OLD | NEW |
1 #!/usr/bin/python | 1 #!/usr/bin/python |
2 # Copyright (c) 2015 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2015 The Chromium Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 | 5 |
6 """Certificate chain with 1 intermediate, a trusted root, and a target | 6 """Certificate chain with 1 intermediate, a trusted root, and a target |
7 certificate that is not a CA, and yet has the keyCertSign bit set. Verification | 7 certificate that is not a CA, and yet has the keyCertSign bit set. Verification |
8 is expected to fail, since keyCertSign should only be asserted when CA is | 8 is expected to fail, since keyCertSign should only be asserted when CA is |
9 true.""" | 9 true.""" |
10 | 10 |
11 import common | 11 import common |
12 | 12 |
13 # Self-signed root certificate (used as trust anchor). | 13 # Self-signed root certificate (used as trust anchor). |
14 root = common.create_self_signed_root_certificate('Root') | 14 root = common.create_self_signed_root_certificate('Root') |
15 | 15 |
16 # Intermediate certificate. | 16 # Intermediate certificate. |
17 intermediate = common.create_intermediate_certificate('Intermediate', root) | 17 intermediate = common.create_intermediate_certificate('Intermediate', root) |
18 | 18 |
19 # Target certificate (end entity but has keyCertSign bit set). | 19 # Target certificate (end entity but has keyCertSign bit set). |
20 target = common.create_end_entity_certificate('Target', intermediate) | 20 target = common.create_end_entity_certificate('Target', intermediate) |
21 target.get_extensions().set_property('keyUsage', | 21 target.get_extensions().set_property('keyUsage', |
22 'critical,digitalSignature,keyEncipherment,keyCertSign') | 22 'critical,digitalSignature,keyEncipherment,keyCertSign') |
23 | 23 |
24 | 24 |
25 chain = [target, intermediate] | 25 chain = [target, intermediate] |
26 trusted = common.TrustAnchor(root, constrained=False) | 26 trusted = common.TrustAnchor(root, constrained=False) |
27 time = common.DEFAULT_TIME | 27 time = common.DEFAULT_TIME |
28 verify_result = False | 28 verify_result = False |
29 errors = """[Context] Processing Certificate | 29 errors = """----- Certificate i=0 (CN=Target) ----- |
30 index: 1 | 30 ERROR: Target certificate looks like a CA but does not set all CA properties |
31 [Error] Target certificate looks like a CA but does not set all CA propert
ies | 31 |
32 """ | 32 """ |
33 | 33 |
34 common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) | 34 common.write_test_file(__doc__, chain, trusted, time, verify_result, errors) |
OLD | NEW |