1#!/usr/bin/env python 2# Copyright 2017 The Chromium Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6"""Generates certificate chains where the intermediate contains netscape server 7gated crypto rather than serverAuth.""" 8 9import sys 10sys.path += ['../..'] 11 12import gencerts 13 14def generate_chain(intermediate_digest_algorithm): 15 # Self-signed root certificate. 16 root = gencerts.create_self_signed_root_certificate('Root') 17 18 # Intermediate certificate. 19 intermediate = gencerts.create_intermediate_certificate('Intermediate', root) 20 intermediate.set_signature_hash(intermediate_digest_algorithm) 21 intermediate.get_extensions().set_property('extendedKeyUsage', 22 'nsSGC') 23 24 # Target certificate. 25 target = gencerts.create_end_entity_certificate('Target', intermediate) 26 target.get_extensions().set_property('extendedKeyUsage', 27 'serverAuth,clientAuth') 28 # TODO(eroman): Set subjectAltName by default rather than specifically in 29 # this test. 30 target.get_extensions().set_property('subjectAltName', 'DNS:test.example') 31 32 chain = [target, intermediate, root] 33 gencerts.write_chain(__doc__, chain, 34 '%s-chain.pem' % intermediate_digest_algorithm) 35 36# Generate two chains, whose only difference is the digest algorithm used for 37# the intermediate's signature. 38for digest in ['sha1', 'sha256']: 39 generate_chain(digest) 40