| Index: net/data/verify_certificate_chain_unittest/generate-serverauth-ec-ku-decipheronly.py
|
| diff --git a/net/data/verify_certificate_chain_unittest/generate-serverauth-ec-ku-decipheronly.py b/net/data/verify_certificate_chain_unittest/generate-serverauth-ec-ku-decipheronly.py
|
| new file mode 100755
|
| index 0000000000000000000000000000000000000000..4431180e9bbb48f6b815e43d77a57555d14d4787
|
| --- /dev/null
|
| +++ b/net/data/verify_certificate_chain_unittest/generate-serverauth-ec-ku-decipheronly.py
|
| @@ -0,0 +1,33 @@
|
| +#!/usr/bin/python
|
| +# Copyright (c) 2017 The Chromium Authors. All rights reserved.
|
| +# Use of this source code is governed by a BSD-style license that can be
|
| +# found in the LICENSE file.
|
| +
|
| +"""Certificate chain with 1 intermediate, a trusted root, and a target
|
| +certificate for serverAuth that has only decipherOnly."""
|
| +
|
| +import common
|
| +
|
| +# Self-signed root certificate (used as trust anchor).
|
| +root = common.create_self_signed_root_certificate('Root')
|
| +
|
| +# Intermediate certificate.
|
| +intermediate = common.create_intermediate_certificate('Intermediate', root)
|
| +
|
| +# Target certificate.
|
| +target = common.create_end_entity_certificate('Target', intermediate)
|
| +target.set_key(common.get_or_generate_ec_key(
|
| + 'secp384r1', common.create_key_path(target.name)))
|
| +target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
|
| +target.get_extensions().set_property('keyUsage', 'critical,decipherOnly')
|
| +
|
| +
|
| +chain = [target, intermediate]
|
| +trusted = common.TrustAnchor(root, constrained=False)
|
| +time = common.DEFAULT_TIME
|
| +key_purpose = common.KEY_PURPOSE_SERVER_AUTH
|
| +verify_result = True
|
| +errors = None
|
| +
|
| +common.write_test_file(__doc__, chain, trusted, time, key_purpose,
|
| + verify_result, errors)
|
|
|
Chromium Code Reviews
Issue 2813043002:
Add tests for keyUsage to the built-in cert verifier. (Closed)
