1#!/usr/bin/env python 2# Copyright 2017 The Chromium Authors 3# Use of this source code is governed by a BSD-style license that can be 4# found in the LICENSE file. 5 6"""Generates a variety of chains where the target certificate varies in its key 7type and key usages.""" 8 9import sys 10sys.path += ['../..'] 11 12import gencerts 13 14# Self-signed root certificate (used as trust anchor). 15root = gencerts.create_self_signed_root_certificate('Root') 16 17# Intermediate certificate. 18intermediate = gencerts.create_intermediate_certificate('Intermediate', root) 19 20# Use either an RSA key, or an EC key for the target certificate. Generate the 21# possible keys ahead of time so as not to duplicate the work. 22 23KEYS = { 24 'rsa': gencerts.get_or_generate_rsa_key( 25 2048, gencerts.create_key_path('Target-rsa')), 26 'ec': gencerts.get_or_generate_ec_key( 27 'secp384r1', gencerts.create_key_path('Target-ec')) 28}; 29 30KEY_USAGES = [ 'decipherOnly', 31 'digitalSignature', 32 'keyAgreement', 33 'keyEncipherment' ] 34 35# The proper key usage depends on the key purpose (serverAuth in this case), 36# and the key type. Generate a variety of combinations. 37for key_type in sorted(KEYS.keys()): 38 for key_usage in KEY_USAGES: 39 # Target certificate. 40 target = gencerts.create_end_entity_certificate('Target', intermediate) 41 target.get_extensions().set_property('extendedKeyUsage', 'serverAuth') 42 target.get_extensions().set_property('keyUsage', 43 'critical,%s' % (key_usage)) 44 45 # Set the key. 46 target.set_key(KEYS[key_type]) 47 48 # Write the chain. 49 chain = [target, intermediate, root] 50 description = ('Certificate chain where the target certificate uses a %s ' 51 'key and has the single key usage %s') % (key_type.upper(), 52 key_usage) 53 gencerts.write_chain(description, chain, 54 '%s-%s.pem' % (key_type, key_usage)) 55