blob: 8dc14396cae4720e852deff5c14694c1466dd3d8 [file] [log] [blame]
#!/usr/bin/env python3
# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import os
import sys
sys.path += ['..']
import gencerts
# Generate the keys -- the same key is used for all intermediates and end entity
# certificates.
root_key = gencerts.get_or_generate_rsa_key(2048,
gencerts.create_key_path('root'))
i_key = gencerts.get_or_generate_rsa_key(2048, gencerts.create_key_path('i'))
target_key = gencerts.get_or_generate_rsa_key(
2048, gencerts.create_key_path('target'))
# Self-signed root certificate.
root = gencerts.create_self_signed_root_certificate('Root')
root.set_key(root_key)
gencerts.write_string_to_file(root.get_cert_pem(), 'root.pem')
# Intermediate certificates. All have the same subject and key.
i_base = gencerts.create_intermediate_certificate('I', root)
i_base.set_key(i_key)
gencerts.write_string_to_file(i_base.get_cert_pem(), 'i.pem')
i2 = gencerts.create_intermediate_certificate('I', root)
i2.set_key(i_key)
gencerts.write_string_to_file(i2.get_cert_pem(), 'i2.pem')
i3 = gencerts.create_intermediate_certificate('I', root)
i3.set_key(i_key)
gencerts.write_string_to_file(i3.get_cert_pem(), 'i3.pem')
# More Intermediate certificates, which are just to generate the proper config
# files so the target certs will have the desired Authority Information Access
# values. These ones aren't saved to files.
i_no_aia = gencerts.create_intermediate_certificate('I', root)
i_no_aia.set_key(i_key)
section = i_no_aia.config.get_section('signing_ca_ext')
section.set_property('authorityInfoAccess', None)
i_two_aia = gencerts.create_intermediate_certificate('I', root)
i_two_aia.set_key(i_key)
section = i_two_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
i_three_aia = gencerts.create_intermediate_certificate('I', root)
i_three_aia.set_key(i_key)
section = i_three_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo')
i_six_aia = gencerts.create_intermediate_certificate('I', root)
i_six_aia.set_key(i_key)
section = i_six_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
section.set_property('caIssuers;URI.2', 'http://url-for-aia3/I3.foo')
section.set_property('caIssuers;URI.3', 'http://url-for-aia4/I4.foo')
section.set_property('caIssuers;URI.4', 'http://url-for-aia5/I5.foo')
section.set_property('caIssuers;URI.5', 'http://url-for-aia6/I6.foo')
i_file_aia = gencerts.create_intermediate_certificate('I', root)
i_file_aia.set_key(i_key)
section = i_file_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.0', 'file:///dev/null')
i_invalid_url_aia = gencerts.create_intermediate_certificate('I', root)
i_invalid_url_aia.set_key(i_key)
section = i_invalid_url_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.0', 'foobar')
i_file_and_http_aia = gencerts.create_intermediate_certificate('I', root)
i_file_and_http_aia.set_key(i_key)
section = i_file_and_http_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.0', 'file:///dev/null')
section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
i_invalid_and_http_aia = gencerts.create_intermediate_certificate('I', root)
i_invalid_and_http_aia.set_key(i_key)
section = i_invalid_and_http_aia.config.get_section('issuer_info')
section.set_property('caIssuers;URI.0', 'foobar')
section.set_property('caIssuers;URI.1', 'http://url-for-aia2/I2.foo')
# target certs
target = gencerts.create_end_entity_certificate('target', i_base)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(), 'target_one_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_no_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(), 'target_no_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_two_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(), 'target_two_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_three_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(), 'target_three_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_six_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(), 'target_six_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_file_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(), 'target_file_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_invalid_url_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(),
'target_invalid_url_aia.pem')
target = gencerts.create_end_entity_certificate('target', i_file_and_http_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(),
'target_file_and_http_aia.pem')
target = gencerts.create_end_entity_certificate('target',
i_invalid_and_http_aia)
target.set_key(target_key)
target.get_extensions().set_property('subjectAltName', 'DNS:target')
gencerts.write_string_to_file(target.get_cert_pem(),
'target_invalid_and_http_aia.pem')