| OLD | NEW |
|---|
| 1 #!/usr/bin/python | 1 #!/usr/bin/python |
| 2 # Copyright (c) 2015 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2015 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """Set of helpers to generate signed X.509v3 certificates. | 6 """Set of helpers to generate signed X.509v3 certificates. |
| 7 | 7 |
| 8 This works by shelling out calls to the 'openssl req' and 'openssl ca' | 8 This works by shelling out calls to the 'openssl req' and 'openssl ca' |
| 9 commands, and passing the appropriate command line flags and configuration file | 9 commands, and passing the appropriate command line flags and configuration file |
| 10 (.cnf). | 10 (.cnf). |
| (...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 365 section = self.config.get_section('crl_ext') | 365 section = self.config.get_section('crl_ext') |
| 366 section.set_property('authorityKeyIdentifier', 'keyid:always') | 366 section.set_property('authorityKeyIdentifier', 'keyid:always') |
| 367 section.set_property('authorityInfoAccess', '@issuer_info') | 367 section.set_property('authorityInfoAccess', '@issuer_info') |
| 368 | 368 |
| 369 | 369 |
| 370 def data_to_pem(block_header, block_data): | 370 def data_to_pem(block_header, block_data): |
| 371 return '-----BEGIN %s-----\n%s\n-----END %s-----\n' % (block_header, | 371 return '-----BEGIN %s-----\n%s\n-----END %s-----\n' % (block_header, |
| 372 base64.b64encode(block_data), block_header) | 372 base64.b64encode(block_data), block_header) |
| 373 | 373 |
| 374 | 374 |
| 375 def write_test_file(description, chain, trusted_certs, utc_time, verify_result, | 375 class TrustAnchor(object): |
| 376 """Structure that represents a trust anchor.""" |
| 377 |
| 378 def __init__(self, cert, constrained=False): |
| 379 self.cert = cert |
| 380 self.constrained = constrained |
| 381 |
| 382 |
| 383 def get_pem(self): |
| 384 """Returns a PEM block string describing this trust anchor.""" |
| 385 |
| 386 cert_data = self.cert.get_cert_pem() |
| 387 block_name = 'TRUST_ANCHOR_UNCONSTRAINED' |
| 388 if self.constrained: |
| 389 block_name = 'TRUST_ANCHOR_CONSTRAINED' |
| 390 |
| 391 # Use a different block name in the .pem file, depending on the anchor type. |
| 392 return cert_data.replace('CERTIFICATE', block_name) |
| 393 |
| 394 |
| 395 def write_test_file(description, chain, trust_anchor, utc_time, verify_result, |
| 376 out_pem=None): | 396 out_pem=None): |
| 377 """Writes a test file that contains all the inputs necessary to run a | 397 """Writes a test file that contains all the inputs necessary to run a |
| 378 verification on a certificate chain""" | 398 verification on a certificate chain""" |
| 379 | 399 |
| 380 # Prepend the script name that generated the file to the description. | 400 # Prepend the script name that generated the file to the description. |
| 381 test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description) | 401 test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description) |
| 382 | 402 |
| 383 # Write the certificate chain to the output file. | 403 # Write the certificate chain to the output file. |
| 384 for cert in chain: | 404 for cert in chain: |
| 385 test_data += '\n' + cert.get_cert_pem() | 405 test_data += '\n' + cert.get_cert_pem() |
| 386 | 406 |
| 387 # Write the trust store. | 407 test_data += '\n' + trust_anchor.get_pem() |
| 388 for cert in trusted_certs: | |
| 389 cert_data = cert.get_cert_pem() | |
| 390 # Use a different block type in the .pem file. | |
| 391 cert_data = cert_data.replace('CERTIFICATE', 'TRUSTED_CERTIFICATE') | |
| 392 test_data += '\n' + cert_data | |
| 393 | |
| 394 test_data += '\n' + data_to_pem('TIME', utc_time) | 408 test_data += '\n' + data_to_pem('TIME', utc_time) |
| 395 | 409 |
| 396 verify_result_string = 'SUCCESS' if verify_result else 'FAIL' | 410 verify_result_string = 'SUCCESS' if verify_result else 'FAIL' |
| 397 test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string) | 411 test_data += '\n' + data_to_pem('VERIFY_RESULT', verify_result_string) |
| 398 | 412 |
| 399 write_string_to_file(test_data, out_pem if out_pem else g_out_pem) | 413 write_string_to_file(test_data, out_pem if out_pem else g_out_pem) |
| 400 | 414 |
| 401 | 415 |
| 402 def write_string_to_file(data, path): | 416 def write_string_to_file(data, path): |
| 403 with open(path, 'w') as f: | 417 with open(path, 'w') as f: |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 436 | 450 |
| 437 | 451 |
| 438 def create_intermediate_certificate(name, issuer): | 452 def create_intermediate_certificate(name, issuer): |
| 439 return Certificate(name, TYPE_CA, issuer) | 453 return Certificate(name, TYPE_CA, issuer) |
| 440 | 454 |
| 441 | 455 |
| 442 def create_end_entity_certificate(name, issuer): | 456 def create_end_entity_certificate(name, issuer): |
| 443 return Certificate(name, TYPE_END_ENTITY, issuer) | 457 return Certificate(name, TYPE_END_ENTITY, issuer) |
| 444 | 458 |
| 445 init(sys.argv[0]) | 459 init(sys.argv[0]) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2233233002:
Refactor some certificate verification tests in preparation to adding (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@trust_anchor