| OLD | NEW |
|---|
| (Empty) | |
| 1 #!/bin/sh |
| 2 |
| 3 # Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. |
| 6 |
| 7 # This script generates a set of test (end-entity, intermediate, root) |
| 8 # certificates with (weak, strong), (RSA, DSA, ECDSA) key pairs. |
| 9 |
| 10 key_types="768-rsa 1024-rsa 2048-rsa prime256v1-ecdsa" |
| 11 |
| 12 try () { |
| 13 echo "$@" |
| 14 $@ || exit 1 |
| 15 } |
| 16 |
| 17 generate_key_command () { |
| 18 case "$1" in |
| 19 dsa) |
| 20 echo "dsaparam -genkey" |
| 21 ;; |
| 22 ecdsa) |
| 23 echo "ecparam -genkey" |
| 24 ;; |
| 25 rsa) |
| 26 echo genrsa |
| 27 ;; |
| 28 *) |
| 29 exit 1 |
| 30 esac |
| 31 } |
| 32 |
| 33 try rm -rf out |
| 34 try mkdir out |
| 35 |
| 36 # Create the serial number files. |
| 37 try echo 1 > out/2048-rsa-root-serial |
| 38 for key_type in $key_types |
| 39 do |
| 40 try echo 1 > out/$key_type-intermediate-serial |
| 41 done |
| 42 |
| 43 # Generate one root CA certificate. |
| 44 try openssl genrsa -out out/2048-rsa-root.key 2048 |
| 45 |
| 46 CA_COMMON_NAME="2048 RSA Test Root CA" \ |
| 47 CA_DIR=out \ |
| 48 CA_NAME=req_env_dn \ |
| 49 KEY_SIZE=2048 \ |
| 50 ALGO=rsa \ |
| 51 CERT_TYPE=root \ |
| 52 try openssl req \ |
| 53 -new \ |
| 54 -key out/2048-rsa-root.key \ |
| 55 -extensions ca_cert \ |
| 56 -out out/2048-rsa-root.csr \ |
| 57 -config ca.cnf |
| 58 |
| 59 CA_COMMON_NAME="2048 RSA Test Root CA" \ |
| 60 CA_DIR=out \ |
| 61 CA_NAME=req_env_dn \ |
| 62 try openssl x509 \ |
| 63 -req -days 3650 \ |
| 64 -in out/2048-rsa-root.csr \ |
| 65 -extensions ca_cert \ |
| 66 -signkey out/2048-rsa-root.key \ |
| 67 -out out/2048-rsa-root.pem |
| 68 |
| 69 # Generate private keys of all types and strengths for intermediate CAs and |
| 70 # end-entities. |
| 71 for key_type in $key_types |
| 72 do |
| 73 key_size=$(echo "$key_type" | sed -E 's/-.+//') |
| 74 algo=$(echo "$key_type" | sed -E 's/.+-//') |
| 75 |
| 76 if [ ecdsa = $algo ] |
| 77 then |
| 78 key_size="-name $key_size" |
| 79 fi |
| 80 |
| 81 try openssl $(generate_key_command $algo) \ |
| 82 -out out/$key_type-intermediate.key $key_size |
| 83 done |
| 84 |
| 85 for key_type in $key_types |
| 86 do |
| 87 key_size=$(echo "$key_type" | sed -E 's/-.+//') |
| 88 algo=$(echo "$key_type" | sed -E 's/.+-//') |
| 89 |
| 90 if [ ecdsa = $algo ] |
| 91 then |
| 92 key_size="-name $key_size" |
| 93 fi |
| 94 |
| 95 for signer_key_type in $key_types |
| 96 do |
| 97 try openssl $(generate_key_command $algo) \ |
| 98 -out out/$key_type-ee-by-$signer_key_type-intermediate.key $key_size |
| 99 done |
| 100 done |
| 101 |
| 102 # The root signs the intermediates. |
| 103 for key_type in $key_types |
| 104 do |
| 105 key_size=$(echo "$key_type" | sed -E 's/-.+//') |
| 106 algo=$(echo "$key_type" | sed -E 's/.+-//') |
| 107 |
| 108 CA_COMMON_NAME="$key_size $algo Test intermediate CA" \ |
| 109 CA_DIR=out \ |
| 110 CA_NAME=req_env_dn \ |
| 111 KEY_SIZE=$key_size \ |
| 112 ALGO=$algo \ |
| 113 CERT_TYPE=intermediate \ |
| 114 try openssl req \ |
| 115 -new \ |
| 116 -key out/$key_type-intermediate.key \ |
| 117 -out out/$key_type-intermediate.csr \ |
| 118 -config ca.cnf |
| 119 |
| 120 # Make sure the signer's DB file exists. |
| 121 touch out/2048-rsa-root-index.txt |
| 122 |
| 123 CA_COMMON_NAME="2048 RSA Test Root CA" \ |
| 124 CA_DIR=out \ |
| 125 CA_NAME=req_env_dn \ |
| 126 KEY_SIZE=2048 \ |
| 127 ALGO=rsa \ |
| 128 CERT_TYPE=root \ |
| 129 try openssl ca \ |
| 130 -batch \ |
| 131 -extensions ca_cert \ |
| 132 -in out/$key_type-intermediate.csr \ |
| 133 -out out/$key_type-intermediate.pem \ |
| 134 -config ca.cnf |
| 135 done |
| 136 |
| 137 # The intermediates sign the end-entities. |
| 138 for key_type in $key_types |
| 139 do |
| 140 for signer_key_type in $key_types |
| 141 do |
| 142 key_size=$(echo "$key_type" | sed -E 's/-.+//') |
| 143 algo=$(echo "$key_type" | sed -E 's/.+-//') |
| 144 signer_key_size=$(echo "$signer_key_type" | sed -E 's/-.+//') |
| 145 signer_algo=$(echo "$signer_key_type" | sed -E 's/.+-//') |
| 146 touch out/$signer_key_type-intermediate-index.txt |
| 147 |
| 148 KEY_SIZE=$key_size \ |
| 149 try openssl req \ |
| 150 -new \ |
| 151 -key out/$key_type-ee-by-$signer_key_type-intermediate.key \ |
| 152 -out out/$key_type-ee-by-$signer_key_type-intermediate.csr \ |
| 153 -config ee.cnf |
| 154 |
| 155 CA_COMMON_NAME="$signer_key_size $algo Test intermediate CA" \ |
| 156 CA_DIR=out \ |
| 157 CA_NAME=req_env_dn \ |
| 158 KEY_SIZE=$signer_key_size \ |
| 159 ALGO=$signer_algo \ |
| 160 CERT_TYPE=intermediate \ |
| 161 try openssl ca \ |
| 162 -batch \ |
| 163 -in out/$key_type-ee-by-$signer_key_type-intermediate.csr \ |
| 164 -out out/$key_type-ee-by-$signer_key_type-intermediate.pem \ |
| 165 -config ca.cnf |
| 166 done |
| 167 done |
| 168 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8568040:
Refuse to accept certificate chains containing any RSA public key smaller (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/