1#!/usr/bin/env python3 2# Copyright 2023 The Chromium Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5"""Certificate chain with policies and requireExplicitPolicy, including 6policies on the root which don't match the policies in the rest of the chain. 7This should fail to verify if the policies on the root are processed.""" 8 9import sys 10sys.path += ['../..'] 11 12import gencerts 13 14# Self-signed root certificate. 15root = gencerts.create_self_signed_root_certificate('Root') 16root.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.5') 17 18# Intermediate certificate. 19intermediate = gencerts.create_intermediate_certificate('Intermediate', root) 20intermediate.get_extensions().set_property('certificatePolicies', 21 'critical,1.2.3.4') 22intermediate.get_extensions().set_property('policyConstraints', 23 'critical,requireExplicitPolicy:0') 24 25# Target certificate. 26target = gencerts.create_end_entity_certificate('Target', intermediate) 27target.get_extensions().set_property('certificatePolicies', 'critical,1.2.3.4') 28 29chain = [target, intermediate, root] 30gencerts.write_chain(__doc__, chain, 'chain.pem') 31