Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(303)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/verify_certificate_chain_unittest/generate-expired-root.py

Issue 2225493003: Don't treat trust anchors as certificates during path building. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: address moar feedback Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/verify_certificate_chain_unittest/expired-root.pem ('k') | net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/python 1 #!/usr/bin/python
2 # Copyright (c) 2016 The Chromium Authors. All rights reserved. 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 """Certificate chain with 1 intermediate, where the root certificate is expired 6 """Certificate chain with 1 intermediate, where the root certificate is expired
7 (violates validity.notAfter). Verification is expected to fail.""" 7 (violates validity.notAfter). Verification is expected to succeed as
8 constraints on trust anchors are not enforced.."""
8 9
9 import common 10 import common
10 11
11 # Self-signed root certificate (part of trust store). 12 # Self-signed root certificate (part of trust store).
12 root = common.create_self_signed_root_certificate('Root') 13 root = common.create_self_signed_root_certificate('Root')
13 root.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC) 14 root.set_validity_range(common.JANUARY_1_2015_UTC, common.MARCH_1_2015_UTC)
14 15
15 # Intermediate certificate. 16 # Intermediate certificate.
16 intermediate = common.create_intermediate_certificate('Intermediate', root) 17 intermediate = common.create_intermediate_certificate('Intermediate', root)
17 intermediate.set_validity_range(common.JANUARY_1_2015_UTC, 18 intermediate.set_validity_range(common.JANUARY_1_2015_UTC,
18 common.JANUARY_1_2016_UTC) 19 common.JANUARY_1_2016_UTC)
19 20
20 # Target certificate. 21 # Target certificate.
21 target = common.create_end_entity_certificate('Target', intermediate) 22 target = common.create_end_entity_certificate('Target', intermediate)
22 target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) 23 target.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC)
23 24
24 chain = [target, intermediate] 25 chain = [target, intermediate]
25 trusted = [root] 26 trusted = [root]
26 27
27 # Both the target and intermediate are valid at this time, however the 28 # Both the target and intermediate are valid at this time, however the
28 # root is not. 29 # root is not. This doesn't matter since the root certificate is
30 # just a delivery mechanism for the name + SPKI.
29 time = common.MARCH_2_2015_UTC 31 time = common.MARCH_2_2015_UTC
30 verify_result = False 32 verify_result = True
31 33
32 common.write_test_file(__doc__, chain, trusted, time, verify_result) 34 common.write_test_file(__doc__, chain, trusted, time, verify_result)
OLDNEW
« no previous file with comments | « net/data/verify_certificate_chain_unittest/expired-root.pem ('k') | net/data/verify_certificate_chain_unittest/generate-violates-pathlen-1-root.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698