| Index: net/data/cert_issuer_source_aia_unittest/generate-certs.py
|
| diff --git a/net/data/cert_issuer_source_aia_unittest/generate-certs.py b/net/data/cert_issuer_source_aia_unittest/generate-certs.py
|
| index bda53fd2bda9a1ec956affebc49354b6e7e6c21c..ac94613db75838572ec3f23b3624bffdc1aaa7df 100755
|
| --- a/net/data/cert_issuer_source_aia_unittest/generate-certs.py
|
| +++ b/net/data/cert_issuer_source_aia_unittest/generate-certs.py
|
| @@ -12,22 +12,30 @@ import common
|
| common.set_default_validity_range(common.JANUARY_1_2015_UTC,
|
| common.JANUARY_1_2021_UTC)
|
|
|
| +# Generate the keys -- the same key is used for all intermediates and end entity
|
| +# certificates.
|
| +root_key = common.get_or_generate_rsa_key(2048, common.create_key_path('root'))
|
| +i_key = common.get_or_generate_rsa_key(2048, common.create_key_path('i'))
|
| +target_key = common.get_or_generate_rsa_key(2048,
|
| + common.create_key_path('target'))
|
|
|
| # Self-signed root certificate.
|
| root = common.create_self_signed_root_certificate('Root')
|
| +root.set_key(root_key)
|
| common.write_string_to_file(root.get_cert_pem(), 'root.pem')
|
|
|
|
|
| # Intermediate certificates. All have the same subject and key.
|
| i_base = common.create_intermediate_certificate('I', root)
|
| +i_base.set_key(i_key)
|
| common.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
|
|
|
| i2 = common.create_intermediate_certificate('I', root)
|
| -i2.set_key(i_base.get_key())
|
| +i2.set_key(i_key)
|
| common.write_string_to_file(i2.get_cert_pem(), 'i2.pem')
|
|
|
| i3 = common.create_intermediate_certificate('I', root)
|
| -i3.set_key(i_base.get_key())
|
| +i3.set_key(i_key)
|
| common.write_string_to_file(i3.get_cert_pem(), 'i3.pem')
|
|
|
|
|
| @@ -35,23 +43,23 @@ common.write_string_to_file(i3.get_cert_pem(), 'i3.pem')
|
| # files so the target certs will have the desired Authority Information Access
|
| # values. These ones aren't saved to files.
|
| i_no_aia = common.create_intermediate_certificate('I', root)
|
| -i_no_aia.set_key(i_base.get_key())
|
| +i_no_aia.set_key(i_key)
|
| section = i_no_aia.config.get_section('signing_ca_ext')
|
| section.set_property('authorityInfoAccess', None)
|
|
|
| i_two_aia = common.create_intermediate_certificate('I', root)
|
| -i_two_aia.set_key(i_base.get_key())
|
| +i_two_aia.set_key(i_key)
|
| section = i_two_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
|
|
|
| i_three_aia = common.create_intermediate_certificate('I', root)
|
| -i_three_aia.set_key(i_base.get_key())
|
| +i_three_aia.set_key(i_key)
|
| section = i_three_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
|
| section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo')
|
|
|
| i_six_aia = common.create_intermediate_certificate('I', root)
|
| -i_six_aia.set_key(i_base.get_key())
|
| +i_six_aia.set_key(i_key)
|
| section = i_six_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
|
| section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo')
|
| @@ -60,23 +68,23 @@ section.set_property('caIssuers;URI.4', 'http://url-for-aia5/I5.foo')
|
| section.set_property('caIssuers;URI.5', 'http://url-for-aia6/I6.foo')
|
|
|
| i_file_aia = common.create_intermediate_certificate('I', root)
|
| -i_file_aia.set_key(i_base.get_key())
|
| +i_file_aia.set_key(i_key)
|
| section = i_file_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.0', 'file:///dev/null')
|
|
|
| i_invalid_url_aia = common.create_intermediate_certificate('I', root)
|
| -i_invalid_url_aia.set_key(i_base.get_key())
|
| +i_invalid_url_aia.set_key(i_key)
|
| section = i_invalid_url_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.0', 'foobar')
|
|
|
| i_file_and_http_aia = common.create_intermediate_certificate('I', root)
|
| -i_file_and_http_aia.set_key(i_base.get_key())
|
| +i_file_and_http_aia.set_key(i_key)
|
| section = i_file_and_http_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.0', 'file:///dev/null')
|
| section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
|
|
|
| i_invalid_and_http_aia = common.create_intermediate_certificate('I', root)
|
| -i_invalid_and_http_aia.set_key(i_base.get_key())
|
| +i_invalid_and_http_aia.set_key(i_key)
|
| section = i_invalid_and_http_aia.config.get_section('issuer_info')
|
| section.set_property('caIssuers;URI.0', 'foobar')
|
| section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
|
| @@ -85,39 +93,48 @@ section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
|
| # target certs
|
|
|
| target = common.create_end_entity_certificate('target', i_base)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_one_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_no_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_no_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_two_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_two_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_three_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_three_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_six_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_six_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_file_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_file_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_invalid_url_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(), 'target_invalid_url_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_file_and_http_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(),
|
| 'target_file_and_http_aia.pem')
|
|
|
| target = common.create_end_entity_certificate('target', i_invalid_and_http_aia)
|
| +target.set_key(target_key)
|
| target.get_extensions().set_property('subjectAltName', 'DNS:target')
|
| common.write_string_to_file(target.get_cert_pem(),
|
| 'target_invalid_and_http_aia.pem')
|
|
|
Chromium Code Reviews
Issue 2797303006:
Save the private keys used by generated verify_certificate_chain tests. (Closed)
