| OLD | NEW |
| 1 #!/usr/bin/python | 1 #!/usr/bin/python |
| 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved. | 2 # Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """A certificate tree with two self-signed root certificates(oldroot, newroot), | 6 """A certificate tree with two self-signed root certificates(oldroot, newroot), |
| 7 and a third root certificate (newrootrollover) which has the same key as newroot | 7 and a third root certificate (newrootrollover) which has the same key as newroot |
| 8 but is signed by oldroot, all with the same subject and issuer. | 8 but is signed by oldroot, all with the same subject and issuer. |
| 9 There are two intermediates with the same key, subject and issuer | 9 There are two intermediates with the same key, subject and issuer |
| 10 (oldintermediate signed by oldroot, and newintermediate signed by newroot). | 10 (oldintermediate signed by oldroot, and newintermediate signed by newroot). |
| (...skipping 19 matching lines...) Expand all Loading... |
| 30 key-rollover-rolloverchain.pem: | 30 key-rollover-rolloverchain.pem: |
| 31 target<-newintermediate<-newrootrollover<-oldroot | 31 target<-newintermediate<-newrootrollover<-oldroot |
| 32 key-rollover-longrolloverchain.pem: | 32 key-rollover-longrolloverchain.pem: |
| 33 target<-newintermediate<-newroot<-newrootrollover<-oldroot | 33 target<-newintermediate<-newroot<-newrootrollover<-oldroot |
| 34 key-rollover-newchain.pem: | 34 key-rollover-newchain.pem: |
| 35 target<-newintermediate<-newroot | 35 target<-newintermediate<-newroot |
| 36 | 36 |
| 37 All of these chains should verify successfully. | 37 All of these chains should verify successfully. |
| 38 """ | 38 """ |
| 39 | 39 |
| 40 import sys |
| 41 sys.path += ['..'] |
| 42 |
| 40 import common | 43 import common |
| 41 | 44 |
| 42 # The new certs should have a newer notbefore date than "old" certs. This should | 45 # The new certs should have a newer notbefore date than "old" certs. This should |
| 43 # affect path builder sorting, but otherwise won't matter. | 46 # affect path builder sorting, but otherwise won't matter. |
| 44 JANUARY_2_2015_UTC = '150102120000Z' | 47 JANUARY_2_2015_UTC = '150102120000Z' |
| 45 | 48 |
| 46 # Self-signed root certificates. Same name, different keys. | 49 # Self-signed root certificates. Same name, different keys. |
| 47 oldroot = common.create_self_signed_root_certificate('Root') | 50 oldroot = common.create_self_signed_root_certificate('Root') |
| 48 oldroot.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) | 51 oldroot.set_validity_range(common.JANUARY_1_2015_UTC, common.JANUARY_1_2016_UTC) |
| 49 newroot = common.create_self_signed_root_certificate('Root') | 52 newroot = common.create_self_signed_root_certificate('Root') |
| (...skipping 12 matching lines...) Expand all Loading... |
| 62 # Intermediate signed by newroot. Same key as oldintermediate. | 65 # Intermediate signed by newroot. Same key as oldintermediate. |
| 63 newintermediate = common.create_intermediate_certificate('Intermediate', | 66 newintermediate = common.create_intermediate_certificate('Intermediate', |
| 64 newroot) | 67 newroot) |
| 65 newintermediate.set_key(oldintermediate.get_key()) | 68 newintermediate.set_key(oldintermediate.get_key()) |
| 66 newintermediate.set_validity_range(JANUARY_2_2015_UTC, | 69 newintermediate.set_validity_range(JANUARY_2_2015_UTC, |
| 67 common.JANUARY_1_2016_UTC) | 70 common.JANUARY_1_2016_UTC) |
| 68 | 71 |
| 69 # Target certificate. | 72 # Target certificate. |
| 70 target = common.create_end_entity_certificate('Target', oldintermediate) | 73 target = common.create_end_entity_certificate('Target', oldintermediate) |
| 71 | 74 |
| 72 oldchain = [target, oldintermediate] | 75 common.write_chain(__doc__, [target, oldintermediate, oldroot], |
| 73 rolloverchain = [target, newintermediate, newrootrollover] | 76 out_pem="oldchain.pem") |
| 74 longrolloverchain = [target, newintermediate, newroot, newrootrollover] | 77 common.write_chain(__doc__, [target, newintermediate, newrootrollover, oldroot], |
| 75 oldtrusted = common.TrustAnchor(oldroot, constrained=False) | 78 out_pem="rolloverchain.pem") |
| 76 | 79 common.write_chain(__doc__, |
| 77 newchain = [target, newintermediate] | 80 [target, newintermediate, newroot, newrootrollover, oldroot], |
| 78 newtrusted = common.TrustAnchor(newroot, constrained=False) | 81 out_pem="longrolloverchain.pem") |
| 79 | 82 common.write_chain(__doc__, [target, newintermediate, newroot], |
| 80 time = common.DEFAULT_TIME | 83 out_pem="newchain.pem") |
| 81 key_purpose = common.DEFAULT_KEY_PURPOSE | |
| 82 verify_result = True | |
| 83 errors = None | |
| 84 | |
| 85 common.write_test_file(__doc__, oldchain, oldtrusted, time, key_purpose, | |
| 86 verify_result, errors, | |
| 87 out_pem="key-rollover-oldchain.pem") | |
| 88 common.write_test_file(__doc__, rolloverchain, oldtrusted, time, key_purpose, | |
| 89 verify_result, errors, | |
| 90 out_pem="key-rollover-rolloverchain.pem") | |
| 91 common.write_test_file(__doc__, longrolloverchain, oldtrusted, time, | |
| 92 key_purpose, verify_result, errors, | |
| 93 out_pem="key-rollover-longrolloverchain.pem") | |
| 94 common.write_test_file(__doc__, newchain, newtrusted, time, key_purpose, | |
| 95 verify_result, errors, | |
| 96 out_pem="key-rollover-newchain.pem") | |
| OLD | NEW |