Chromium Code Reviews| Index: net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py |
| diff --git a/net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py b/net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py |
| new file mode 100755 |
| index 0000000000000000000000000000000000000000..e36f71a28280473380d8a7ed345ea1b4a3ecdc86 |
| --- /dev/null |
| +++ b/net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py |
| @@ -0,0 +1,53 @@ |
| +#!/usr/bin/python |
| +# Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| +# Use of this source code is governed by a BSD-style license that can be |
| +# found in the LICENSE file. |
| + |
| +"""Generates a variety of chains where the target certificate varies in its key |
| +type and key usages.""" |
| + |
| +import sys |
| +sys.path += ['..'] |
| + |
| +import common |
| + |
| +# Self-signed root certificate (used as trust anchor). |
| +root = common.create_self_signed_root_certificate('Root') |
| + |
| +# Intermediate certificate. |
| +intermediate = common.create_intermediate_certificate('Intermediate', root) |
| + |
| +# Use either an RSA key, or EC key for the target certificiate. Generate the |
| +# possible keys now. |
| +rsa_key = common.get_or_generate_rsa_key( |
| + 2048, common.create_key_path('Target-rsa')) |
| +ec_key = common.get_or_generate_ec_key( |
| + 'secp384r1', common.create_key_path('Target-ec')) |
| + |
| +KEY_TYPES = ['rsa', 'ec'] |
| +KEY_USAGES = [ 'decipherOnly', |
| + 'digitalSignature', |
| + 'keyAgreement', |
| + 'keyEncipherment' ] |
| + |
| +# The proper key usage depends on the key purpose (serverAuth in this case), |
| +# and the key type. Generate a variety of combinations. |
| +for key_type in KEY_TYPES: |
|
mattm
2017/05/04 01:10:12
probably overkill, so feel free to ignore this. Bu
eroman
2017/05/04 01:23:59
Done (good idea!)
|
| + for key_usage in KEY_USAGES: |
| + # Target certificate. |
| + target = common.create_end_entity_certificate('Target', intermediate) |
| + target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') |
| + target.get_extensions().set_property('keyUsage', |
| + 'critical,%s' % (key_usage)) |
| + |
| + # Set the key. |
| + key_path = common.create_key_path('%s-%s' % (target.name, key_type)) |
| + if key_type == "rsa": |
| + target.set_key(rsa_key) |
| + elif key_type == "ec": |
| + target.set_key(ec_key) |
| + |
| + chain = [target, intermediate, root] |
| + description = ('Certificate chain where the target uses a %s key and has ' |
| + 'the single key usage %s') % (key_type.upper(), key_usage) |
| + common.write_chain(description, chain, '%s-%s.pem' % (key_type, key_usage)) |