Refactor VerifyCertificateChain test data to include a key purpose

net/data/verify_certificate_chain_unittest/common.py

 #!/usr/bin/python
 # Copyright (c) 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Set of helpers to generate signed X.509v3 certificates.
 
 This works by shelling out calls to the 'openssl req' and 'openssl ca'
 commands, and passing the appropriate command line flags and configuration file
 (.cnf).
@@ skipping 24 matching lines @@
 
 # January 1st, 2016 12:00 UTC
 JANUARY_1_2016_UTC = '160101120000Z'
 
 # January 1st, 2021 12:00 UTC
 JANUARY_1_2021_UTC = '210101120000Z'
 
 # The default time tests should use when verifying.
 DEFAULT_TIME = MARCH_2_2015_UTC
 
+KEY_PURPOSE_ANY = 'anyExtendedKeyUsage'
+KEY_PURPOSE_SERVER_AUTH = 'serverAuth'
+KEY_PURPOSE_CLIENT_AUTH = 'clientAuth'
+
+DEFAULT_KEY_PURPOSE = KEY_PURPOSE_SERVER_AUTH
+
 # Counters used to generate unique (but readable) path names.
 g_cur_path_id = {}
 
 # Output paths used:
 #   - g_out_dir: where any temporary files (keys, cert req, signing db etc) are
 #                saved to.
 #   - g_out_pem: the path to the final output (which is a .pem file)
 #
 # See init() for how these are assigned, based on the name of the calling
 # script.
@@ skipping 389 matching lines @@
 
     cert_data = self.cert.get_cert_pem()
     block_name = 'TRUST_ANCHOR_UNCONSTRAINED'
     if self.constrained:
       block_name = 'TRUST_ANCHOR_CONSTRAINED'
 
     # Use a different block name in the .pem file, depending on the anchor type.
     return cert_data.replace('CERTIFICATE', block_name)
 
 
-def write_test_file(description, chain, trust_anchor, utc_time, verify_result,
-                    errors, out_pem=None):
+def write_test_file(description, chain, trust_anchor, utc_time, key_purpose,
+                    verify_result, errors, out_pem=None):
   """Writes a test file that contains all the inputs necessary to run a
-  verification on a certificate chain"""
+  verification on a certificate chain."""
 
   # Prepend the script name that generated the file to the description.
   test_data = '[Created by: %s]\n\n%s\n' % (sys.argv[0], description)
 
   # Write the certificate chain to the output file.
   for cert in chain:
     test_data += '\n' + cert.get_cert_pem()
 
   test_data += '\n' + trust_anchor.get_pem()
   test_data += '\n' + text_data_to_pem('TIME', utc_time)
 
   verify_result_string = 'SUCCESS' if verify_result else 'FAIL'
   test_data += '\n' + text_data_to_pem('VERIFY_RESULT', verify_result_string)
 
+  test_data += '\n' + text_data_to_pem('KEY_PURPOSE', key_purpose)
+
   if errors is not None:
     test_data += '\n' + text_data_to_pem('ERRORS', errors)
 
   write_string_to_file(test_data, out_pem if out_pem else g_out_pem)
 
 
 def write_string_to_file(data, path):
   with open(path, 'w') as f:
     f.write(data)
 
@@ skipping 30 matching lines @@
 
 
 def create_intermediate_certificate(name, issuer):
   return Certificate(name, TYPE_CA, issuer)
 
 
 def create_end_entity_certificate(name, issuer):
   return Certificate(name, TYPE_END_ENTITY, issuer)
 
 init(sys.argv[0])