Exemplo n.º 1
0
def make_chain(name, doc, excluded, permitted, sans):
    # Intermediate certificate.
    intermediate = gencerts.create_intermediate_certificate(
        'Intermediate', root)
    intermediate.set_key(intermediate_key)
    add_excluded_name_constraints(intermediate, **excluded)
    add_permitted_name_constraints(intermediate, **permitted)

    # Target certificate.
    target = gencerts.create_end_entity_certificate('t0', intermediate)
    target.set_key(target_key)
    add_sans(target, **sans)

    chain = [target, intermediate, root]
    gencerts.write_chain(doc, chain, '%s.pem' % name)
Exemplo n.º 2
0
def generate_chain(intermediate_digest_algorithm):
    # Self-signed root certificate.
    root = gencerts.create_self_signed_root_certificate('Root')

    # Intermediate certificate.
    intermediate = gencerts.create_intermediate_certificate(
        'Intermediate', root)
    intermediate.set_signature_hash(intermediate_digest_algorithm)
    intermediate.get_extensions().set_property('extendedKeyUsage', 'nsSGC')

    # Target certificate.
    target = gencerts.create_end_entity_certificate('Target', intermediate)
    target.get_extensions().set_property('extendedKeyUsage',
                                         'serverAuth,clientAuth')

    chain = [target, intermediate, root]
    gencerts.write_chain(__doc__, chain,
                         '%s-chain.pem' % intermediate_digest_algorithm)
Exemplo n.º 3
0
def generate_chain(intermediate_digest_algorithm):
    # Self-signed root certificate.
    root = gencerts.create_self_signed_root_certificate('Root')

    # Intermediate certificate.
    intermediate = gencerts.create_intermediate_certificate(
        'Intermediate', root)
    intermediate.set_signature_hash(intermediate_digest_algorithm)
    intermediate.get_extensions().set_property('extendedKeyUsage', 'nsSGC')

    # Target certificate.
    target = gencerts.create_end_entity_certificate('Target', intermediate)
    target.get_extensions().set_property('extendedKeyUsage',
                                         'serverAuth,clientAuth')
    # TODO(eroman): Set subjectAltName by default rather than specifically in
    # this test.
    target.get_extensions().set_property('subjectAltName', 'DNS:test.example')

    chain = [target, intermediate, root]
    gencerts.write_chain(__doc__, chain,
                         '%s-chain.pem' % intermediate_digest_algorithm)
Exemplo n.º 4
0
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the intermediate has an unknown critical
extension."""

import sys
sys.path += ['../..']

import gencerts

# Self-signed root certificate.
root = gencerts.create_self_signed_root_certificate('Root')

# Intermediate that has an unknown critical extension.
intermediate = gencerts.create_intermediate_certificate('Intermediate', root)
intermediate.get_extensions().add_property('1.2.3.4',
                                           'critical,DER:01:02:03:04')

# Target certificate.
target = gencerts.create_end_entity_certificate('Target', intermediate)

chain = [target, intermediate, root]
gencerts.write_chain(__doc__, chain, 'chain.pem')
Exemplo n.º 5
0
newrootrollover = gencerts.create_intermediate_certificate('Root', oldroot)
newrootrollover.set_key(newroot.get_key())
newrootrollover.set_validity_range(JANUARY_2_2015_UTC,
                                   gencerts.JANUARY_1_2016_UTC)

# Intermediate signed by oldroot.
oldintermediate = gencerts.create_intermediate_certificate(
    'Intermediate', oldroot)
oldintermediate.set_validity_range(gencerts.JANUARY_1_2015_UTC,
                                   gencerts.JANUARY_1_2016_UTC)
# Intermediate signed by newroot. Same key as oldintermediate.
newintermediate = gencerts.create_intermediate_certificate(
    'Intermediate', newroot)
newintermediate.set_key(oldintermediate.get_key())
newintermediate.set_validity_range(JANUARY_2_2015_UTC,
                                   gencerts.JANUARY_1_2016_UTC)

# Target certificate.
target = gencerts.create_end_entity_certificate('Target', oldintermediate)

gencerts.write_chain(__doc__, [target, oldintermediate, oldroot],
                     out_pem="oldchain.pem")
gencerts.write_chain(__doc__,
                     [target, newintermediate, newrootrollover, oldroot],
                     out_pem="rolloverchain.pem")
gencerts.write_chain(
    __doc__, [target, newintermediate, newroot, newrootrollover, oldroot],
    out_pem="longrolloverchain.pem")
gencerts.write_chain(__doc__, [target, newintermediate, newroot],
                     out_pem="newchain.pem")
Exemplo n.º 6
0
int_different_ski_a.set_validity_range(DATE_A, DATE_Z)

int_different_ski_b = gencerts.create_intermediate_certificate(
    'Intermediate', root)
int_different_ski_b.set_validity_range(DATE_B, DATE_Z)
int_different_ski_b.set_key(int_different_ski_a.get_key())

int_different_ski_c = gencerts.create_intermediate_certificate(
    'Intermediate', root)
int_different_ski_c.set_validity_range(DATE_C, DATE_Z)
int_different_ski_c.set_key(int_different_ski_a.get_key())

target = gencerts.create_end_entity_certificate('Target', int_matching_ski_a)
target.set_validity_range(DATE_A, DATE_Z)

gencerts.write_chain('The root', [root], out_pem='root.pem')

gencerts.write_chain(
    'Intermediate with matching subjectKeyIdentifier and notBefore A',
    [int_matching_ski_a],
    out_pem='int_matching_ski_a.pem')

gencerts.write_chain(
    'Intermediate with matching subjectKeyIdentifier and notBefore B',
    [int_matching_ski_b],
    out_pem='int_matching_ski_b.pem')

gencerts.write_chain(
    'Intermediate with matching subjectKeyIdentifier and notBefore C',
    [int_matching_ski_c],
    out_pem='int_matching_ski_c.pem')
Exemplo n.º 7
0
root.set_validity_range(DATE_A, DATE_D)

int_ac = gencerts.create_intermediate_certificate('Intermediate', root)
int_ac.set_validity_range(DATE_A, DATE_C)

int_ad = gencerts.create_intermediate_certificate('Intermediate', root)
int_ad.set_validity_range(DATE_A, DATE_D)
int_ad.set_key(int_ac.get_key())

int_bc = gencerts.create_intermediate_certificate('Intermediate', root)
int_bc.set_validity_range(DATE_B, DATE_C)
int_bc.set_key(int_ac.get_key())

int_bd = gencerts.create_intermediate_certificate('Intermediate', root)
int_bd.set_validity_range(DATE_B, DATE_D)
int_bd.set_key(int_ac.get_key())

target = gencerts.create_end_entity_certificate('Target', int_ac)
target.set_validity_range(DATE_A, DATE_D)

gencerts.write_chain('The root', [root], out_pem='root.pem')
gencerts.write_chain('Intermediate with validity range A..C', [int_ac],
                     out_pem='int_ac.pem')
gencerts.write_chain('Intermediate with validity range A..D', [int_ad],
                     out_pem='int_ad.pem')
gencerts.write_chain('Intermediate with validity range B..C', [int_bc],
                     out_pem='int_bc.pem')
gencerts.write_chain('Intermediate with validity range B..D', [int_bd],
                     out_pem='int_bd.pem')
gencerts.write_chain('The target', [target], out_pem='target.pem')
Exemplo n.º 8
0
import sys
sys.path += ['../..']

import gencerts

DATE_A = '150101120000Z'
DATE_B = '150102120000Z'
DATE_Z = '180101120000Z'

root1 = gencerts.create_self_signed_root_certificate('Root1')
root1.set_validity_range(DATE_A, DATE_Z)

root2 = gencerts.create_self_signed_root_certificate('Root2')
root2.set_validity_range(DATE_A, DATE_Z)

root1_cross = gencerts.create_intermediate_certificate('Root1', root2)
root1_cross.set_key(root1.get_key())
root1_cross.set_validity_range(DATE_B, DATE_Z)

target = gencerts.create_end_entity_certificate('Target', root1)
target.set_validity_range(DATE_A, DATE_Z)

gencerts.write_chain('Root1', [root1], out_pem='root1.pem')
gencerts.write_chain('Root2', [root2], out_pem='root2.pem')
gencerts.write_chain(
    'Root1 cross-signed by Root2, with a newer notBefore date'
    ' than Root1', [root1_cross],
    out_pem='root1_cross.pem')
gencerts.write_chain('Target', [target], out_pem='target.pem')
Exemplo n.º 9
0
int_mismatch = gencerts.create_intermediate_certificate('Intermediate', root2)
int_mismatch.set_key(int_matching.get_key())
int_mismatch.set_validity_range(DATE_C, DATE_Z)

int_match_name_only = gencerts.create_intermediate_certificate(
    'Intermediate', root)
int_match_name_only.set_key(int_matching.get_key())
int_match_name_only.set_validity_range(DATE_B, DATE_Z)

section = int_matching.config.get_section('signing_ca_ext')
section.set_property('authorityKeyIdentifier', 'issuer:always')
target = gencerts.create_end_entity_certificate('Target', int_matching)
target.set_validity_range(DATE_A, DATE_Z)

gencerts.write_chain('The 1st root', [root], out_pem='root.pem')
gencerts.write_chain('The 2nd root', [root2], out_pem='root2.pem')

gencerts.write_chain('Intermediate with matching issuer name & serial',
                     [int_matching],
                     out_pem='int_matching.pem')

gencerts.write_chain('Intermediate with different issuer name & serial',
                     [int_mismatch],
                     out_pem='int_mismatch.pem')

gencerts.write_chain('Intermediate with same issuer name & different serial',
                     [int_match_name_only],
                     out_pem='int_match_name_only.pem')

gencerts.write_chain('The target', [target], out_pem='target.pem')
Exemplo n.º 10
0
    'ec':
    gencerts.get_or_generate_ec_key('secp384r1',
                                    gencerts.create_key_path('Target-ec'))
}

KEY_USAGES = [
    'decipherOnly', 'digitalSignature', 'keyAgreement', 'keyEncipherment'
]

# The proper key usage depends on the key purpose (serverAuth in this case),
# and the key type. Generate a variety of combinations.
for key_type in sorted(KEYS.keys()):
    for key_usage in KEY_USAGES:
        # Target certificate.
        target = gencerts.create_end_entity_certificate('Target', intermediate)
        target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
        target.get_extensions().set_property('keyUsage',
                                             'critical,%s' % (key_usage))

        # Set the key.
        target.set_key(KEYS[key_type])

        # Write the chain.
        chain = [target, intermediate, root]
        description = (
            'Certificate chain where the target certificate uses a %s '
            'key and has the single key usage %s') % (key_type.upper(),
                                                      key_usage)
        gencerts.write_chain(description, chain,
                             '%s-%s.pem' % (key_type, key_usage))