Consolidate some more verify_certificate_chain_unittest/ data.

net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py

+#!/usr/bin/python
+# Copyright (c) 2017 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""Generates a variety of chains where the target certificate varies in its key
+type and key usages."""
+
+import sys
+sys.path += ['..']
+
+import common
+
+# Self-signed root certificate (used as trust anchor).
+root = common.create_self_signed_root_certificate('Root')
+
+# Intermediate certificate.
+intermediate = common.create_intermediate_certificate('Intermediate', root)
+
+# Use either an RSA key, or EC key for the target certificiate. Generate the
+# possible keys now.
+rsa_key = common.get_or_generate_rsa_key(
+    2048, common.create_key_path('Target-rsa'))
+ec_key = common.get_or_generate_ec_key(
+    'secp384r1', common.create_key_path('Target-ec'))
+
+KEY_TYPES = ['rsa', 'ec']
+KEY_USAGES = [ 'decipherOnly',
+               'digitalSignature',
+               'keyAgreement',
+               'keyEncipherment' ]
+
+# The proper key usage depends on the key purpose (serverAuth in this case),
+# and the key type. Generate a variety of combinations.
+for key_type in KEY_TYPES:

[mattm, 2017/05/04 01:10:12]

probably overkill, so feel free to ignore this. But you could put the keys in a
dictionary, use "for key_type in sorted(keys.keys()):"  here (sorted so it's
stable), and target.set_key(keys[key_type]) below.

[eroman, 2017/05/04 01:23:59]

Done (good idea!)

+  for key_usage in KEY_USAGES:
+    # Target certificate.
+    target = common.create_end_entity_certificate('Target', intermediate)
+    target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
+    target.get_extensions().set_property('keyUsage',
+                                         'critical,%s' % (key_usage))
+
+    # Set the key.
+    key_path = common.create_key_path('%s-%s' % (target.name, key_type))
+    if key_type == "rsa":
+      target.set_key(rsa_key)
+    elif key_type == "ec":
+      target.set_key(ec_key)
+
+    chain = [target, intermediate, root]
+    description = ('Certificate chain where the target uses a %s key and has '
+                   'the single key usage %s') % (key_type.upper(), key_usage)
+    common.write_chain(description, chain, '%s-%s.pem' % (key_type, key_usage))