OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 | 2 |
3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
9 | 9 |
10 try() { | 10 try() { |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
100 | 100 |
101 CA_COMMON_NAME="Test Root CA" \ | 101 CA_COMMON_NAME="Test Root CA" \ |
102 try openssl ca \ | 102 try openssl ca \ |
103 -batch \ | 103 -batch \ |
104 -extensions user_cert \ | 104 -extensions user_cert \ |
105 -days 3650 \ | 105 -days 3650 \ |
106 -in out/localhost_cert.req \ | 106 -in out/localhost_cert.req \ |
107 -out out/localhost_cert.pem \ | 107 -out out/localhost_cert.pem \ |
108 -config ca.cnf | 108 -config ca.cnf |
109 | 109 |
| 110 CA_COMMON_NAME="Test Root CA" \ |
| 111 try openssl ca \ |
| 112 -batch \ |
| 113 -extensions user_cert \ |
| 114 -subj "/CN=Leaf Certificate/" \ |
| 115 -startdate 00010101000000Z \ |
| 116 -enddate 00010101000000Z \ |
| 117 -in out/ok_cert.req \ |
| 118 -out out/bad_validity.pem \ |
| 119 -config ca.cnf |
| 120 |
110 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \ | 121 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \ |
111 > ../certificates/ok_cert.pem" | 122 > ../certificates/ok_cert.pem" |
112 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \ | 123 try /bin/sh -c "cat out/localhost_cert.key out/localhost_cert.pem \ |
113 > ../certificates/localhost_cert.pem" | 124 > ../certificates/localhost_cert.pem" |
114 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \ | 125 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \ |
115 > ../certificates/expired_cert.pem" | 126 > ../certificates/expired_cert.pem" |
116 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ | 127 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ |
117 > ../certificates/root_ca_cert.pem" | 128 > ../certificates/root_ca_cert.pem" |
118 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ | 129 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ |
119 > ../certificates/name_constraint_bad.pem" | 130 > ../certificates/name_constraint_bad.pem" |
120 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ | 131 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ |
121 > ../certificates/name_constraint_good.pem" | 132 > ../certificates/name_constraint_good.pem" |
| 133 try /bin/sh -c "cat out/ok_cert.key out/bad_validity.pem \ |
| 134 > ../certificates/bad_validity.pem" |
122 | 135 |
123 # Now generate the one-off certs | 136 # Now generate the one-off certs |
124 ## SHA-256 general test cert | 137 ## SHA-256 general test cert |
125 try openssl req -x509 -days 3650 \ | 138 try openssl req -x509 -days 3650 \ |
126 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 139 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
127 -sha256 \ | 140 -sha256 \ |
128 -out ../certificates/sha256.pem | 141 -out ../certificates/sha256.pem |
129 | 142 |
130 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing | 143 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing |
131 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ | 144 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ |
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
306 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 319 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
307 ## from an intermediate CA issued underneath a root. | 320 ## from an intermediate CA issued underneath a root. |
308 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 321 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
309 <<CRLSETBYINTERMEDIATESERIAL | 322 <<CRLSETBYINTERMEDIATESERIAL |
310 { | 323 { |
311 "BlockedByHash": { | 324 "BlockedByHash": { |
312 "../certificates/quic_intermediate.crt": [3] | 325 "../certificates/quic_intermediate.crt": [3] |
313 } | 326 } |
314 } | 327 } |
315 CRLSETBYINTERMEDIATESERIAL | 328 CRLSETBYINTERMEDIATESERIAL |
OLD | NEW |