Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1133)

Unified Diff: src/scripts/mod_for_test_scripts/710enableAuthTesting

Issue 1701016: Generate testing certs on the fly (Closed) Base URL: ssh://git@chromiumos-git//chromeos
Patch Set: Created 10 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/scripts/mod_for_test_scripts/710enableAuthTesting
diff --git a/src/scripts/mod_for_test_scripts/710enableAuthTesting b/src/scripts/mod_for_test_scripts/710enableAuthTesting
index b623b0902b2b9686a35f9f2bba81260601ed424b..c24ce69a670abeb4f89e613f4e0daf8484d49103 100755
--- a/src/scripts/mod_for_test_scripts/710enableAuthTesting
+++ b/src/scripts/mod_for_test_scripts/710enableAuthTesting
@@ -6,24 +6,29 @@
echo "Adding mock Google Accounts server certs."
-# TODO(cmasone): Generate certs/keys on the fly from a CSR?
-CERT_DIR="${GCLIENT_ROOT}/src/platform/login_manager"
CERT_NAME="mock_server"
FAKE_CA_DIR="${ROOT_FS_DIR}/etc/fake_root_ca"
FAKE_NSSDB="${FAKE_CA_DIR}/nssdb"
+TMP_KEY=$(mktemp -p /tmp "${CERT_NAME}.key.XXXXX")
+TMP_CERT=$(mktemp -p /tmp "${CERT_NAME}.pem.XXXXX")
-mkdir -p "${FAKE_NSSDB}"
-cat "${CERT_DIR}/${CERT_NAME}.key" > "${FAKE_CA_DIR}/${CERT_NAME}.key"
+# Generate testing root cert on the fly.
+openssl req -x509 -nodes -days 365 \
+ -subj "/CN=*.google.com" \
+ -newkey rsa:1024 -keyout "${TMP_KEY}" -out "${TMP_CERT}"
+
+mkdir -m 0755 -p "${FAKE_NSSDB}"
+cp "${TMP_KEY}" "${FAKE_CA_DIR}/${CERT_NAME}.key"
echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${FAKE_CA_DIR}/README"
-nsscertutil -A -n FakeCA -t "C,C,C" -a -i "${CERT_DIR}/${CERT_NAME}.pem" \
- -d "${FAKE_NSSDB}"
-chmod -R 0644 "${FAKE_NSSDB}"
+nsscertutil -A -n FakeCA -t "C,C,C" -a -i "${TMP_CERT}" -d "${FAKE_NSSDB}"
+chmod 0644 "${FAKE_NSSDB}"/*
+cp "${TMP_CERT}" "${FAKE_CA_DIR}/${CERT_NAME}.pem"
# TODO(cmasone): get rid of this once we're off pam_google for good.
# Sadly, our fake cert HAS to be first in this file.
TMPFILE=$(mktemp)
CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem"
PERMS=$(stat --printf="%a" "${CERT_FILE}")
-cat "${CERT_DIR}/${CERT_NAME}.pem" "${CERT_FILE}" > "${TMPFILE}"
+cat "${TMP_CERT}" "${CERT_FILE}" > "${TMPFILE}"
mv -f "${TMPFILE}" "${CERT_FILE}"
chmod "${PERMS}" "${CERT_FILE}"
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698