• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/env python
2# Copyright 2019 The Chromium Authors
3# Use of this source code is governed by a BSD-style license that can be
4# found in the LICENSE file.
5
6"""
7A chain with multiple intermediates with different subjectKeyIdentifiers and
8notBefore dates, for testing path bulding prioritization.
9"""
10
11import sys
12sys.path += ['../..']
13
14import gencerts
15
16DATE_A = '150101120000Z'
17DATE_B = '150102120000Z'
18DATE_C = '150103120000Z'
19DATE_Z = '180101120000Z'
20
21
22root = gencerts.create_self_signed_root_certificate('Root')
23root.set_validity_range(DATE_A, DATE_Z)
24
25int_matching_ski_a = gencerts.create_intermediate_certificate('Intermediate',
26                                                              root)
27int_matching_ski_a.set_validity_range(DATE_A, DATE_Z)
28
29int_matching_ski_b = gencerts.create_intermediate_certificate('Intermediate',
30                                                              root)
31int_matching_ski_b.set_validity_range(DATE_B, DATE_Z)
32int_matching_ski_b.set_key(int_matching_ski_a.get_key())
33
34int_matching_ski_c = gencerts.create_intermediate_certificate('Intermediate',
35                                                              root)
36int_matching_ski_c.set_validity_range(DATE_C, DATE_Z)
37int_matching_ski_c.set_key(int_matching_ski_a.get_key())
38
39# For some reason, OpenSSL seems to require disabling SKID and AKID on the
40# parent cert in order to generate an intermediate cert without a SKID.
41root2 = gencerts.create_self_signed_root_certificate('Root')
42root2.set_key(root.get_key())
43section = root2.config.get_section('signing_ca_ext')
44section.remove_property('subjectKeyIdentifier')
45section.remove_property('authorityKeyIdentifier')
46
47int_no_ski_a = gencerts.create_intermediate_certificate('Intermediate', root2)
48int_no_ski_a.set_validity_range(DATE_A, DATE_Z)
49int_no_ski_a.set_key(int_matching_ski_a.get_key())
50section = int_no_ski_a.config.get_section('req_ext')
51section.remove_property('subjectKeyIdentifier')
52
53int_no_ski_b = gencerts.create_intermediate_certificate('Intermediate', root2)
54int_no_ski_b.set_validity_range(DATE_B, DATE_Z)
55int_no_ski_b.set_key(int_matching_ski_a.get_key())
56section = int_no_ski_b.config.get_section('req_ext')
57section.remove_property('subjectKeyIdentifier')
58
59int_no_ski_c = gencerts.create_intermediate_certificate('Intermediate', root2)
60int_no_ski_c.set_validity_range(DATE_C, DATE_Z)
61int_no_ski_c.set_key(int_matching_ski_a.get_key())
62section = int_no_ski_c.config.get_section('req_ext')
63section.remove_property('subjectKeyIdentifier')
64
65int_different_ski_a = gencerts.create_intermediate_certificate('Intermediate',
66                                                              root)
67int_different_ski_a.set_validity_range(DATE_A, DATE_Z)
68
69int_different_ski_b = gencerts.create_intermediate_certificate('Intermediate',
70                                                              root)
71int_different_ski_b.set_validity_range(DATE_B, DATE_Z)
72int_different_ski_b.set_key(int_different_ski_a.get_key())
73
74int_different_ski_c = gencerts.create_intermediate_certificate('Intermediate',
75                                                              root)
76int_different_ski_c.set_validity_range(DATE_C, DATE_Z)
77int_different_ski_c.set_key(int_different_ski_a.get_key())
78
79target = gencerts.create_end_entity_certificate('Target', int_matching_ski_a)
80target.set_validity_range(DATE_A, DATE_Z)
81
82
83gencerts.write_chain('The root', [root], out_pem='root.pem')
84
85gencerts.write_chain(
86    'Intermediate with matching subjectKeyIdentifier and notBefore A',
87    [int_matching_ski_a], out_pem='int_matching_ski_a.pem')
88
89gencerts.write_chain(
90    'Intermediate with matching subjectKeyIdentifier and notBefore B',
91    [int_matching_ski_b], out_pem='int_matching_ski_b.pem')
92
93gencerts.write_chain(
94    'Intermediate with matching subjectKeyIdentifier and notBefore C',
95    [int_matching_ski_c], out_pem='int_matching_ski_c.pem')
96
97gencerts.write_chain(
98    'Intermediate with no subjectKeyIdentifier and notBefore A',
99    [int_no_ski_a], out_pem='int_no_ski_a.pem')
100
101gencerts.write_chain(
102    'Intermediate with no subjectKeyIdentifier and notBefore B',
103    [int_no_ski_b], out_pem='int_no_ski_b.pem')
104
105gencerts.write_chain(
106    'Intermediate with no subjectKeyIdentifier and notBefore C',
107    [int_no_ski_c], out_pem='int_no_ski_c.pem')
108
109gencerts.write_chain(
110    'Intermediate with different subjectKeyIdentifier and notBefore A',
111    [int_different_ski_a], out_pem='int_different_ski_a.pem')
112
113gencerts.write_chain(
114    'Intermediate with different subjectKeyIdentifier and notBefore B',
115    [int_different_ski_b], out_pem='int_different_ski_b.pem')
116
117gencerts.write_chain(
118    'Intermediate with different subjectKeyIdentifier and notBefore C',
119    [int_different_ski_c], out_pem='int_different_ski_c.pem')
120
121gencerts.write_chain('The target', [target], out_pem='target.pem')
122
123