Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(33)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1414393008: Add scripts to generate simple test data for certificate verification. (Closed)

Created:
5 years, 1 month ago by eroman
Modified:
5 years ago
Reviewers:
mattm
CC:
chromium-reviews, chromium-apps-reviews_chromium.org, cbentzel+watch_chromium.org, extensions-reviews_chromium.org, mattm, Ryan Sleevi
Base URL:
https://chromium.googlesource.com/chromium/src.git@key_usages
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Add scripts to generate simple test data for certificate verification. The intent is to complement other path validation test suites (i.e PKITS). Certainly there is overlap, but the advantage is easier manipulation and addition of test cases. This introduces some python scripts and helpers that shell out to "openssl req" and "openssl ca" to generate certificate chains with certain properties. These certificate chains (and associated data for verification) are used as test data by the follow-up CL (https://codereview.chromium.org/1414923007) BUG=410574 Committed: https://crrev.com/e461b9127d35010e41e47cbb9f07a4bc25fc0866 Cr-Commit-Position: refs/heads/master@{#365922}

Patch Set 1 #

Total comments: 24

Patch Set 2 : Address Matt's feedback, and improve some comments #

Patch Set 3 : use __doc__ like a boss #

Total comments: 4

Patch Set 4 : rename functions from UpperCase() to hacker_case() #

Patch Set 5 : remove semicolons #

Patch Set 6 : rebase #

Patch Set 7 : rebase #

Patch Set 8 : add moar test #

Patch Set 9 : add another test #

Patch Set 10 : rebase #

Patch Set 11 : rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+7430 lines, -5 lines) Patch
A net/data/verify_certificate_chain_unittest/README View 1 chunk +29 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/basic-constraints-pathlen-0-self-issued.pem View 1 2 1 chunk +370 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/common.py View 1 2 3 4 1 chunk +417 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/expired-intermediary.pem View 1 2 1 chunk +280 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/expired-target.pem View 1 2 1 chunk +280 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/expired-target-notBefore.pem View 1 2 1 chunk +280 lines, -0 lines 0 comments Download
A + net/data/verify_certificate_chain_unittest/generate-all.sh View 1 2 3 4 5 6 7 8 9 10 1 chunk +10 lines, -5 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-basic-constraints-pathlen-0-self-issued.py View 1 2 3 1 chunk +35 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-expired-intermediary.py View 1 2 3 1 chunk +29 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-expired-target.py View 1 2 3 1 chunk +28 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-expired-target-notBefore.py View 1 2 3 1 chunk +28 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-basic-constraints-ca-false.py View 1 2 3 1 chunk +28 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-basic-constraints-not-critical.py View 1 2 3 1 chunk +28 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-lacks-basic-constraints.py View 1 2 3 1 chunk +27 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-lacks-signing-key-usage.py View 1 2 3 1 chunk +28 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-signed-with-md5.py View 1 2 3 1 chunk +27 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-unknown-critical-extension.py View 1 2 3 1 chunk +29 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-intermediary-unknown-non-critical-extension.py View 1 2 3 1 chunk +28 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-and-intermediary.py View 1 2 3 1 chunk +25 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-has-keycertsign-but-not-ca.py View 1 2 3 4 5 6 7 1 chunk +30 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-has-pathlen-but-not-ca.py View 1 2 3 4 5 6 7 1 chunk +29 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-not-end-entity.py View 1 2 3 4 5 6 7 1 chunk +26 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py View 1 2 3 1 chunk +27 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-signed-using-ecdsa.py View 1 2 3 1 chunk +26 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-signed-with-md5.py View 1 2 3 1 chunk +26 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-unknown-critical-extension.py View 1 2 3 4 5 6 7 8 1 chunk +29 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-target-wrong-signature.py View 1 2 3 1 chunk +32 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-unknown-root.py View 1 2 3 1 chunk +26 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/generate-violates-basic-constraints-pathlen-0.py View 1 2 3 1 chunk +34 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-basic-constraints-ca-false.pem View 1 2 1 chunk +281 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-basic-constraints-not-critical.pem View 1 2 1 chunk +282 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-lacks-basic-constraints.pem View 1 2 1 chunk +278 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-lacks-signing-key-usage.pem View 1 2 1 chunk +281 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-signed-with-md5.pem View 1 2 1 chunk +281 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-unknown-critical-extension.pem View 1 2 1 chunk +284 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/intermediary-unknown-non-critical-extension.pem View 1 2 1 chunk +284 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/openssl_conf.py View 1 2 3 1 chunk +136 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-and-intermediary.pem View 1 2 1 chunk +280 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-has-keycertsign-but-not-ca.pem View 1 2 3 4 5 6 7 1 chunk +282 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-has-pathlen-but-not-ca.pem View 1 2 3 4 5 6 7 1 chunk +283 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-not-end-entity.pem View 1 2 3 4 5 6 7 1 chunk +280 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-signed-by-512bit-rsa.pem View 1 2 1 chunk +248 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-signed-using-ecdsa.pem View 1 2 1 chunk +252 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-signed-with-md5.pem View 1 2 1 chunk +280 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-unknown-critical-extension.pem View 1 2 3 4 5 6 7 8 1 chunk +284 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/target-wrong-signature.pem View 1 2 1 chunk +281 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/unknown-root.pem View 1 2 1 chunk +192 lines, -0 lines 0 comments Download
A net/data/verify_certificate_chain_unittest/violates-basic-constraints-pathlen-0.pem View 1 2 1 chunk +370 lines, -0 lines 0 comments Download

Dependent Patchsets:

Issue 1414923007 Patch 240001

Messages

Total messages: 24 (12 generated)
eroman
5 years, 1 month ago (2015-10-28 02:00:36 UTC) #3
mattm
Nice. Mostly nit-picky comments. https://codereview.chromium.org/1414393008/diff/1/net/data/verify_certificate_chain_unittest/common.py File net/data/verify_certificate_chain_unittest/common.py (right): https://codereview.chromium.org/1414393008/diff/1/net/data/verify_certificate_chain_unittest/common.py#newcode19 net/data/verify_certificate_chain_unittest/common.py:19: sys.path.insert(0, os.path.dirname(__file__)) This is unnecessary, ...
5 years, 1 month ago (2015-10-29 01:47:18 UTC) #5
eroman
https://codereview.chromium.org/1414393008/diff/1/net/data/verify_certificate_chain_unittest/common.py File net/data/verify_certificate_chain_unittest/common.py (right): https://codereview.chromium.org/1414393008/diff/1/net/data/verify_certificate_chain_unittest/common.py#newcode19 net/data/verify_certificate_chain_unittest/common.py:19: sys.path.insert(0, os.path.dirname(__file__)) On 2015/10/29 01:47:18, mattm (OOO oct 30) ...
5 years, 1 month ago (2015-10-31 00:34:25 UTC) #6
mattm
lgtm https://codereview.chromium.org/1414393008/diff/40001/net/data/verify_certificate_chain_unittest/common.py File net/data/verify_certificate_chain_unittest/common.py (right): https://codereview.chromium.org/1414393008/diff/40001/net/data/verify_certificate_chain_unittest/common.py#newcode47 net/data/verify_certificate_chain_unittest/common.py:47: g_out_pem = None; unnecessary semicolons https://codereview.chromium.org/1414393008/diff/40001/net/data/verify_certificate_chain_unittest/openssl_conf.py File net/data/verify_certificate_chain_unittest/openssl_conf.py ...
5 years, 1 month ago (2015-11-02 19:40:39 UTC) #7
eroman
I also updated the naming style for function names (output from script I ran): replacing ...
5 years, 1 month ago (2015-11-02 20:51:43 UTC) #8
eroman
Removed Ryan as a reviewer. And adding David as FYI in case he wants to ...
5 years, 1 month ago (2015-11-02 21:12:35 UTC) #10
davidben
On 2015/11/02 21:12:35, eroman wrote: > Removed Ryan as a reviewer. > > And adding ...
5 years, 1 month ago (2015-11-19 21:21:28 UTC) #11
eroman
I added two new tests to this change: target-has-keycertsign-but-not-ca target-has-pathlen-but-not-ca
5 years ago (2015-12-03 03:18:32 UTC) #12
mattm
still lgtm
5 years ago (2015-12-17 02:40:31 UTC) #13
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1414393008/200001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1414393008/200001
5 years ago (2015-12-17 19:56:25 UTC) #20
commit-bot: I haz the power
Committed patchset #11 (id:200001)
5 years ago (2015-12-17 22:38:11 UTC) #22
commit-bot: I haz the power
5 years ago (2015-12-17 22:39:12 UTC) #24
Message was sent while issue was closed. 
Patchset 11 (id:??) landed as
https://crrev.com/e461b9127d35010e41e47cbb9f07a4bc25fc0866
Cr-Commit-Position: refs/heads/master@{#365922}

Powered by Google App Engine
This is Rietveld 408576698