| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 | 2 |
| 3 # Copyright 2015 The Chromium Authors. All rights reserved. | 3 # Copyright 2015 The Chromium Authors. All rights reserved. |
| 4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
| 5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
| 6 | 6 |
| 7 # Generates the following tree of certificates: | 7 # Generates the following tree of certificates: |
| 8 # root (self-signed root) | 8 # root (self-signed root) |
| 9 # \ \ | 9 # \ |
| 10 # \ \--> l1_leaf (end-entity) | 10 # \--> l1_leaf (end-entity) |
| 11 # \ | |
| 12 # \----> l1_interm --> l2_leaf (end-entity) | |
| 13 | 11 |
| 14 try() { | 12 try() { |
| 15 "$@" || { | 13 "$@" || { |
| 16 e=$? | 14 e=$? |
| 17 echo "*** ERROR $e *** $@ " > /dev/stderr | 15 echo "*** ERROR $e *** $@ " > /dev/stderr |
| 18 exit $e | 16 exit $e |
| 19 } | 17 } |
| 20 } | 18 } |
| 21 | 19 |
| 22 # Create a self-signed CA cert with CommonName CN and store it at $1.pem . | 20 # Create a self-signed CA cert with CommonName CN and store it at $1.pem . |
| (...skipping 16 matching lines...) Expand all Loading... |
| 39 -signkey out/${1}.key \ | 37 -signkey out/${1}.key \ |
| 40 -extfile ca.cnf \ | 38 -extfile ca.cnf \ |
| 41 -extensions ca_cert > out/${1}.pem | 39 -extensions ca_cert > out/${1}.pem |
| 42 | 40 |
| 43 try cp out/${1}.pem ${1}.pem | 41 try cp out/${1}.pem ${1}.pem |
| 44 } | 42 } |
| 45 | 43 |
| 46 # Create a cert with CommonName CN signed by CA_ID and store it at $1.der . | 44 # Create a cert with CommonName CN signed by CA_ID and store it at $1.der . |
| 47 # $2 must either be "leaf_cert" (for a server/user cert) or "ca_cert" (for a | 45 # $2 must either be "leaf_cert" (for a server/user cert) or "ca_cert" (for a |
| 48 # intermediate CA). | 46 # intermediate CA). |
| 47 # Stores the private key at $1.pk8 . |
| 49 issue_cert() { | 48 issue_cert() { |
| 50 if [[ "$2" == "ca_cert" ]] | 49 if [[ "$2" == "ca_cert" ]] |
| 51 then | 50 then |
| 52 try /bin/sh -c "echo 01 > out/${1}-serial" | 51 try /bin/sh -c "echo 01 > out/${1}-serial" |
| 53 try touch out/${1}-index.txt | 52 try touch out/${1}-index.txt |
| 54 try openssl genrsa -out out/${1}.key 2048 | |
| 55 fi | 53 fi |
| 56 try openssl req \ | 54 try openssl req \ |
| 57 -new \ | 55 -new \ |
| 58 -keyout out/${1}.key \ | 56 -keyout out/${1}.key \ |
| 59 -out out/${1}.req \ | 57 -out out/${1}.req \ |
| 60 -config ca.cnf | 58 -config ca.cnf |
| 61 | 59 |
| 62 try openssl ca \ | 60 try openssl ca \ |
| 63 -batch \ | 61 -batch \ |
| 64 -extensions $2 \ | 62 -extensions $2 \ |
| 65 -in out/${1}.req \ | 63 -in out/${1}.req \ |
| 66 -out out/${1}.pem \ | 64 -out out/${1}.pem \ |
| 67 -config ca.cnf | 65 -config ca.cnf |
| 68 | 66 |
| 67 try openssl pkcs8 -topk8 -in out/${1}.key -out ${1}.pk8 -outform DER -nocrypt |
| 68 |
| 69 try openssl x509 -in out/${1}.pem -outform DER -out out/${1}.der | 69 try openssl x509 -in out/${1}.pem -outform DER -out out/${1}.der |
| 70 try cp out/${1}.der ${1}.der | 70 try cp out/${1}.der ${1}.der |
| 71 } | 71 } |
| 72 | 72 |
| 73 try rm -rf out | 73 try rm -rf out |
| 74 try mkdir out | 74 try mkdir out |
| 75 | 75 |
| 76 CN=root \ | 76 CN=root \ |
| 77 try root_cert root | 77 try root_cert root |
| 78 | 78 |
| 79 CA_ID=root CN=l1_leaf \ | 79 CA_ID=root CN=l1_leaf \ |
| 80 try issue_cert l1_leaf leaf_cert | 80 try issue_cert l1_leaf leaf_cert |
| 81 | |
| 82 CA_ID=root CN=l1_interm \ | |
| 83 try issue_cert l1_interm ca_cert | |
| 84 | |
| 85 CA_ID=l1_interm CN=l2_leaf \ | |
| 86 try issue_cert l2_leaf leaf_cert | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1232553003:
Add new certificateProvider extension API. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master