#!/usr/bin/python # Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain with 1 intermediary, where the intermediary is expired (violates validity.notAfter). Verification is expected to fail.""" import common # Self-signed root certificate (part of trust store). root = common.create_self_signed_root_certificate('Root') # Intermediary certificate. intermediary = common.create_intermediary_certificate('Intermediary', root) intermediary.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) # Target certificate. target = common.create_end_entity_certificate('Target', intermediary) chain = [target, intermediary] trusted = [root] # March 2nd, 2016 midnight UTC time = '160302120000Z' verify_result = False common.write_test_file(__doc__, chain, trusted, time, verify_result)
rolloverchain = [target, newintermediate, newrootrollover] longrolloverchain = [target, newintermediate, newroot, newrootrollover] oldtrusted = common.TrustAnchor(oldroot, constrained=False) newchain = [target, newintermediate] newtrusted = common.TrustAnchor(newroot, constrained=False) time = common.DEFAULT_TIME key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None common.write_test_file(__doc__, oldchain, oldtrusted, time, key_purpose, verify_result, errors, out_pem="key-rollover-oldchain.pem") common.write_test_file(__doc__, rolloverchain, oldtrusted, time, key_purpose, verify_result, errors, out_pem="key-rollover-rolloverchain.pem") common.write_test_file(__doc__, longrolloverchain, oldtrusted, time,
#!/usr/bin/python # Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain with 1 intermediary and a trusted root. The intermediary lacks the basic constraints extension, and hence is expected to fail validation (RFC 5280 requires v3 signing certificates have a BasicConstaints).""" import common # Self-signed root certificate (part of trust store). root = common.create_self_signed_root_certificate('Root') # Intermediary that lacks basic constraints. intermediary = common.create_intermediary_certificate('Intermediary', root) intermediary.get_extensions().remove_property('basicConstraints') # Target certificate. target = common.create_end_entity_certificate('Target', intermediary) chain = [target, intermediary] trusted = [root] time = common.DEFAULT_TIME verify_result = False common.write_test_file(__doc__, chain, trusted, time, verify_result)
# Copyright (c) 2015 The Chromium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. """Certificate chain with 1 intermediate and a trust anchor. The trust anchor has a basic constraints extension that indicates it is NOT a CA. Verification is expected to succeed as constraints on the root certificate are not applied to the trust anchor.""" import common # Self-signed root certificate (used as trust anchor) with non-CA basic # constraints. root = common.create_self_signed_root_certificate('Root') root.get_extensions().set_property('basicConstraints', 'critical,CA:false') # Intermediate certificate. intermediate = common.create_intermediate_certificate('Intermediate', root) # Target certificate. target = common.create_end_entity_certificate('Target', intermediate) chain = [target, intermediate] trusted = common.TrustAnchor(root, constrained=False) time = common.DEFAULT_TIME key_purpose = common.DEFAULT_KEY_PURPOSE verify_result = True errors = None common.write_test_file(__doc__, chain, trusted, time, key_purpose, verify_result, errors)
newintermediate = common.create_intermediate_certificate('Intermediate', newroot) newintermediate.set_key(oldintermediate.get_key()) newintermediate.set_validity_range(JANUARY_2_2015_UTC, common.JANUARY_1_2016_UTC) # Target certificate. target = common.create_end_entity_certificate('Target', oldintermediate) oldchain = [target, oldintermediate] rolloverchain = [target, newintermediate, newrootrollover] longrolloverchain = [target, newintermediate, newroot, newrootrollover] oldtrusted = common.TrustAnchor(oldroot, constrained=False) newchain = [target, newintermediate] newtrusted = common.TrustAnchor(newroot, constrained=False) time = common.DEFAULT_TIME verify_result = True errors = None common.write_test_file(__doc__, oldchain, oldtrusted, time, verify_result, errors, out_pem="key-rollover-oldchain.pem") common.write_test_file(__doc__, rolloverchain, oldtrusted, time, verify_result, errors, out_pem="key-rollover-rolloverchain.pem") common.write_test_file(__doc__, longrolloverchain, oldtrusted, time, verify_result, errors, out_pem="key-rollover-longrolloverchain.pem") common.write_test_file(__doc__, newchain, newtrusted, time, verify_result, errors, out_pem="key-rollover-newchain.pem")