# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate and a trust anchor. The trust anchor
has a basic constraints extension that indicates it is NOT a CA. Verification
is expected to succeed as constraints on the root certificate are not applied
to the trust anchor."""

import common

# Self-signed root certificate (used as trust anchor) with non-CA basic
# constraints.
root = common.create_self_signed_root_certificate('Root')
root.get_extensions().set_property('basicConstraints', 'critical,CA:false')

# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)

# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)

chain = [target, intermediate]
trusted = common.TrustAnchor(root, constrained=False)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = True
errors = None

common.write_test_file(__doc__, chain, trusted, time, key_purpose,
                       verify_result, errors)
Exemplo n.º 2
0
oldintermediate.set_validity_range(common.JANUARY_1_2015_UTC,
                                   common.JANUARY_1_2016_UTC)
# Intermediate signed by newroot. Same key as oldintermediate.
newintermediate = common.create_intermediate_certificate(
    'Intermediate', newroot)
newintermediate.set_key(oldintermediate.get_key())
newintermediate.set_validity_range(JANUARY_2_2015_UTC,
                                   common.JANUARY_1_2016_UTC)

# Target certificate.
target = common.create_end_entity_certificate('Target', oldintermediate)

oldchain = [target, oldintermediate]
rolloverchain = [target, newintermediate, newrootrollover]
longrolloverchain = [target, newintermediate, newroot, newrootrollover]
oldtrusted = common.TrustAnchor(oldroot, constrained=False)

newchain = [target, newintermediate]
newtrusted = common.TrustAnchor(newroot, constrained=False)

time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = True
errors = None

common.write_test_file(__doc__,
                       oldchain,
                       oldtrusted,
                       time,
                       key_purpose,
                       verify_result,
Exemplo n.º 3
0
import common

# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
root.get_extensions().set_property('basicConstraints',
                                   'critical,CA:true,pathlen:1')

# Intermediate 1 (no pathlen restriction).
intermediate1 = common.create_intermediate_certificate('Intermediate1', root)

# Intermediate 2 (no pathlen restriction).
intermediate2 = common.create_intermediate_certificate('Intermediate2',
                                                       intermediate1)

# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate2)

chain = [target, intermediate2, intermediate1]
trusted = common.TrustAnchor(root, constrained=True)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = False
errors = """----- Certificate i=1 (CN=Intermediate2) -----
ERROR: max_path_length reached

"""

common.write_test_file(__doc__, chain, trusted, time, key_purpose,
                       verify_result, errors)