1#!/usr/bin/env python 2# Copyright 2016 The Chromium Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6"""Certificate chain with 2 intermediates and one end entity certificate. The 7root certificate has a pathlen:1 restriction. Ordinarily this would be an 8invalid chain, however constraints on this trust anchor are not enforced.""" 9 10import sys 11sys.path += ['../..'] 12 13import gencerts 14 15# Self-signed root certificate (used as trust anchor). 16root = gencerts.create_self_signed_root_certificate('Root') 17root.get_extensions().set_property('basicConstraints', 18 'critical,CA:true,pathlen:1') 19 20# Intermediate 1 (no pathlen restriction). 21intermediate1 = gencerts.create_intermediate_certificate('Intermediate1', root) 22 23# Intermediate 2 (no pathlen restriction). 24intermediate2 = gencerts.create_intermediate_certificate('Intermediate2', 25 intermediate1) 26 27# Target certificate. 28target = gencerts.create_end_entity_certificate('Target', intermediate2) 29 30chain = [target, intermediate2, intermediate1, root] 31gencerts.write_chain(__doc__, chain, 'chain.pem') 32