| OLD | NEW |
| 1 #!/usr/bin/python | 1 #!/usr/bin/python |
| 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """Certificate chain with 1 intermediate, where the root certificate is expired | 6 """Certificate chain with 1 intermediate, where the root certificate is expired |
| 7 (violates validity.notAfter). Verification is expected to fail.""" | 7 (violates validity.notAfter). Verification is expected to succeed as |
| 8 constraints on trust anchors are not enforced..""" |
| 8 | 9 |
| 9 import common | 10 import common |
| 10 | 11 |
| 11 # Self-signed root certificate (part of trust store). | 12 # Self-signed root certificate (part of trust store). |
| 12 root = common.create_self_signed_root_certificate('Root') | 13 root = common.create_self_signed_root_certificate('Root') |
| 13 root.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC) | 14 root.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC) |
| 14 | 15 |
| 15 # Intermediate certificate. | 16 # Intermediate certificate. |
| 16 intermediate = common.create_intermediate_certificate('Intermediate', root) | 17 intermediate = common.create_intermediate_certificate('Intermediate', root) |
| 17 intermediate.set_validity_range(common.JANUARY_1_2015_UTC, | 18 intermediate.set_validity_range(common.JANUARY_1_2015_UTC, |
| 18 common.JANUARY_1_2016_UTC) | 19 common.JANUARY_1_2016_UTC) |
| 19 | 20 |
| 20 # Target certificate. | 21 # Target certificate. |
| 21 target = common.create_end_entity_certificate('Target', intermediate) | 22 target = common.create_end_entity_certificate('Target', intermediate) |
| 22 target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) | 23 target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) |
| 23 | 24 |
| 24 chain = [target, intermediate] | 25 chain = [target, intermediate] |
| 25 trusted = [root] | 26 trusted = [root] |
| 26 | 27 |
| 27 # Both the target and intermediate are valid at this time, however the | 28 # Both the target and intermediate are valid at this time, however the |
| 28 # root is not. | 29 # root is not. This doesn't matter since the root certificate is |
| 30 # just a delivery mechanism for the name + SPKI. |
| 29 time = common.MARCH_2_2015_UTC | 31 time = common.MARCH_2_2015_UTC |
| 30 verify_result = False | 32 verify_result = True |
| 31 | 33 |
| 32 common.write_test_file(__doc__, chain, trusted, time, verify_result) | 34 common.write_test_file(__doc__, chain, trusted, time, verify_result) |
| OLD | NEW |