def set_path_len_constraint_neg(tbs, asn):
new_bc = x509.basic_constraints(True, asn, -2)
extensions = tbs['extensions']
tbs['extensions'] = [
new_bc if ext['extnID'] == x509.oid_map['basicConstraints'] else ext
for ext in extensions
]
def make_issuer_non_ca(tbs, asn):
new_bc = x509.basic_constraints(False, asn)
extensions = tbs['extensions']
tbs['extensions'] = [
new_bc if ext['extnID'] == x509.oid_map['basicConstraints'] else ext
for ext in extensions
]
def invalid_tbs(issuer_public_key, subject_public_key, issuer_cn, subject_cn,
additional_extensions, asn):
pub_info = x509.subject_public_key_info(subject_public_key, asn)
sigalg = x509.algorithm_identifier('sha256WithRSAEncryption')
issuer_cn = x509.attribute_type_and_value('commonName', issuer_cn)
issuer = x509.name([issuer_cn])
subject_cn = x509.attribute_type_and_value('commonName', subject_cn)
subject = x509.name([subject_cn])
valid = validity_field('not a time', misc.current_time_offset(365))
skid = x509.subject_key_identifier(subject_public_key, asn)
akid = x509.authority_key_identifier(issuer_public_key, asn)
usage = x509.key_usage(['digitalSignature', 'keyEncipherment'], asn)
bc = x509.basic_constraints(False, asn)
extensions = [akid, skid, usage, bc] + additional_extensions
tbs = {
'version': 2,
'serialNumber': 2,
'signature': sigalg,
'issuer': issuer,
'validity': valid,
'subject': subject,
'subjectPublicKeyInfo': pub_info,
'extensions': extensions
}
return tbs
def set_bc_not_critical(tbs, asn):
new_bc = x509.basic_constraints(True, asn)
new_bc['critical'] = False
extensions = tbs['extensions']
tbs['extensions'] = [
new_bc if ext['extnID'] == x509.oid_map['basicConstraints'] else ext
for ext in extensions
]
def create_duplicate_bc_extension(asn):
return x509.basic_constraints(False, asn)