1#!/usr/bin/env python3 2# Copyright 2015 The Chromium Authors 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# https://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15 16import base64 17import copy 18import os 19import random 20import subprocess 21import sys 22import tempfile 23 24sys.path += [os.path.join('..', 'verify_name_match_unittest', 'scripts')] 25 26import generate_names 27 28 29def generate(s, out_fn): 30 conf_tempfile = tempfile.NamedTemporaryFile(mode='wt', encoding='utf-8') 31 conf_tempfile.write(str(s)) 32 conf_tempfile.flush() 33 der_tmpfile = tempfile.NamedTemporaryFile() 34 subprocess.check_call([ 35 'openssl', 'asn1parse', '-genconf', conf_tempfile.name, '-i', '-out', 36 der_tmpfile.name 37 ], 38 stdout=subprocess.DEVNULL) 39 conf_tempfile.close() 40 41 description_tmpfile = tempfile.NamedTemporaryFile() 42 subprocess.check_call(['der2ascii', '-i', der_tmpfile.name], 43 stdout=description_tmpfile) 44 45 output_file = open(out_fn, 'wb') 46 description_tmpfile.seek(0) 47 output_file.write(description_tmpfile.read()) 48 output_file.write(b'-----BEGIN %b-----\n' % s.token()) 49 output_file.write(base64.encodebytes(der_tmpfile.read())) 50 output_file.write(b'-----END %b-----\n' % s.token()) 51 output_file.close() 52 53 54class SubjectAltNameGenerator: 55 def __init__(self): 56 self.names = [] 57 58 def token(self): 59 return b"SUBJECT ALTERNATIVE NAME" 60 61 def add_name(self, general_name): 62 self.names.append(general_name) 63 64 def __str__(self): 65 s = "asn1 = SEQUENCE:subjectAltNameSequence\n" 66 s += "[subjectAltNameSequence]\n" 67 s_suffix = "" 68 for n, name in enumerate(self.names): 69 n1, n2 = (str(name) + '\n').split('\n', 1) 70 if n2: 71 s_suffix += n2 + '\n' 72 s += '%s%s\n' % (n, n1) 73 74 return s + s_suffix 75 76 77class NameConstraintsGenerator: 78 def __init__(self, 79 force_permitted_sequence=False, 80 force_excluded_sequence=False): 81 self.permitted = [] 82 self.excluded = [] 83 self.force_permitted_sequence = force_permitted_sequence 84 self.force_excluded_sequence = force_excluded_sequence 85 86 def token(self): 87 return b"NAME CONSTRAINTS" 88 89 def union_from(self, c): 90 self.permitted.extend(c.permitted) 91 self.excluded.extend(c.excluded) 92 93 def add_permitted(self, general_name): 94 self.permitted.append(general_name) 95 96 def add_excluded(self, general_name): 97 self.excluded.append(general_name) 98 99 def __str__(self): 100 s = "asn1 = SEQUENCE:nameConstraintsSequence\n[nameConstraintsSequence]\n" 101 102 if self.permitted or self.force_permitted_sequence: 103 s += "permittedSubtrees = IMPLICIT:0,SEQUENCE:permittedSubtreesSequence\n" 104 if self.excluded or self.force_excluded_sequence: 105 s += "excludedSubtrees = IMPLICIT:1,SEQUENCE:excludedSubtreesSequence\n" 106 107 if self.permitted or self.force_permitted_sequence: 108 s += "[permittedSubtreesSequence]\n" 109 for n, subtree in enumerate(self.permitted): 110 s += 'subtree%i = SEQUENCE:permittedSubtree%i\n' % (n, n) 111 112 if self.excluded or self.force_excluded_sequence: 113 s += "[excludedSubtreesSequence]\n" 114 for n, subtree in enumerate(self.excluded): 115 s += 'subtree%i = SEQUENCE:excludedSubtree%i\n' % (n, n) 116 117 for n, subtree in enumerate(self.permitted): 118 s += '[permittedSubtree%i]\n%s\n' % (n, subtree) 119 120 for n, subtree in enumerate(self.excluded): 121 s += '[excludedSubtree%i]\n%s\n' % (n, subtree) 122 123 return s 124 125 126def other_name(): 127 i = random.randint(0, sys.maxsize) 128 s = 'otherName = IMPLICIT:0,SEQUENCE:otherNameSequence%i\n' % i 129 s += '[otherNameSequence%i]\n' % i 130 s += 'type_id = OID:1.2.3.4.5\n' 131 s += 'value = FORMAT:HEX,OCTETSTRING:DEADBEEF\n' 132 return s 133 134 135def rfc822_name(name): 136 return 'rfc822Name = IMPLICIT:1,IA5STRING:' + name 137 138 139def dns_name(name): 140 return 'dNSName = IMPLICIT:2,IA5STRING:' + name 141 142 143def x400_address(): 144 i = random.randint(0, sys.maxsize) 145 s = 'x400Address = IMPLICIT:3,SEQUENCE:x400AddressSequence%i\n' % i 146 s += '[x400AddressSequence%i]\n' % i 147 s += 'builtinstandardattributes = SEQUENCE:BuiltInStandardAttributes%i\n' % i 148 s += '[BuiltInStandardAttributes%i]\n' % i 149 s += 'countryname = EXPLICIT:1A,PRINTABLESTRING:US\n' 150 return s 151 152 153def directory_name(name): 154 return str(name).replace( 155 'asn1 = SEQUENCE', 'directoryName = EXPLICIT:4,SEQUENCE') 156 157 158def edi_party_name(): 159 i = random.randint(0, sys.maxsize) 160 s = 'ediPartyName = IMPLICIT:5,SEQUENCE:ediPartyNameSequence%i\n' % i 161 s += '[ediPartyNameSequence%i]\n' % i 162 s += 'partyName = IMPLICIT:1,UTF8:foo\n' 163 return s 164 165 166def uniform_resource_identifier(name): 167 return 'uniformResourceIdentifier = IMPLICIT:6,IA5STRING:' + name 168 169 170def ip_address(addr, enforce_length=True): 171 if enforce_length: 172 assert len(addr) in (4,16) 173 addr_str = "" 174 for addr_byte in addr: 175 addr_str += '%02X'%(addr_byte) 176 return 'iPAddress = IMPLICIT:7,FORMAT:HEX,OCTETSTRING:' + addr_str 177 178 179def ip_address_range(addr, netmask, enforce_length=True): 180 if enforce_length: 181 assert len(addr) in (4,16) 182 addr_str = "" 183 netmask_str = "" 184 for addr_byte, mask_byte in zip(addr, netmask, strict=True): 185 assert (addr_byte & ~mask_byte) == 0 186 addr_str += '%02X'%(addr_byte) 187 netmask_str += '%02X'%(mask_byte) 188 return ('iPAddress = IMPLICIT:7,FORMAT:HEX,OCTETSTRING:' + addr_str + 189 netmask_str) 190 191 192def registered_id(oid): 193 return 'registeredID = IMPLICIT:8,OID:' + oid 194 195 196def with_min_max(val, minimum=None, maximum=None): 197 s = val 198 s += '\n' 199 assert '\n[' not in s 200 if minimum is not None: 201 s += 'minimum = IMPLICIT:0,INTEGER:%i\n' % minimum 202 if maximum is not None: 203 s += 'maximum = IMPLICIT:1,INTEGER:%i\n' % maximum 204 return s 205 206 207def main(): 208 dnsname_constraints = NameConstraintsGenerator() 209 dnsname_constraints.add_permitted(dns_name("permitted.example.com")) 210 dnsname_constraints.add_permitted(dns_name("permitted.example2.com")) 211 dnsname_constraints.add_permitted(dns_name("permitted.example3.com.")) 212 dnsname_constraints.add_permitted(dns_name("alsopermitted.example.com")) 213 dnsname_constraints.add_excluded(dns_name("excluded.permitted.example.com")) 214 dnsname_constraints.add_permitted( 215 dns_name("stillnotpermitted.excluded.permitted.example.com")) 216 dnsname_constraints.add_excluded(dns_name("extraneousexclusion.example.com")) 217 generate(dnsname_constraints, "dnsname.pem") 218 219 dnsname_constraints2 = NameConstraintsGenerator() 220 dnsname_constraints2.add_permitted(dns_name("com")) 221 dnsname_constraints2.add_excluded(dns_name("foo.bar.com")) 222 generate(dnsname_constraints2, "dnsname2.pem") 223 224 dnsname_constraints3 = NameConstraintsGenerator() 225 dnsname_constraints3.add_permitted(dns_name(".bar.com")) 226 generate(dnsname_constraints3, "dnsname-permitted_with_leading_dot.pem") 227 228 dnsname_constraints4 = NameConstraintsGenerator() 229 dnsname_constraints4.add_excluded(dns_name(".bar.com")) 230 generate(dnsname_constraints4, "dnsname-excluded_with_leading_dot.pem") 231 232 dnsname_constraints5 = NameConstraintsGenerator() 233 dnsname_constraints5.add_permitted(dns_name("..")) 234 generate(dnsname_constraints5, "dnsname-permitted_two_dot.pem") 235 236 c = NameConstraintsGenerator() 237 c.add_excluded(dns_name("excluded.permitted.example.com")) 238 generate(c, "dnsname-excluded.pem") 239 240 c = NameConstraintsGenerator() 241 c.add_permitted(dns_name("permitted.example.com")) 242 c.add_excluded(dns_name("")) 243 generate(c, "dnsname-excludeall.pem") 244 245 c = NameConstraintsGenerator() 246 c.add_permitted(dns_name("permitted.example.com")) 247 c.add_excluded(dns_name(".")) 248 generate(c, "dnsname-exclude_dot.pem") 249 250 ipaddress_constraints = NameConstraintsGenerator() 251 ipaddress_constraints.add_permitted( 252 ip_address_range((192,168,0,0),(255,255,0,0))) 253 ipaddress_constraints.add_excluded( 254 ip_address_range((192,168,5,0),(255,255,255,0))) 255 ipaddress_constraints.add_permitted( 256 ip_address_range((192,168,5,32),(255,255,255,224))) 257 ipaddress_constraints.add_permitted( 258 ip_address_range((192,167,5,32),(255,255,255,224))) 259 ipaddress_constraints.add_excluded( 260 ip_address_range((192,166,5,32),(255,255,255,224))) 261 ipaddress_constraints.add_permitted(ip_address_range( 262 (1,2,3,4,5,6,7,8,9,10,11,12,0,0,0,0), 263 (255,255,255,255,255,255,255,255,255,255,255,255,0,0,0,0))) 264 ipaddress_constraints.add_excluded(ip_address_range( 265 (1,2,3,4,5,6,7,8,9,10,11,12,5,0,0,0), 266 (255,255,255,255,255,255,255,255,255,255,255,255,255,0,0,0))) 267 ipaddress_constraints.add_permitted(ip_address_range( 268 (1,2,3,4,5,6,7,8,9,10,11,12,5,32,0,0), 269 (255,255,255,255,255,255,255,255,255,255,255,255,255,224,0,0))) 270 ipaddress_constraints.add_permitted(ip_address_range( 271 (1,2,3,4,5,6,7,8,9,10,11,11,5,32,0,0), 272 (255,255,255,255,255,255,255,255,255,255,255,255,255,224,0,0))) 273 ipaddress_constraints.add_excluded(ip_address_range( 274 (1,2,3,4,5,6,7,8,9,10,11,10,5,32,0,0), 275 (255,255,255,255,255,255,255,255,255,255,255,255,255,224,0,0))) 276 generate(ipaddress_constraints, "ipaddress.pem") 277 278 c = NameConstraintsGenerator() 279 c.add_permitted(ip_address_range((192,168,1,3),(255,255,255,255))) 280 generate(c, "ipaddress-permit_singlehost.pem") 281 282 c = NameConstraintsGenerator() 283 c.add_permitted(ip_address_range((0,0,0,0),(0,0,0,0))) 284 generate(c, "ipaddress-permit_all.pem") 285 286 c = NameConstraintsGenerator() 287 c.add_permitted(ip_address_range((0x80,0,0,0),(0x80,0,0,0))) 288 generate(c, "ipaddress-permit_prefix1.pem") 289 290 c = NameConstraintsGenerator() 291 c.add_permitted(ip_address_range((192,168,1,2),(255,255,255,254))) 292 generate(c, "ipaddress-permit_prefix31.pem") 293 294 c = NameConstraintsGenerator() 295 c.add_permitted(ip_address_range((192,168,1,0),(255,255,255,253))) 296 generate(c, "ipaddress-invalid_mask_not_contiguous_1.pem") 297 298 c = NameConstraintsGenerator() 299 c.add_permitted(ip_address_range((192,168,0,0),(255,253,0,0))) 300 generate(c, "ipaddress-invalid_mask_not_contiguous_2.pem") 301 302 c = NameConstraintsGenerator() 303 c.add_permitted(ip_address_range((0,0,0,0),(0x40,0,0,0))) 304 generate(c, "ipaddress-invalid_mask_not_contiguous_3.pem") 305 306 c = NameConstraintsGenerator() 307 c.add_permitted(ip_address_range((192,0,0,0),(0xFF,0,0xFF,0))) 308 generate(c, "ipaddress-invalid_mask_not_contiguous_4.pem") 309 310 c = NameConstraintsGenerator() 311 c.add_excluded(ip_address_range((192,168,5,0),(255,255,255,0))) 312 generate(c, "ipaddress-excluded.pem") 313 314 c = NameConstraintsGenerator() 315 c.add_permitted(ip_address_range((192,168,0,0),(255,255,0,0))) 316 c.add_permitted(ip_address_range((1,2,3,4,5,6,7,8,9,10,11,12,0,0,0,0), 317 (255,255,255,255,255,255,255,255, 318 255,255,255,255,0,0,0,0))) 319 c.add_excluded(ip_address_range((0,0,0,0),(0,0,0,0))) 320 c.add_excluded(ip_address_range((0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 321 (0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))) 322 generate(c, "ipaddress-excludeall.pem") 323 324 c = NameConstraintsGenerator() 325 c.add_permitted(ip_address_range((192,168,0,0),(255,255,255,0))) 326 c.add_permitted(ip_address_range((192,168,5,0,0),(255,255,255,0,0), 327 enforce_length=False)) 328 generate(c, "ipaddress-invalid_addr.pem") 329 330 v4_mapped_prefix = (0, ) * 10 + (255, ) * 2 331 v4_mapped_mask = (255, ) * 12 332 c = NameConstraintsGenerator() 333 c.add_permitted(ip_address_range((192, 168, 1, 0), (255, 255, 255, 0))) 334 c.add_excluded(ip_address_range((192, 168, 1, 1), (255, 255, 255, 255))) 335 c.add_excluded( 336 ip_address_range(v4_mapped_prefix + (192, 168, 1, 2), 337 v4_mapped_mask + (255, 255, 255, 255))) 338 c.add_permitted( 339 ip_address_range(v4_mapped_prefix + (192, 168, 2, 0), 340 v4_mapped_mask + (255, 255, 255, 0))) 341 c.add_excluded( 342 ip_address_range(v4_mapped_prefix + (192, 168, 2, 1), 343 v4_mapped_mask + (255, 255, 255, 255))) 344 c.add_excluded(ip_address_range((192, 168, 2, 2), (255, 255, 255, 255))) 345 generate(c, "ipaddress-mapped_addrs.pem") 346 347 n_us = generate_names.NameGenerator() 348 n_us.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'US') 349 generate(n_us, "name-us.pem") 350 n_us_az = copy.deepcopy(n_us) 351 n_us_az.add_rdn().add_attr('stateOrProvinceName', 'UTF8', 'Arizona') 352 generate(n_us_az, "name-us-arizona.pem") 353 n_us_ca = copy.deepcopy(n_us) 354 n_us_ca.add_rdn().add_attr('stateOrProvinceName', 'UTF8', 'California') 355 generate(n_us_ca, "name-us-california.pem") 356 n_us_ca_mountain_view = copy.deepcopy(n_us_ca) 357 n_us_ca_mountain_view.add_rdn().add_attr( 358 'localityName', 'UTF8', 'Mountain View') 359 generate(n_us_ca_mountain_view, "name-us-california-mountain_view.pem") 360 361 n_jp = generate_names.NameGenerator() 362 n_jp.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'JP') 363 generate(n_jp, "name-jp.pem") 364 n_jp_tokyo = copy.deepcopy(n_jp) 365 n_jp_tokyo.add_rdn().add_attr('stateOrProvinceName', 'UTF8', '\u6771\u4eac', 366 'FORMAT:UTF8') 367 generate(n_jp_tokyo, "name-jp-tokyo.pem") 368 369 n_us_az_foodotcom = copy.deepcopy(n_us_az) 370 n_us_az_foodotcom.add_rdn().add_attr('commonName', 'UTF8', 'foo.com') 371 generate(n_us_az_foodotcom, "name-us-arizona-foo.com.pem") 372 373 n_us_az_permittedexamplecom = copy.deepcopy(n_us_az) 374 n_us_az_permittedexamplecom.add_rdn().add_attr('commonName', 'UTF8', 375 'permitted.example.com') 376 generate(n_us_az_permittedexamplecom, 377 "name-us-arizona-permitted.example.com.pem") 378 379 n_us_ca_permittedexamplecom = copy.deepcopy(n_us_ca) 380 n_us_ca_permittedexamplecom.add_rdn().add_attr('commonName', 'UTF8', 381 'permitted.example.com') 382 generate(n_us_ca_permittedexamplecom, 383 "name-us-california-permitted.example.com.pem") 384 385 n_us_az_ip1111 = copy.deepcopy(n_us_az) 386 n_us_az_ip1111.add_rdn().add_attr('commonName', 'UTF8', '1.1.1.1') 387 generate(n_us_az_ip1111, "name-us-arizona-1.1.1.1.pem") 388 389 n_us_az_192_168_1_1 = copy.deepcopy(n_us_az) 390 n_us_az_192_168_1_1.add_rdn().add_attr('commonName', 'UTF8', '192.168.1.1') 391 generate(n_us_az_192_168_1_1, "name-us-arizona-192.168.1.1.pem") 392 393 n_us_az_ipv6 = copy.deepcopy(n_us_az) 394 n_us_az_ipv6.add_rdn().add_attr('commonName', 'UTF8', 395 '102:304:506:708:90a:b0c::1') 396 generate(n_us_az_ipv6, "name-us-arizona-ipv6.pem") 397 398 n_us_ca_192_168_1_1 = copy.deepcopy(n_us_ca) 399 n_us_ca_192_168_1_1.add_rdn().add_attr('commonName', 'UTF8', '192.168.1.1') 400 generate(n_us_ca_192_168_1_1, "name-us-california-192.168.1.1.pem") 401 402 n_us_az_email = copy.deepcopy(n_us_az) 403 n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', 404 'bar@example.com') 405 generate(n_us_az_email, "name-us-arizona-email.pem") 406 407 n_us_az_email = copy.deepcopy(n_us_az) 408 n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', 409 'FoO@example.com') 410 generate(n_us_az_email, "name-us-arizona-email-localpartcase.pem") 411 412 n_us_az_email = copy.deepcopy(n_us_az) 413 n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', 414 'foo@example.com') 415 n_us_az_email.add_rdn().add_attr('emailAddress', 'IA5STRING', 416 'bar@example.com') 417 generate(n_us_az_email, "name-us-arizona-email-multiple.pem") 418 419 n_us_az_email = copy.deepcopy(n_us_az) 420 n_us_az_email.add_rdn().add_attr('emailAddress', 'VISIBLESTRING', 421 'bar@example.com') 422 generate(n_us_az_email, "name-us-arizona-email-invalidstring.pem") 423 424 n_ca = generate_names.NameGenerator() 425 n_ca.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'CA') 426 generate(n_ca, "name-ca.pem") 427 428 n_de = generate_names.NameGenerator() 429 n_de.add_rdn().add_attr('countryName', 'PRINTABLESTRING', 'DE') 430 generate(n_de, "name-de.pem") 431 432 n_empty = generate_names.NameGenerator() 433 generate(n_empty, "name-empty.pem") 434 435 436 directoryname_constraints = NameConstraintsGenerator() 437 directoryname_constraints.add_permitted(directory_name(n_us)) 438 directoryname_constraints.add_excluded(directory_name(n_us_ca)) 439 directoryname_constraints.add_permitted(directory_name(n_us_ca_mountain_view)) 440 directoryname_constraints.add_excluded(directory_name(n_de)) 441 directoryname_constraints.add_permitted(directory_name(n_jp_tokyo)) 442 generate(directoryname_constraints, "directoryname.pem") 443 444 c = NameConstraintsGenerator() 445 c.union_from(directoryname_constraints) 446 c.union_from(dnsname_constraints) 447 generate(c, "directoryname_and_dnsname.pem") 448 449 c = NameConstraintsGenerator() 450 c.union_from(directoryname_constraints) 451 c.union_from(dnsname_constraints) 452 c.union_from(ipaddress_constraints) 453 generate(c, "directoryname_and_dnsname_and_ipaddress.pem") 454 455 c = NameConstraintsGenerator() 456 c.add_excluded(directory_name(n_us_ca)) 457 generate(c, "directoryname-excluded.pem") 458 459 c = NameConstraintsGenerator() 460 c.add_permitted(directory_name(n_us)) 461 c.add_excluded(directory_name(n_empty)) 462 generate(c, "directoryname-excludeall.pem") 463 464 san = SubjectAltNameGenerator() 465 san.add_name(dns_name("permitted.example.com")) 466 san.add_name(ip_address((192,168,1,2))) 467 san.add_name(directory_name(n_us_az)) 468 generate(san, "san-permitted.pem") 469 470 san2 = copy.deepcopy(san) 471 san2.add_name( 472 dns_name("foo.stillnotpermitted.excluded.permitted.example.com")) 473 generate(san2, "san-excluded-dnsname.pem") 474 475 san2 = copy.deepcopy(san) 476 san2.add_name(ip_address((192,168,5,5))) 477 generate(san2, "san-excluded-ipaddress.pem") 478 479 san2 = copy.deepcopy(san) 480 san2.add_name(directory_name(n_us_ca_mountain_view)) 481 generate(san2, "san-excluded-directoryname.pem") 482 483 san = SubjectAltNameGenerator() 484 san.add_name(other_name()) 485 generate(san, "san-othername.pem") 486 487 san = SubjectAltNameGenerator() 488 san.add_name(rfc822_name("foo@example.com")) 489 generate(san, "san-rfc822name.pem") 490 491 san = SubjectAltNameGenerator() 492 san.add_name(rfc822_name("foo@eXaMplE.cOm")) 493 generate(san, "san-rfc822name-domaincase.pem") 494 495 san = SubjectAltNameGenerator() 496 san.add_name(rfc822_name("FoO@example.com")) 497 generate(san, "san-rfc822name-localpartcase.pem") 498 499 san = SubjectAltNameGenerator() 500 san.add_name(rfc822_name('\\"foo\\"@example.com')) 501 generate(san, "san-rfc822name-quoted.pem") 502 503 san = SubjectAltNameGenerator() 504 san.add_name(rfc822_name("@example.com")) 505 generate(san, "san-rfc822name-empty-localpart.pem") 506 507 san = SubjectAltNameGenerator() 508 san.add_name(rfc822_name("foo@subdomain.example.com")) 509 generate(san, "san-rfc822name-subdomain.pem") 510 511 san = SubjectAltNameGenerator() 512 san.add_name(rfc822_name("foo@sUbdoMAin.exAmPLe.COm")) 513 generate(san, "san-rfc822name-subdomaincase.pem") 514 515 san = SubjectAltNameGenerator() 516 san.add_name(rfc822_name("example.com")) 517 generate(san, "san-rfc822name-no-at.pem") 518 519 san = SubjectAltNameGenerator() 520 san.add_name(rfc822_name("foo@bar@example.com")) 521 generate(san, "san-rfc822name-two-ats.pem") 522 523 san = SubjectAltNameGenerator() 524 san.add_name(rfc822_name("subdomain.example.com")) 525 generate(san, "san-rfc822name-subdomain-no-at.pem") 526 527 san = SubjectAltNameGenerator() 528 san.add_name(rfc822_name("foo@bar@subdomain.example.com")) 529 generate(san, "san-rfc822name-subdomain-two-ats.pem") 530 531 san = SubjectAltNameGenerator() 532 san.add_name(rfc822_name("")) 533 generate(san, "san-rfc822name-empty.pem") 534 535 san = SubjectAltNameGenerator() 536 san.add_name(rfc822_name("foo@[8.8.8.8]")) 537 generate(san, "san-rfc822name-ipv4.pem") 538 539 san = SubjectAltNameGenerator() 540 san.add_name(rfc822_name("foo@example.com")) 541 san.add_name(rfc822_name("bar@example.com")) 542 generate(san, "san-rfc822name-multiple.pem") 543 544 san = SubjectAltNameGenerator() 545 san.add_name(dns_name("foo.example.com")) 546 generate(san, "san-dnsname.pem") 547 548 san = SubjectAltNameGenerator() 549 san.add_name(x400_address()) 550 generate(san, "san-x400address.pem") 551 552 san = SubjectAltNameGenerator() 553 san.add_name(directory_name(n_us)) 554 generate(san, "san-directoryname.pem") 555 556 san = SubjectAltNameGenerator() 557 san.add_name(uniform_resource_identifier('http://example.com')) 558 generate(san, "san-uri.pem") 559 560 san = SubjectAltNameGenerator() 561 san.add_name(ip_address((192,168,6,7))) 562 generate(san, "san-ipaddress4.pem") 563 564 san = SubjectAltNameGenerator() 565 san.add_name(ip_address((0xFE, 0x80, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 566 13, 14))) 567 generate(san, "san-ipaddress6.pem") 568 569 san = SubjectAltNameGenerator() 570 san.add_name(registered_id("1.2.3.4")) 571 generate(san, "san-registeredid.pem") 572 573 san = SubjectAltNameGenerator() 574 generate(san, "san-invalid-empty.pem") 575 576 san = SubjectAltNameGenerator() 577 san.add_name(ip_address((192,168,0,5,0), enforce_length=False)) 578 generate(san, "san-invalid-ipaddress.pem") 579 580 c = NameConstraintsGenerator() 581 c.add_permitted(other_name()) 582 generate(c, "othername-permitted.pem") 583 c = NameConstraintsGenerator() 584 c.add_excluded(other_name()) 585 generate(c, "othername-excluded.pem") 586 587 c = NameConstraintsGenerator() 588 c.add_permitted(rfc822_name("foo@example.com")) 589 generate(c, "rfc822name-permitted.pem") 590 591 c = NameConstraintsGenerator() 592 c.add_permitted(rfc822_name('\\"foo\\"@example.com')) 593 generate(c, "rfc822name-permitted-quoted.pem") 594 595 c = NameConstraintsGenerator() 596 c.add_permitted(rfc822_name("example.com")) 597 generate(c, "rfc822name-permitted-hostname.pem") 598 599 c = NameConstraintsGenerator() 600 c.add_permitted(rfc822_name("@example.com")) 601 generate(c, "rfc822name-permitted-hostnamewithat.pem") 602 603 c = NameConstraintsGenerator() 604 c.add_permitted(rfc822_name(".example.com")) 605 generate(c, "rfc822name-permitted-subdomains.pem") 606 607 c = NameConstraintsGenerator() 608 c.add_permitted(rfc822_name("")) 609 generate(c, "rfc822name-permitted-empty.pem") 610 611 c = NameConstraintsGenerator() 612 c.add_permitted(rfc822_name("[8.8.8.8]")) 613 generate(c, "rfc822name-permitted-ipv4.pem") 614 615 c = NameConstraintsGenerator() 616 c.add_excluded(rfc822_name("foo@example.com")) 617 generate(c, "rfc822name-excluded.pem") 618 619 c = NameConstraintsGenerator() 620 c.add_excluded(rfc822_name('\\"foo\\"@example.com')) 621 generate(c, "rfc822name-excluded-quoted.pem") 622 623 c = NameConstraintsGenerator() 624 c.add_excluded(rfc822_name("example.com")) 625 generate(c, "rfc822name-excluded-hostname.pem") 626 627 c = NameConstraintsGenerator() 628 c.add_excluded(rfc822_name("@example.com")) 629 generate(c, "rfc822name-excluded-hostnamewithat.pem") 630 631 c = NameConstraintsGenerator() 632 c.add_excluded(rfc822_name(".example.com")) 633 generate(c, "rfc822name-excluded-subdomains.pem") 634 635 c = NameConstraintsGenerator() 636 c.add_excluded(rfc822_name("")) 637 generate(c, "rfc822name-excluded-empty.pem") 638 639 c = NameConstraintsGenerator() 640 c.add_excluded(rfc822_name("[8.8.8.8]")) 641 generate(c, "rfc822name-excluded-ipv4.pem") 642 643 c = NameConstraintsGenerator() 644 c.add_permitted(x400_address()) 645 generate(c, "x400address-permitted.pem") 646 c = NameConstraintsGenerator() 647 c.add_excluded(x400_address()) 648 generate(c, "x400address-excluded.pem") 649 650 c = NameConstraintsGenerator() 651 c.add_permitted(edi_party_name()) 652 generate(c, "edipartyname-permitted.pem") 653 c = NameConstraintsGenerator() 654 c.add_excluded(edi_party_name()) 655 generate(c, "edipartyname-excluded.pem") 656 657 c = NameConstraintsGenerator() 658 c.add_permitted(uniform_resource_identifier("http://example.com")) 659 generate(c, "uri-permitted.pem") 660 c = NameConstraintsGenerator() 661 c.add_excluded(uniform_resource_identifier("http://example.com")) 662 generate(c, "uri-excluded.pem") 663 664 c = NameConstraintsGenerator() 665 c.add_permitted(registered_id("1.2.3.4")) 666 generate(c, "registeredid-permitted.pem") 667 c = NameConstraintsGenerator() 668 c.add_excluded(registered_id("1.2.3.4")) 669 generate(c, "registeredid-excluded.pem") 670 671 c = NameConstraintsGenerator() 672 generate(c, "invalid-no_subtrees.pem") 673 674 c = NameConstraintsGenerator(force_permitted_sequence=True) 675 generate(c, "invalid-empty_permitted_subtree.pem") 676 677 c = NameConstraintsGenerator(force_excluded_sequence=True) 678 generate(c, "invalid-empty_excluded_subtree.pem") 679 680 c = NameConstraintsGenerator() 681 c.add_permitted(with_min_max(dns_name("permitted.example.com"), minimum=0)) 682 generate(c, "dnsname-with_min_0.pem") 683 684 c = NameConstraintsGenerator() 685 c.add_permitted(with_min_max(dns_name("permitted.example.com"), minimum=1)) 686 generate(c, "dnsname-with_min_1.pem") 687 688 c = NameConstraintsGenerator() 689 c.add_permitted(with_min_max( 690 dns_name("permitted.example.com"), minimum=0, maximum=2)) 691 generate(c, "dnsname-with_min_0_and_max.pem") 692 693 c = NameConstraintsGenerator() 694 c.add_permitted(with_min_max( 695 dns_name("permitted.example.com"), minimum=1, maximum=2)) 696 generate(c, "dnsname-with_min_1_and_max.pem") 697 698 c = NameConstraintsGenerator() 699 c.add_permitted(with_min_max(dns_name("permitted.example.com"), maximum=2)) 700 generate(c, "dnsname-with_max.pem") 701 702 703if __name__ == '__main__': 704 main() 705