Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(189)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/verify_certificate_chain_unittest/generate-constrained-root-bad-eku.py

Issue 2832703002: Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
Patch Set: address comments Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/data/verify_certificate_chain_unittest/constrained-root-bad-eku.pem ('k') | net/tools/cert_verify_tool/verify_using_path_builder.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/usr/bin/python 1 #!/usr/bin/python
2 # Copyright (c) 2017 The Chromium Authors. All rights reserved. 2 # Copyright (c) 2017 The Chromium Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 5
6 """Certificate chain with 1 intermediate and a trust anchor. The trust anchor 6 """Certificate chain with 1 intermediate and a trust anchor. The trust anchor
7 has an EKU that restricts it to clientAuth. Verification is expected to fail as 7 has an EKU that restricts it to clientAuth. Verification is expected to fail as
8 the end-entity is verified for serverAuth, and the trust anchor enforces 8 the end-entity is verified for serverAuth, and the trust anchor enforces
9 constraints.""" 9 constraints."""
10 10
11 import common 11 import common
12 12
13 # Self-signed root certificate (used as trust anchor) with non-CA basic 13 # Self-signed root certificate (used as trust anchor) with non-CA basic
14 # constraints. 14 # constraints.
15 root = common.create_self_signed_root_certificate('Root') 15 root = common.create_self_signed_root_certificate('Root')
16 root.get_extensions().set_property('extendedKeyUsage', 'clientAuth') 16 root.get_extensions().set_property('extendedKeyUsage', 'clientAuth')
17 17
18 # Intermediate certificate. 18 # Intermediate certificate.
19 intermediate = common.create_intermediate_certificate('Intermediate', root) 19 intermediate = common.create_intermediate_certificate('Intermediate', root)
20 20
21 # Target certificate. 21 # Target certificate.
22 target = common.create_end_entity_certificate('Target', intermediate) 22 target = common.create_end_entity_certificate('Target', intermediate)
23 23
24 chain = [target, intermediate] 24 chain = [target, intermediate]
25 trusted = common.TrustAnchor(root, constrained=True) 25 trusted = common.TrustAnchor(root, constrained=True)
26 time = common.DEFAULT_TIME 26 time = common.DEFAULT_TIME
27 key_purpose = common.KEY_PURPOSE_SERVER_AUTH 27 key_purpose = common.KEY_PURPOSE_SERVER_AUTH
28 verify_result = False 28 verify_result = False
29 errors = """----- Certificate i=2 ----- 29 errors = """----- Certificate i=2 (CN=Root) -----
30 ERROR: The extended key usage does not include server auth 30 ERROR: The extended key usage does not include server auth
31 31
32 """ 32 """
33 33
34 common.write_test_file(__doc__, chain, trusted, time, key_purpose, 34 common.write_test_file(__doc__, chain, trusted, time, key_purpose,
35 verify_result, errors) 35 verify_result, errors)
OLDNEW
« components/cast_certificate/cast_cert_validator_test_helpers.cc ('K') | « net/data/verify_certificate_chain_unittest/constrained-root-bad-eku.pem ('k') | net/tools/cert_verify_tool/verify_using_path_builder.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698