Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(126)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/data/ssl/scripts/generate-test-certs.sh

Issue 1059303002: Don't process HSTS/HPKP headers when host is an IP address (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: ugly workaround for mac 10.6 getaddrinfo bug Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/data/ssl/scripts/generate-policy-certs.sh ('k') | net/data/url_request_unittest/hpkp-headers.html.mock-http-headers » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 #!/bin/sh 1 #!/bin/sh
2 2
3 # Copyright 2013 The Chromium Authors. All rights reserved. 3 # Copyright 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be 4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file. 5 # found in the LICENSE file.
6 6
7 # This script generates a set of test (end-entity, intermediate, root) 7 # This script generates a set of test (end-entity, intermediate, root)
8 # certificates that can be used to test fetching of an intermediate via AIA. 8 # certificates that can be used to test fetching of an intermediate via AIA.
9 9
10 try() { 10 try() {
11 echo "$@" 11 "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e)
12 "$@" || exit 1
13 } 12 }
14 13
15 try rm -rf out 14 try rm -rf out
16 try mkdir out 15 try mkdir out
17 16
18 try /bin/sh -c "echo 01 > out/2048-sha256-root-serial" 17 try /bin/sh -c "echo 01 > out/2048-sha256-root-serial"
19 touch out/2048-sha256-root-index.txt 18 touch out/2048-sha256-root-index.txt
20 19
21 # Generate the key 20 # Generate the key
22 try openssl genrsa -out out/2048-sha256-root.key 2048 21 try openssl genrsa -out out/2048-sha256-root.key 2048
23 22
24 # Generate the root certificate 23 # Generate the root certificate
25 CA_COMMON_NAME="Test Root CA" \ 24 CA_COMMON_NAME="Test Root CA" \
26 try openssl req \ 25 try openssl req \
27 -new \ 26 -new \
28 -key out/2048-sha256-root.key \ 27 -key out/2048-sha256-root.key \
29 -out out/2048-sha256-root.req \ 28 -out out/2048-sha256-root.req \
30 -config ca.cnf 29 -config ca.cnf
31 30
32 CA_COMMON_NAME="Test Root CA" \ 31 CA_COMMON_NAME="Test Root CA" \
33 try openssl x509 \ 32 try openssl x509 \
34 -req -days 3650 \ 33 -req -days 3650 \
35 -in out/2048-sha256-root.req \ 34 -in out/2048-sha256-root.req \
36 -out out/2048-sha256-root.pem \
37 -signkey out/2048-sha256-root.key \ 35 -signkey out/2048-sha256-root.key \
38 -extfile ca.cnf \ 36 -extfile ca.cnf \
39 -extensions ca_cert \ 37 -extensions ca_cert \
40 -text 38 -text > out/2048-sha256-root.pem
41 39
42 # Generate the leaf certificate requests 40 # Generate the leaf certificate requests
43 try openssl req \ 41 try openssl req \
44 -new \ 42 -new \
45 -keyout out/expired_cert.key \ 43 -keyout out/expired_cert.key \
46 -out out/expired_cert.req \ 44 -out out/expired_cert.req \
47 -config ee.cnf 45 -config ee.cnf
48 46
49 try openssl req \ 47 try openssl req \
50 -new \ 48 -new \
51 -keyout out/ok_cert.key \ 49 -keyout out/ok_cert.key \
52 -out out/ok_cert.req \ 50 -out out/ok_cert.req \
53 -config ee.cnf 51 -config ee.cnf
54 52
53 SUBJECT_NAME=req_localhost_cn \
54 try openssl req \
55 -new \
56 -keyout out/localhost_cert.key \
57 -out out/localhost_cert.req \
58 -reqexts req_localhost_san \
59 -config ee.cnf
60
55 # Generate the leaf certificates 61 # Generate the leaf certificates
56 CA_COMMON_NAME="Test Root CA" \ 62 CA_COMMON_NAME="Test Root CA" \
57 try openssl ca \ 63 try openssl ca \
58 -batch \ 64 -batch \
59 -extensions user_cert \ 65 -extensions user_cert \
60 -startdate 060101000000Z \ 66 -startdate 060101000000Z \
61 -enddate 070101000000Z \ 67 -enddate 070101000000Z \
62 -in out/expired_cert.req \ 68 -in out/expired_cert.req \
63 -out out/expired_cert.pem \ 69 -out out/expired_cert.pem \
64 -config ca.cnf 70 -config ca.cnf
(...skipping 20 matching lines...) Expand all
85 CA_COMMON_NAME="Test Root CA" \ 91 CA_COMMON_NAME="Test Root CA" \
86 try openssl ca \ 92 try openssl ca \
87 -batch \ 93 -batch \
88 -extensions name_constraint_good \ 94 -extensions name_constraint_good \
89 -subj "/CN=Leaf Certificate/" \ 95 -subj "/CN=Leaf Certificate/" \
90 -days 3650 \ 96 -days 3650 \
91 -in out/ok_cert.req \ 97 -in out/ok_cert.req \
92 -out out/name_constraint_good.pem \ 98 -out out/name_constraint_good.pem \
93 -config ca.cnf 99 -config ca.cnf
94 100
101 CA_COMMON_NAME="Test Root CA" \
102 try openssl ca \
103 -batch \
104 -extensions user_cert \
105 -days 3650 \
106 -in out/localhost_cert.req \
107 -out out/localhost_cert.pem \
108 -config ca.cnf
109
95 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \ 110 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \
96 > ../certificates/ok_cert.pem" 111 > ../certificates/ok_cert.pem"
112 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \
113 > ../certificates/localhost_cert.pem"
97 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \ 114 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \
98 > ../certificates/expired_cert.pem" 115 > ../certificates/expired_cert.pem"
99 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ 116 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \
100 > ../certificates/root_ca_cert.pem" 117 > ../certificates/root_ca_cert.pem"
101 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ 118 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \
102 > ../certificates/name_constraint_bad.pem" 119 > ../certificates/name_constraint_bad.pem"
103 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ 120 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \
104 > ../certificates/name_constraint_good.pem" 121 > ../certificates/name_constraint_good.pem"
105 122
106 # Now generate the one-off certs 123 # Now generate the one-off certs
107 ## SHA-256 general test cert 124 ## SHA-256 general test cert
108 try openssl req -x509 -days 3650 \ 125 try openssl req -x509 -days 3650 \
109 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ 126 -config ../scripts/ee.cnf -newkey rsa:2048 -text \
110 -sha256 \ 127 -sha256 \
111 -out sha256.pem 128 -out ../certificates/sha256.pem
112 129
113 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing 130 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing
114 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ 131 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \
115 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ 132 -config ../scripts/ee.cnf -newkey rsa:2048 -text \
116 -out ../certificates/spdy_pooling.pem 133 -out ../certificates/spdy_pooling.pem
117 134
118 ## SubjectAltName parsing 135 ## SubjectAltName parsing
119 try openssl req -x509 -days 3650 -extensions req_san_sanity \ 136 try openssl req -x509 -days 3650 -extensions req_san_sanity \
120 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ 137 -config ../scripts/ee.cnf -newkey rsa:2048 -text \
121 -out ../certificates/subjectAltName_sanity_check.pem 138 -out ../certificates/subjectAltName_sanity_check.pem
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
282 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued 299 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued
283 ## from an intermediate CA issued underneath a root. 300 ## from an intermediate CA issued underneath a root.
284 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ 301 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \
285 <<CRLSETBYINTERMEDIATESERIAL 302 <<CRLSETBYINTERMEDIATESERIAL
286 { 303 {
287 "BlockedByHash": { 304 "BlockedByHash": {
288 "../certificates/quic_intermediate.crt": [3] 305 "../certificates/quic_intermediate.crt": [3]
289 } 306 }
290 } 307 }
291 CRLSETBYINTERMEDIATESERIAL 308 CRLSETBYINTERMEDIATESERIAL
OLDNEW
« no previous file with comments | « net/data/ssl/scripts/generate-policy-certs.sh ('k') | net/data/url_request_unittest/hpkp-headers.html.mock-http-headers » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698