Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 #!/usr/bin/python | |
| 2 # Copyright (c) 2017 The Chromium Authors. All rights reserved. | |
| 3 # Use of this source code is governed by a BSD-style license that can be | |
| 4 # found in the LICENSE file. | |
| 5 | |
| 6 """Generates a variety of chains where the target certificate varies in its key | |
| 7 type and key usages.""" | |
| 8 | |
| 9 import sys | |
| 10 sys.path += ['..'] | |
| 11 | |
| 12 import common | |
| 13 | |
| 14 # Self-signed root certificate (used as trust anchor). | |
| 15 root = common.create_self_signed_root_certificate('Root') | |
| 16 | |
| 17 # Intermediate certificate. | |
| 18 intermediate = common.create_intermediate_certificate('Intermediate', root) | |
| 19 | |
| 20 # Use either an RSA key, or EC key for the target certificiate. Generate the | |
| 21 # possible keys now. | |
| 22 rsa_key = common.get_or_generate_rsa_key( | |
| 23 2048, common.create_key_path('Target-rsa')) | |
| 24 ec_key = common.get_or_generate_ec_key( | |
| 25 'secp384r1', common.create_key_path('Target-ec')) | |
| 26 | |
| 27 KEY_TYPES = ['rsa', 'ec'] | |
| 28 KEY_USAGES = [ 'decipherOnly', | |
| 29 'digitalSignature', | |
| 30 'keyAgreement', | |
| 31 'keyEncipherment' ] | |
| 32 | |
| 33 # The proper key usage depends on the key purpose (serverAuth in this case), | |
| 34 # and the key type. Generate a variety of combinations. | |
| 35 for key_type in KEY_TYPES: | |
|
mattm
2017/05/04 01:10:12
probably overkill, so feel free to ignore this. Bu
eroman
2017/05/04 01:23:59
Done (good idea!)
| |
| 36 for key_usage in KEY_USAGES: | |
| 37 # Target certificate. | |
| 38 target = common.create_end_entity_certificate('Target', intermediate) | |
| 39 target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') | |
| 40 target.get_extensions().set_property('keyUsage', | |
| 41 'critical,%s' % (key_usage)) | |
| 42 | |
| 43 # Set the key. | |
| 44 key_path = common.create_key_path('%s-%s' % (target.name, key_type)) | |
| 45 if key_type == "rsa": | |
| 46 target.set_key(rsa_key) | |
| 47 elif key_type == "ec": | |
| 48 target.set_key(ec_key) | |
| 49 | |
| 50 chain = [target, intermediate, root] | |
| 51 description = ('Certificate chain where the target uses a %s key and has ' | |
| 52 'the single key usage %s') % (key_type.upper(), key_usage) | |
| 53 common.write_chain(description, chain, '%s-%s.pem' % (key_type, key_usage)) | |
| OLD | NEW |