net/data/verify_certificate_chain_unittest/generate-key-rollover.py - Issue 1923433002: Certificate path builder for new certificate verification library

Unified Diff: net/data/verify_certificate_chain_unittest/generate-key-rollover.py

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: wip: Make CertPathIter build the full path including the trust anchor Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« net/cert/internal/path_builder.h ('K') | « net/data/verify_certificate_chain_unittest/common.py ('k') | net/data/verify_certificate_chain_unittest/key-rollover-longrolloverchain.pem » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/data/verify_certificate_chain_unittest/generate-key-rollover.py

diff --git a/net/data/verify_certificate_chain_unittest/generate-key-rollover.py b/net/data/verify_certificate_chain_unittest/generate-key-rollover.py

new file mode 100755

index 0000000000000000000000000000000000000000..a83134d953c5bb01b77d1a4311483f0cd300d6aa

--- /dev/null

+++ b/net/data/verify_certificate_chain_unittest/generate-key-rollover.py

@@ -0,0 +1,59 @@

+#!/usr/bin/python

+# Use of this source code is governed by a BSD-style license that can be

+# found in the LICENSE file.

+"""XXX"""

+import common

+# The new certs should have a newer notbefore date than "old" certs. This should

+# affect path builder sorting, but otherwise won't matter.

+JANUARY_2_2015_UTC = '150102120000Z'

+# Self-signed root certificates. Same name, different keys.

+oldroot = common.create_self_signed_root_certificate('Root')

+oldroot.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)

+newroot = common.create_self_signed_root_certificate('Root')

+newroot.set_validity_range(JANUARY_2_2015_UTC, common.JANUARY_1_2016_UTC)

+# Root with the new key signed by the old key.

+newrootrollover = common.create_intermediary_certificate(

+ 'Root', oldroot, key_from=newroot)

+newrootrollover.set_validity_range(JANUARY_2_2015_UTC,

+ common.JANUARY_1_2016_UTC)

+# Intermediary signed by oldroot.

+oldintermediary = common.create_intermediary_certificate('Intermediary',

+ oldroot)

+oldintermediary.set_validity_range(common.JANUARY_1_2015_UTC,

+ common.JANUARY_1_2016_UTC)

+# Intermediary signed by newroot. Same key as oldintermediary.

+newintermediary = common.create_intermediary_certificate(

+ 'Intermediary', newroot, key_from=oldintermediary)

+newintermediary.set_validity_range(JANUARY_2_2015_UTC,

+ common.JANUARY_1_2016_UTC)

+# Target certificate.

+target = common.create_end_entity_certificate('Target', oldintermediary)

+oldchain = [target, oldintermediary]

+rolloverchain = [target, newintermediary, newrootrollover]

+longrolloverchain = [target, newintermediary, newroot, newrootrollover]

+oldtrusted = [oldroot]

+newchain = [target, newintermediary]

+newtrusted = [newroot]

+time = common.DEFAULT_TIME

+verify_result = True

+common.write_test_file(__doc__, oldchain, oldtrusted, time, verify_result,

+ out_pem="key-rollover-oldchain.pem")

+common.write_test_file(__doc__, rolloverchain, oldtrusted, time, verify_result,

+ out_pem="key-rollover-rolloverchain.pem")

+common.write_test_file(__doc__, longrolloverchain, oldtrusted, time,

+ verify_result,

+ out_pem="key-rollover-longrolloverchain.pem")

+common.write_test_file(__doc__, newchain, newtrusted, time, verify_result,

+ out_pem="key-rollover-newchain.pem")