Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(114)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/verify_certificate_chain_unittest/generate-key-rollover.py

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: changes for review comment #20 Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain_unittest.cc ('k') | net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 #!/usr/bin/python
2 # Copyright (c) 2016 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file.
5
6 """A certificate tree with two self-signed root certificates(oldroot, newroot),
7 and a third root certificate (newrootrollover) which has the same key as newroot
8 but is signed by oldroot, all with the same subject and issuer.
9 There are two intermediates with the same key, subject and issuer
10 (oldintermediate signed by oldroot, and newintermediate signed by newroot).
11 The target certificate is signed by the intermediate key.
12
13
14 In graphical form:
15
16 oldroot-------->newrootrollover newroot
17 | | |
18 v v v
19 oldintermediate newintermediate
20 | |
21 +------------+-------------+
22 |
23 v
24 target
25
26
27 Several chains are output:
28 key-rollover-oldchain.pem:
29 target<-oldintermediate<-oldroot
30 key-rollover-rolloverchain.pem:
31 target<-newintermediate<-newrootrollover<-oldroot
32 key-rollover-longrolloverchain.pem:
33 target<-newintermediate<-newroot<-newrootrollover<-oldroot
34 key-rollover-newchain.pem:
35 target<-newintermediate<-newroot
36
37 All of these chains should verify successfully.
38 """
39
40 import common
41
42 # The new certs should have a newer notbefore date than "old" certs. This should
43 # affect path builder sorting, but otherwise won't matter.
44 JANUARY_2_2015_UTC = '150102120000Z'
45
46 # Self-signed root certificates. Same name, different keys.
47 oldroot = common.create_self_signed_root_certificate('Root')
48 oldroot.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
49 newroot = common.create_self_signed_root_certificate('Root')
50 newroot.set_validity_range(JANUARY_2_2015_UTC, common.JANUARY_1_2016_UTC)
51 # Root with the new key signed by the old key.
52 newrootrollover = common.create_intermediary_certificate('Root', oldroot)
53 newrootrollover.set_key_path(newroot.get_key_path())
54 newrootrollover.set_validity_range(JANUARY_2_2015_UTC,
55 common.JANUARY_1_2016_UTC)
56
57 # Intermediate signed by oldroot.
58 oldintermediate = common.create_intermediary_certificate('Intermediate',
59 oldroot)
60 oldintermediate.set_validity_range(common.JANUARY_1_2015_UTC,
61 common.JANUARY_1_2016_UTC)
62 # Intermediate signed by newroot. Same key as oldintermediate.
63 newintermediate = common.create_intermediary_certificate('Intermediate',
64 newroot)
65 newintermediate.set_key_path(oldintermediate.get_key_path())
66 newintermediate.set_validity_range(JANUARY_2_2015_UTC,
67 common.JANUARY_1_2016_UTC)
68
69 # Target certificate.
70 target = common.create_end_entity_certificate('Target', oldintermediate)
71
72 oldchain = [target, oldintermediate]
73 rolloverchain = [target, newintermediate, newrootrollover]
74 longrolloverchain = [target, newintermediate, newroot, newrootrollover]
75 oldtrusted = [oldroot]
76
77 newchain = [target, newintermediate]
78 newtrusted = [newroot]
79
80 time = common.DEFAULT_TIME
81 verify_result = True
82
83 common.write_test_file(__doc__, oldchain, oldtrusted, time, verify_result,
84 out_pem="key-rollover-oldchain.pem")
85 common.write_test_file(__doc__, rolloverchain, oldtrusted, time, verify_result,
86 out_pem="key-rollover-rolloverchain.pem")
87 common.write_test_file(__doc__, longrolloverchain, oldtrusted, time,
88 verify_result,
89 out_pem="key-rollover-longrolloverchain.pem")
90 common.write_test_file(__doc__, newchain, newtrusted, time, verify_result,
91 out_pem="key-rollover-newchain.pem")
92
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain_unittest.cc ('k') | net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698