Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Unified Diff: net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py

Issue 2859053002: Consolidate some more verify_certificate_chain_unittest/ data. (Closed)
Patch Set: fix comment Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py
diff --git a/net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py b/net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py
new file mode 100755
index 0000000000000000000000000000000000000000..e36f71a28280473380d8a7ed345ea1b4a3ecdc86
--- /dev/null
+++ b/net/data/verify_certificate_chain_unittest/target-serverauth-various-keyusages/generate-chains.py
@@ -0,0 +1,53 @@
+#!/usr/bin/python
+# Copyright (c) 2017 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""Generates a variety of chains where the target certificate varies in its key
+type and key usages."""
+
+import sys
+sys.path += ['..']
+
+import common
+
+# Self-signed root certificate (used as trust anchor).
+root = common.create_self_signed_root_certificate('Root')
+
+# Intermediate certificate.
+intermediate = common.create_intermediate_certificate('Intermediate', root)
+
+# Use either an RSA key, or EC key for the target certificiate. Generate the
+# possible keys now.
+rsa_key = common.get_or_generate_rsa_key(
+ 2048, common.create_key_path('Target-rsa'))
+ec_key = common.get_or_generate_ec_key(
+ 'secp384r1', common.create_key_path('Target-ec'))
+
+KEY_TYPES = ['rsa', 'ec']
+KEY_USAGES = [ 'decipherOnly',
+ 'digitalSignature',
+ 'keyAgreement',
+ 'keyEncipherment' ]
+
+# The proper key usage depends on the key purpose (serverAuth in this case),
+# and the key type. Generate a variety of combinations.
+for key_type in KEY_TYPES:
mattm 2017/05/04 01:10:12 probably overkill, so feel free to ignore this. Bu
eroman 2017/05/04 01:23:59 Done (good idea!)
+ for key_usage in KEY_USAGES:
+ # Target certificate.
+ target = common.create_end_entity_certificate('Target', intermediate)
+ target.get_extensions().set_property('extendedKeyUsage', 'serverAuth')
+ target.get_extensions().set_property('keyUsage',
+ 'critical,%s' % (key_usage))
+
+ # Set the key.
+ key_path = common.create_key_path('%s-%s' % (target.name, key_type))
+ if key_type == "rsa":
+ target.set_key(rsa_key)
+ elif key_type == "ec":
+ target.set_key(ec_key)
+
+ chain = [target, intermediate, root]
+ description = ('Certificate chain where the target uses a %s key and has '
+ 'the single key usage %s') % (key_type.upper(), key_usage)
+ common.write_chain(description, chain, '%s-%s.pem' % (key_type, key_usage))

Powered by Google App Engine
This is Rietveld 408576698