Add CertIssuerSourceAia: authorityInfoAccess fetching for CertPathBuilder.

net/data/cert_issuer_source_aia_unittest/generate-certs.py

+#!/usr/bin/env python
+# Copyright 2016 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import os
+import sys
+sys.path += [os.path.join('..', 'verify_certificate_chain_unittest')]

[eroman, 2016/06/03 16:28:52]

I wonder if we should move this somewhere more generic?

[mattm, 2016/06/03 21:27:27]

Probably. I'm not sure where though. 

+
+import common
+
+
+# Self-signed root certificate. Not saved to a .pem since the test doesn't need
+# it.
+root = common.create_self_signed_root_certificate('Root')
+
+
+# Intermediary certificates. All have the same subject and key.
+i_base = common.create_intermediary_certificate('I', root)
+common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
+
+i2 = common.create_intermediary_certificate('I', root, key_from=i_base)
+common.write_string_to_file(i2.get_cert_pem(), 'i2.pem')
+
+i3 = common.create_intermediary_certificate('I', root, key_from=i_base)
+common.write_string_to_file(i3.get_cert_pem(), 'i3.pem')
+
+
+# More Intermediary certificates, which are just to generate the proper config
+# files so the target certs will have the desired Authority Information Access
+# values. These ones aren't saved to files.
+i_no_aia = common.create_intermediary_certificate('I', root, key_from=i_base)
+section = i_no_aia.config.get_section('signing_ca_ext')
+section.set_property('authorityInfoAccess', None)
+
+i_two_aia = common.create_intermediary_certificate('I', root, key_from=i_base)
+section = i_two_aia.config.get_section('issuer_info')
+section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
+
+i_three_aia = common.create_intermediary_certificate('I', root, key_from=i_base)
+section = i_three_aia.config.get_section('issuer_info')
+section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
+section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo')
+
+i_file_aia = common.create_intermediary_certificate('I', root, key_from=i_base)
+section = i_file_aia.config.get_section('issuer_info')
+section.set_property('caIssuers;URI.0', 'file:///dev/null')
+
+i_file_and_http_aia = common.create_intermediary_certificate('I', root,
+                                                             key_from=i_base)
+section = i_file_and_http_aia.config.get_section('issuer_info')
+section.set_property('caIssuers;URI.0', 'file:///dev/null')
+section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
+
+
+# target certs
+
+target = common.create_end_entity_certificate('target', i_base)
+common.write_string_to_file(target.get_cert_pem(), 'target_one_aia.pem')
+
+target = common.create_end_entity_certificate('target', i_no_aia)
+common.write_string_to_file(target.get_cert_pem(), 'target_no_aia.pem')
+
+target = common.create_end_entity_certificate('target', i_two_aia)
+common.write_string_to_file(target.get_cert_pem(), 'target_two_aia.pem')
+
+target = common.create_end_entity_certificate('target', i_three_aia)
+common.write_string_to_file(target.get_cert_pem(), 'target_three_aia.pem')
+
+target = common.create_end_entity_certificate('target', i_file_aia)
+common.write_string_to_file(target.get_cert_pem(), 'target_file_aia.pem')
+
+target = common.create_end_entity_certificate('target', i_file_and_http_aia)
+common.write_string_to_file(target.get_cert_pem(),
+                            'target_file_and_http_aia.pem')
+