_certificate('Root') # Intermediate certificate. intermediate = common.create_intermediate_certificate('Intermediate', root) # Use either an RSA key, or an EC key for the target certificate. Generate the # possible keys ahead of time so as not to duplicate the work. KEYS = { 'rsa': common.get_or_generate_rsa_key(2048, common.create_key_path('Target-rsa')), 'ec': common.get_or_generate_ec_key('secp384r1', common.create_key_path('Target-ec')) } KEY_USAGES = [ 'decipherOnly', 'digitalSignature', 'keyAgreement', 'keyEncipherment' ] # The proper key usage depends on the key purpose (serverAuth in this case), # and the key type. Generate a variety of combinations. for key_type in sorted(KEYS.keys()): for key_usage in KEY_USAGES: # Target certificate. target = common.create_end_entity_certificate('Target', intermediate)
# Copyright 2016 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import os import sys sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')] import common common.set_default_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2021_UTC) # Generate the keys -- the same key is used for all intermediates and end entity # certificates. root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root')) i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i')) target_key = common.get_or_generate_rsa_key(2048, common.create_key_path('target')) # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') root.set_key(root_key) common.write_string_to_file(root.get_cert_pem(), 'root.pem') # Intermediate certificates. All have the same subject and key. i_base = common.create_intermediate_certificate('I', root) i_base.set_key(i_key) common.write_string_to_file(i_base.get_cert_pem(), 'i.pem') i2 = common.create_intermediate_certificate('I', root)
#!/usr/bin/python # Copyright (c) 2017 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain with 1 intermediate, a trusted root, and a target certificate for serverAuth that has only digitalSignature.""" import sys sys.path += ['..'] import common # Self-signed root certificate (used as trust anchor). root = common.create_self_signed_root_certificate('Root') # Intermediate certificate. intermediate = common.create_intermediate_certificate('Intermediate', root) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) target.set_key( common.get_or_generate_rsa_key(2048, common.create_key_path(target.name))) target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') target.get_extensions().set_property('keyUsage', 'critical,digitalSignature') chain = [target, intermediate, root] common.write_chain(__doc__, chain, 'chain.pem')
# Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain with 1 intermediate and a trusted root. The target certificate is signed using a weak RSA key (512-bit modulus), and so verification is expected to fail.""" import common # Self-signed root certificate (used as trust anchor). root = common.create_self_signed_root_certificate('Root') # Intermediate with a very weak key size (512-bit RSA). intermediate = common.create_intermediate_certificate('Intermediate', root) intermediate.set_key( common.get_or_generate_rsa_key(512, common.create_key_path(intermediate.name))) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = False errors = """----- Certificate i=0 (CN=Target) ----- ERROR: RSA modulus too small actual: 512 minimum: 1024 ERROR: Unacceptable modulus length for RSA key ERROR: VerifySignedData failed
import sys sys.path += ['..'] import common # Self-signed root certificate (used as trust anchor). root = common.create_self_signed_root_certificate('Root') # Intermediate certificate. intermediate = common.create_intermediate_certificate('Intermediate', root) # Use either an RSA key, or an EC key for the target certificate. Generate the # possible keys ahead of time so as not to duplicate the work. KEYS = { 'rsa': common.get_or_generate_rsa_key(2048, common.create_key_path('Target-rsa')), 'ec': common.get_or_generate_ec_key('secp384r1', common.create_key_path('Target-ec')) }; KEY_USAGES = [ 'decipherOnly', 'digitalSignature', 'keyAgreement', 'keyEncipherment' ] # The proper key usage depends on the key purpose (serverAuth in this case), # and the key type. Generate a variety of combinations. for key_type in sorted(KEYS.keys()): for key_usage in KEY_USAGES: # Target certificate. target = common.create_end_entity_certificate('Target', intermediate)
# Copyright 2016 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import os import sys sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')] import common common.set_default_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2021_UTC) # Generate the keys -- the same key is used for all intermediates and end entity # certificates. root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root')) i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i')) target_key = common.get_or_generate_rsa_key(2048, common.create_key_path('target')) # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') root.set_key(root_key) common.write_string_to_file(root.get_cert_pem(), 'root.pem') # Intermediate certificates. All have the same subject and key. i_base = common.create_intermediate_certificate('I', root) i_base.set_key(i_key) common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
#!/usr/bin/python # Copyright (c) 2017 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Valid certificate chain where the target certificate contains a public key with a 512-bit modulus (weak).""" import sys sys.path += ['..'] import common # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') # Intermediate intermediate = common.create_intermediate_certificate('Intermediate', root) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) target.set_key(common.get_or_generate_rsa_key( 512, common.create_key_path(target.name))) chain = [target, intermediate, root] common.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python # Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain where the target certificate is signed using a weak RSA key (512-bit modulus).""" import sys sys.path += ['..'] import common # Self-signed root certificate. root = common.create_self_signed_root_certificate('Root') # Intermediate with a very weak key size (512-bit RSA). intermediate = common.create_intermediate_certificate('Intermediate', root) intermediate.set_key(common.get_or_generate_rsa_key( 512, common.create_key_path(intermediate.name))) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate, root] common.write_chain(__doc__, chain, 'chain.pem')