def generate_rsa_cert(leaf_key_size):
JAN_2015 = '150101120000Z'
JAN_2018 = '180101120000Z'
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_validity_range(JAN_2015, JAN_2018)
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_validity_range(JAN_2015, JAN_2018)
# Leaf certificate.
leaf = common.create_end_entity_certificate(
'RSA %d Device Cert' % leaf_key_size, intermediate)
leaf.get_extensions().set_property('extendedKeyUsage', 'clientAuth')
device_key_path = common.create_key_path(leaf.name)
leaf.set_key(common.get_or_generate_rsa_key(leaf_key_size,
device_key_path))
leaf.set_validity_range(JAN_2015, JAN_2018)
chain = [leaf, intermediate, root]
chain_description = """Cast certificate chain where device certificate uses a
%d-bit RSA key""" % leaf_key_size
# Write the certificate chain.
chain_path = 'rsa%d_device_cert.pem' % leaf_key_size
common.write_chain(chain_description, chain, chain_path)
# Write the the signed data file.
create_signatures.create_signed_data(
device_key_path,
'../signeddata/rsa%d_device_cert_data.pem' % leaf_key_size,
'../certificates/' + chain_path)
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate, a trusted root, and a target
certificate for serverAuth that has only digitalSignature."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.set_key(common.get_or_generate_ec_key(
'secp384r1', common.create_key_path(target.name)))
target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
target.get_extensions().set_property('keyUsage', 'critical,digitalSignature')
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Use either an RSA key, or an EC key for the target certificate. Generate the
# possible keys ahead of time so as not to duplicate the work.
KEYS = {
'rsa':
common.get_or_generate_rsa_key(2048, common.create_key_path('Target-rsa')),
'ec':
common.get_or_generate_ec_key('secp384r1',
common.create_key_path('Target-ec'))
}
KEY_USAGES = [
'decipherOnly', 'digitalSignature', 'keyAgreement', 'keyEncipherment'
]
# The proper key usage depends on the key purpose (serverAuth in this case),
# and the key type. Generate a variety of combinations.
for key_type in sorted(KEYS.keys()):
for key_usage in KEY_USAGES:
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]
import common
common.set_default_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2021_UTC)
# Generate the keys -- the same key is used for all intermediates and end entity
# certificates.
root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root'))
i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i'))
target_key = common.get_or_generate_rsa_key(2048,
common.create_key_path('target'))
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_key(root_key)
common.write_string_to_file(root.get_cert_pem(), 'root.pem')
# Intermediate certificates. All have the same subject and key.
i_base = common.create_intermediate_certificate('I', root)
i_base.set_key(i_key)
common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
i2 = common.create_intermediate_certificate('I', root)
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate, a trusted root, and a target
certificate for serverAuth that has only digitalSignature."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.set_key(
common.get_or_generate_rsa_key(2048, common.create_key_path(target.name)))
target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
target.get_extensions().set_property('keyUsage', 'critical,digitalSignature')
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate and a trusted root. The target
certificate is signed using a weak RSA key (512-bit modulus), and so
verification is expected to fail."""
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate with a very weak key size (512-bit RSA).
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(
common.get_or_generate_rsa_key(512,
common.create_key_path(intermediate.name)))
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate]
trusted = common.TrustAnchor(root, constrained=False)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = False
errors = """----- Certificate i=0 (CN=Target) -----
ERROR: RSA modulus too small
actual: 512
minimum: 1024
ERROR: Unacceptable modulus length for RSA key
ERROR: VerifySignedData failed
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Use either an RSA key, or an EC key for the target certificate. Generate the
# possible keys ahead of time so as not to duplicate the work.
KEYS = {
'rsa': common.get_or_generate_rsa_key(2048,
common.create_key_path('Target-rsa')),
'ec': common.get_or_generate_ec_key('secp384r1',
common.create_key_path('Target-ec'))
};
KEY_USAGES = [ 'decipherOnly',
'digitalSignature',
'keyAgreement',
'keyEncipherment' ]
# The proper key usage depends on the key purpose (serverAuth in this case),
# and the key type. Generate a variety of combinations.
for key_type in sorted(KEYS.keys()):
for key_usage in KEY_USAGES:
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with 1 intermediate, a trusted root, and a target
certificate for serverAuth that has only keyEncipherment."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate (used as trust anchor).
root = common.create_self_signed_root_certificate('Root')
# Intermediate certificate.
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.set_key(
common.get_or_generate_ec_key('secp384r1',
common.create_key_path(target.name)))
target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
target.get_extensions().set_property('keyUsage', 'critical,keyEncipherment')
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]
import common
common.set_default_validity_range(common.JANUARY_1_2015_UTC,
common.JANUARY_1_2021_UTC)
# Generate the keys -- the same key is used for all intermediates and end entity
# certificates.
root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root'))
i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i'))
target_key = common.get_or_generate_rsa_key(2048,
common.create_key_path('target'))
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
root.set_key(root_key)
common.write_string_to_file(root.get_cert_pem(), 'root.pem')
# Intermediate certificates. All have the same subject and key.
i_base = common.create_intermediate_certificate('I', root)
i_base.set_key(i_key)
common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the root certificate holds an RSA key, intermediate
certificate holds an EC key, and target certificate holds an RSA key. The
target certificate has a valid signature using ECDSA."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate using an RSA key.
root = common.create_self_signed_root_certificate('Root')
# Intermediate using an EC key for the P-384 curve.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(common.get_or_generate_ec_key(
'secp384r1', common.create_key_path(intermediate.name)))
# Target certificate contains an RSA key (but is signed using ECDSA).
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain with a trusted root using RSA, and intermediate using EC,
and a target certificate using RSA. Verification is expected to succeed."""
import common
# Self-signed root certificate (used as trust anchor). using RSA.
root = common.create_self_signed_root_certificate('Root')
# Intermediate using an EC key for the P-384 curve.
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(common.get_or_generate_ec_key(
'secp384r1', common.create_key_path(intermediate.name)))
# Target certificate contains an RSA key (but is signed using ECDSA).
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate]
trusted = common.TrustAnchor(root, constrained=False)
time = common.DEFAULT_TIME
key_purpose = common.DEFAULT_KEY_PURPOSE
verify_result = True
errors = None
common.write_test_file(__doc__, chain, trusted, time, key_purpose,
verify_result, errors)
#!/usr/bin/python
# Copyright (c) 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Valid certificate chain where the target certificate contains a public key
with a 512-bit modulus (weak)."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate
intermediate = common.create_intermediate_certificate('Intermediate', root)
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
target.set_key(common.get_or_generate_rsa_key(
512, common.create_key_path(target.name)))
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')
#!/usr/bin/python
# Copyright (c) 2015 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
"""Certificate chain where the target certificate is signed using a weak RSA
key (512-bit modulus)."""
import sys
sys.path += ['..']
import common
# Self-signed root certificate.
root = common.create_self_signed_root_certificate('Root')
# Intermediate with a very weak key size (512-bit RSA).
intermediate = common.create_intermediate_certificate('Intermediate', root)
intermediate.set_key(common.get_or_generate_rsa_key(
512, common.create_key_path(intermediate.name)))
# Target certificate.
target = common.create_end_entity_certificate('Target', intermediate)
chain = [target, intermediate, root]
common.write_chain(__doc__, chain, 'chain.pem')