Index: net/data/ssl/scripts/generate-weak-test-chains.sh |
=================================================================== |
--- net/data/ssl/scripts/generate-weak-test-chains.sh (revision 0) |
+++ net/data/ssl/scripts/generate-weak-test-chains.sh (revision 0) |
@@ -0,0 +1,168 @@ |
+#!/bin/sh |
+ |
+# Copyright (c) 2011 The Chromium Authors. All rights reserved. |
+# Use of this source code is governed by a BSD-style license that can be |
+# found in the LICENSE file. |
+ |
+# This script generates a set of test (end-entity, intermediate, root) |
+# certificates with (weak, strong), (RSA, DSA, ECDSA) key pairs. |
+ |
+key_types="768-rsa 1024-rsa 2048-rsa prime256v1-ecdsa" |
+ |
+try () { |
+ echo "$@" |
+ $@ || exit 1 |
+} |
+ |
+generate_key_command () { |
+ case "$1" in |
+ dsa) |
+ echo "dsaparam -genkey" |
+ ;; |
+ ecdsa) |
+ echo "ecparam -genkey" |
+ ;; |
+ rsa) |
+ echo genrsa |
+ ;; |
+ *) |
+ exit 1 |
+ esac |
+} |
+ |
+try rm -rf out |
+try mkdir out |
+ |
+# Create the serial number files. |
+try echo 1 > out/2048-rsa-root-serial |
+for key_type in $key_types |
+do |
+ try echo 1 > out/$key_type-intermediate-serial |
+done |
+ |
+# Generate one root CA certificate. |
+try openssl genrsa -out out/2048-rsa-root.key 2048 |
+ |
+CA_COMMON_NAME="2048 RSA Test Root CA" \ |
+ CA_DIR=out \ |
+ CA_NAME=req_env_dn \ |
+ KEY_SIZE=2048 \ |
+ ALGO=rsa \ |
+ CERT_TYPE=root \ |
+ try openssl req \ |
+ -new \ |
+ -key out/2048-rsa-root.key \ |
+-extensions ca_cert \ |
+ -out out/2048-rsa-root.csr \ |
+ -config ca.cnf |
+ |
+CA_COMMON_NAME="2048 RSA Test Root CA" \ |
+ CA_DIR=out \ |
+ CA_NAME=req_env_dn \ |
+ try openssl x509 \ |
+ -req -days 3650 \ |
+ -in out/2048-rsa-root.csr \ |
+-extensions ca_cert \ |
+ -signkey out/2048-rsa-root.key \ |
+ -out out/2048-rsa-root.pem |
+ |
+# Generate private keys of all types and strengths for intermediate CAs and |
+# end-entities. |
+for key_type in $key_types |
+do |
+ key_size=$(echo "$key_type" | sed -E 's/-.+//') |
+ algo=$(echo "$key_type" | sed -E 's/.+-//') |
+ |
+ if [ ecdsa = $algo ] |
+ then |
+ key_size="-name $key_size" |
+ fi |
+ |
+ try openssl $(generate_key_command $algo) \ |
+ -out out/$key_type-intermediate.key $key_size |
+done |
+ |
+for key_type in $key_types |
+do |
+ key_size=$(echo "$key_type" | sed -E 's/-.+//') |
+ algo=$(echo "$key_type" | sed -E 's/.+-//') |
+ |
+ if [ ecdsa = $algo ] |
+ then |
+ key_size="-name $key_size" |
+ fi |
+ |
+ for signer_key_type in $key_types |
+ do |
+ try openssl $(generate_key_command $algo) \ |
+ -out out/$key_type-ee-by-$signer_key_type-intermediate.key $key_size |
+ done |
+done |
+ |
+# The root signs the intermediates. |
+for key_type in $key_types |
+do |
+ key_size=$(echo "$key_type" | sed -E 's/-.+//') |
+ algo=$(echo "$key_type" | sed -E 's/.+-//') |
+ |
+ CA_COMMON_NAME="$key_size $algo Test intermediate CA" \ |
+ CA_DIR=out \ |
+ CA_NAME=req_env_dn \ |
+ KEY_SIZE=$key_size \ |
+ ALGO=$algo \ |
+ CERT_TYPE=intermediate \ |
+ try openssl req \ |
+ -new \ |
+ -key out/$key_type-intermediate.key \ |
+ -out out/$key_type-intermediate.csr \ |
+ -config ca.cnf |
+ |
+ # Make sure the signer's DB file exists. |
+ touch out/2048-rsa-root-index.txt |
+ |
+ CA_COMMON_NAME="2048 RSA Test Root CA" \ |
+ CA_DIR=out \ |
+ CA_NAME=req_env_dn \ |
+ KEY_SIZE=2048 \ |
+ ALGO=rsa \ |
+ CERT_TYPE=root \ |
+ try openssl ca \ |
+ -batch \ |
+ -extensions ca_cert \ |
+ -in out/$key_type-intermediate.csr \ |
+ -out out/$key_type-intermediate.pem \ |
+ -config ca.cnf |
+done |
+ |
+# The intermediates sign the end-entities. |
+for key_type in $key_types |
+do |
+ for signer_key_type in $key_types |
+ do |
+ key_size=$(echo "$key_type" | sed -E 's/-.+//') |
+ algo=$(echo "$key_type" | sed -E 's/.+-//') |
+ signer_key_size=$(echo "$signer_key_type" | sed -E 's/-.+//') |
+ signer_algo=$(echo "$signer_key_type" | sed -E 's/.+-//') |
+ touch out/$signer_key_type-intermediate-index.txt |
+ |
+ KEY_SIZE=$key_size \ |
+ try openssl req \ |
+ -new \ |
+ -key out/$key_type-ee-by-$signer_key_type-intermediate.key \ |
+ -out out/$key_type-ee-by-$signer_key_type-intermediate.csr \ |
+ -config ee.cnf |
+ |
+ CA_COMMON_NAME="$signer_key_size $algo Test intermediate CA" \ |
+ CA_DIR=out \ |
+ CA_NAME=req_env_dn \ |
+ KEY_SIZE=$signer_key_size \ |
+ ALGO=$signer_algo \ |
+ CERT_TYPE=intermediate \ |
+ try openssl ca \ |
+ -batch \ |
+ -in out/$key_type-ee-by-$signer_key_type-intermediate.csr \ |
+ -out out/$key_type-ee-by-$signer_key_type-intermediate.pem \ |
+ -config ca.cnf |
+ done |
+done |
+ |
Property changes on: net/data/ssl/scripts/generate-weak-test-chains.sh |
___________________________________________________________________ |
Added: svn:executable |
+ * |
Added: svn:eol-style |
+ LF |