Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(137)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py

Issue 1890193003: Make Cast certificate verification enforce constraints specified in the trusted root certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: list datafiles for ios (needed following the rebase) Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py ('k') | net/data/verify_certificate_chain_unittest/non-self-signed-root.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/python 1 #!/usr/bin/python
2 # Copyright (c) 2015 The Chromium Authors. All rights reserved. 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 """Certificate chain with 2 intermediaries. The first intermediary has a basic 6 """Certificate chain with 2 intermediaries and one end entity certificate. The
7 constraints path length of 0, so it is a violation for it to have a subordinate 7 root certificate has a pathlen:1 restriction so this is an invalid chain."""
8 intermediary."""
9 8
10 import common 9 import common
11 10
12 # Self-signed root certificate (part of trust store). 11 # Self-signed root certificate (part of trust store).
13 root = common.create_self_signed_root_certificate('Root') 12 root = common.create_self_signed_root_certificate('Root')
13 root.get_extensions().set_property('basicConstraints',
14 'critical,CA:true,pathlen:1')
14 15
15 # Intermediary with pathlen 0 16 # Intermediary 1 (no pathlen restriction).
16 intermediary1 = common.create_intermediary_certificate('Intermediary1', root) 17 intermediary1 = common.create_intermediary_certificate('Intermediary1', root)
17 intermediary1.get_extensions().set_property('basicConstraints',
18 'critical,CA:true,pathlen:0')
19 18
20 # Another intermediary (with the same pathlen restriction) 19 # Intermediary 2 (no pathlen restriction).
21 intermediary2 = common.create_intermediary_certificate('Intermediary2', 20 intermediary2 = common.create_intermediary_certificate('Intermediary2',
22 intermediary1) 21 intermediary1)
23 intermediary2.get_extensions().set_property('basicConstraints',
24 'critical,CA:true,pathlen:0')
25 22
26 # Target certificate. 23 # Target certificate.
27 target = common.create_end_entity_certificate('Target', intermediary2) 24 target = common.create_end_entity_certificate('Target', intermediary2)
28 25
29 chain = [target, intermediary2, intermediary1] 26 chain = [target, intermediary2, intermediary1]
30 trusted = [root] 27 trusted = [root]
31 time = common.DEFAULT_TIME 28 time = common.DEFAULT_TIME
32 verify_result = False 29 verify_result = False
33 30
34 common.write_test_file(__doc__, chain, trusted, time, verify_result) 31 common.write_test_file(__doc__, chain, trusted, time, verify_result)
OLDNEW
« no previous file with comments | « net/data/verify_certificate_chain_unittest/generate-non-self-signed-root.py ('k') | net/data/verify_certificate_chain_unittest/non-self-signed-root.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698