Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(23)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/verify_certificate_chain_unittest/generate-unconstrained-root-basic-constraints-ca-false.py

Issue 2245643004: Support trust anchor constraints, by specifying them as a certificate. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: update gypi Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py ('k') | net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/python 1 #!/usr/bin/python
2 # Copyright (c) 2015 The Chromium Authors. All rights reserved. 2 # Copyright (c) 2015 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 """Certificate chain with 1 intermediate and a trusted root. The intermediate 6 """Certificate chain with 1 intermediate and a trust anchor. The trust anchor
7 has a basic constraints extension that indicates it is NOT a CA. Verification 7 has a basic constraints extension that indicates it is NOT a CA. Verification
8 is expected to fail.""" 8 is expected to succeed as constraints on the root certificate are not applied
9 to the trust anchor."""
9 10
10 import common 11 import common
11 12
12 # Self-signed root certificate (used as trust anchor). 13 # Self-signed root certificate (used as trust anchor) with non-CA basic
14 # constraints.
13 root = common.create_self_signed_root_certificate('Root') 15 root = common.create_self_signed_root_certificate('Root')
16 root.get_extensions().set_property('basicConstraints', 'critical,CA:false')
14 17
15 # Intermediate with incorrect basic constraints. 18 # Intermediate certificate.
16 intermediate = common.create_intermediate_certificate('Intermediate', root) 19 intermediate = common.create_intermediate_certificate('Intermediate', root)
17 intermediate.get_extensions().set_property('basicConstraints',
18 'critical,CA:false')
19 20
20 # Target certificate. 21 # Target certificate.
21 target = common.create_end_entity_certificate('Target', intermediate) 22 target = common.create_end_entity_certificate('Target', intermediate)
22 23
23 chain = [target, intermediate] 24 chain = [target, intermediate]
24 trusted = common.TrustAnchor(root, constrained=False) 25 trusted = common.TrustAnchor(root, constrained=False)
25 time = common.DEFAULT_TIME 26 time = common.DEFAULT_TIME
26 verify_result = False 27 verify_result = True
27 28
28 common.write_test_file(__doc__, chain, trusted, time, verify_result) 29 common.write_test_file(__doc__, chain, trusted, time, verify_result)
30
OLDNEW
« no previous file with comments | « net/data/verify_certificate_chain_unittest/generate-unconstrained-non-self-signed-root.py ('k') | net/data/verify_certificate_chain_unittest/generate-unconstrained-root-lacks-basic-constraints.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698