Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder.

net/data/verify_certificate_chain_unittest/common.py

 #!/usr/bin/python
 # Copyright (c) 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Set of helpers to generate signed X.509v3 certificates.
 
 This works by shelling out calls to the 'openssl req' and 'openssl ca'
 commands, and passing the appropriate command line flags and configuration file
 (.cnf).
@@ skipping 60 matching lines @@
 
 class Certificate(object):
   """Helper for building an X.509 certificate."""
 
   def __init__(self, name, cert_type, issuer):
     # The name will be used for the subject's CN, and also as a component of
     # the temporary filenames to help with debugging.
     self.name = name
     self.path_id = GetUniquePathId(name)
 
+    # If specified, use the key from this path instead of generating a new one.
+    self.key_path = None
+
     # The issuer is also a Certificate object. Passing |None| means it is a
     # self-signed certificate.
     self.issuer = issuer
     if issuer is None:
       self.issuer = self
 
     # The config contains all the OpenSSL options that will be passed via a
     # .cnf file. Set up defaults.
     self.config = openssl_conf.Config()
     self.init_config()
@@ skipping 34 matching lines @@
 
     # Initialize any files that will be needed if this certificate is used to
     # sign other certificates. Starts off serial numbers at 1, and will
     # increment them for each signed certificate.
     write_string_to_file('01\n', self.get_serial_path())
     write_string_to_file('', self.get_database_path())
 
 
   def generate_rsa_key(self, size_bits):
     """Generates an RSA private key for the certificate."""
+    assert self.key_path is None
     subprocess.check_call(
         ['openssl', 'genrsa', '-out', self.get_key_path(), str(size_bits)])
 
 
   def generate_ec_key(self, named_curve):
     """Generates an EC private key for the certificate. |named_curve| can be
     something like secp384r1"""
+    assert self.key_path is None
     subprocess.check_call(
         ['openssl', 'ecparam', '-out', self.get_key_path(),
          '-name', named_curve, '-genkey'])
 
 
   def set_validity_range(self, start_date, end_date):
     """Sets the Validity notBefore and notAfter properties for the
     certificate"""
     self.validity_flags = ['-startdate', start_date, '-enddate', end_date]
 
 
   def set_signature_hash(self, md):
     """Sets the hash function that will be used when signing this certificate.
     Can be sha1, sha256, sha512, md5, etc."""
     self.md_flags = ['-md', md]
 
 
   def get_extensions(self):
     return self.config.get_section('req_ext')
 
 
   def get_path(self, suffix):
     """Forms a path to an output file for this certificate, containing the
     indicated suffix. The certificate's name will be used as its basis."""
     return os.path.join(g_out_dir, '%s%s' % (self.path_id, suffix))
 
 
+  def set_key_path(self, path):
+    """Uses the key from the given path instead of generating a new one."""
+    self.key_path = path
+    section = self.config.get_section('root_ca')
+    section.set_property('private_key', self.get_key_path())
+
+
   def get_key_path(self):
+    if self.key_path is not None:
+      return self.key_path
     return self.get_path('.key')
 
 
   def get_cert_path(self):
     return self.get_path('.pem')
 
 
   def get_serial_path(self):
     return self.get_path('.serial')
 
@@ skipping 164 matching lines @@
     section = self.config.get_section('crl_ext')
     section.set_property('authorityKeyIdentifier', 'keyid:always')
     section.set_property('authorityInfoAccess', '@issuer_info')
 
 
 def data_to_pem(block_header, block_data):
   return '-----BEGIN %s-----\n%s\n-----END %s-----\n' % (block_header,
           base64.b64encode(block_data), block_header)
 
 
-def write_test_file(description, chain, trusted_certs, utc_time, verify_result):
+def write_test_file(description, chain, trusted_certs, utc_time, verify_result,
+                    out_pem=None):
   """Writes a test file that contains all the inputs necessary to run a
   verification on a certificate chain"""
 
   # Prepend the script name that generated the file to the description.
   test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description)
 
   # Write the certificate chain to the output file.
   for cert in chain:
     test_data += '\n' + cert.get_cert_pem()
 
   # Write the trust store.
   for cert in trusted_certs:
     cert_data = cert.get_cert_pem()
     # Use a different block type in the .pem file.
     cert_data = cert_data.replace('CERTIFICATE', 'TRUSTED_CERTIFICATE')
     test_data += '\n' + cert_data
 
   test_data += '\n' + data_to_pem('TIME', utc_time)
 
   verify_result_string = 'SUCCESS' if verify_result else 'FAIL'
   test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string)
 
-  write_string_to_file(test_data, g_out_pem)
+  write_string_to_file(test_data, out_pem if out_pem else g_out_pem)
 
 
 def write_string_to_file(data, path):
   with open(path, 'w') as f:
     f.write(data)
 
 
 def init(invoking_script_path):
   """Creates an output directory to contain all the temporary files that may be
   created, as well as determining the path for the final output. These paths
@@ skipping 26 matching lines @@
 
 
 def create_intermediary_certificate(name, issuer):
   return Certificate(name, TYPE_CA, issuer)
 
 
 def create_end_entity_certificate(name, issuer):
   return Certificate(name, TYPE_END_ENTITY, issuer)
 
 init(sys.argv[0])