Chromium Code Reviews Chromium Code Reviews
Issue 1399243004:
Add script that generates X509 certificates for testing dart:io SecureSocket (Closed)
Base URL: git@github.com:dart-lang/sdk.git@master| OLD | NEW |
|---|---|
| (Empty) | |
| 1 #!/bin/bash | |
| 2 # Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file | |
| 3 # for details. All rights reserved. Use of this source code is governed by a | |
| 4 # BSD-style license that can be found in the LICENSE file. | |
|
Søren Gjesse
2015/10/14 07:22:12
nit: Add an empty line after the copyright message
Bill Hesse
2015/10/14 08:50:11
Done.
| |
| 5 # Script to create sample certificates for the dart:io SecureSocket tests. | |
| 6 # Creates a root certificate authority, an intermediate authority, | |
| 7 # and a server certificate, | |
|
Søren Gjesse
2015/10/14 07:22:12
Add 'set -e'?
Bill Hesse
2015/10/14 08:50:11
When I run this script with ., since it is not mar
| |
| 8 | |
| 9 password=pass:dartdart | |
| 10 | |
| 11 # We need a server certificate chain where we don't trust the root. Take the | |
| 12 # server certificate from the previous run of this script, for that purpose. | |
| 13 if [ -d "certificates" ]; then | |
| 14 mv certificates/server_key.pem certificates/untrusted_server_key.pem | |
| 15 mv certificates/server_chain.pem certificates/untrusted_server_chain.pem | |
| 16 fi | |
| 17 | |
| 18 mkdir certificate_authority > /dev/null 2>&1 | |
| 19 cd certificate_authority | |
| 20 | |
| 21 # Create a self-signed certificate authority. | |
| 22 openssl req -subj /CN=rootauthority -set_serial 1 -batch -verbose \ | |
| 23 -passout $password -new -x509 -keyout root_authority_key.pem \ | |
| 24 -out root_authority.pem -days 3650 | |
| 25 | |
| 26 # Create a certificate request for the intermediate authority. | |
| 27 openssl req -subj /CN=intermediateauthority -batch -verbose \ | |
| 28 -passout $password -new -keyout intermediate_authority_key.pem \ | |
| 29 -out intermediate_authority_request.pem | |
| 30 | |
| 31 # Sign the certificate of the intermediate authority with the root authority. | |
| 32 # Add the certificate extensions marking it as a certificate authority. | |
| 33 openssl x509 -req -in intermediate_authority_request.pem \ | |
| 34 -out intermediate_authority.pem -set_serial 1 \ | |
| 35 -CA root_authority.pem -CAkey root_authority_key.pem \ | |
| 36 -passin $password -extfile ../intermediate_authority_v3_extensions \ | |
| 37 -days 3650 | |
| 38 | |
| 39 # Create a certificate request for the server certificate | |
| 40 openssl req -subj /CN=localhost -batch -verbose -passout $password -new \ | |
| 41 -keyout localhost_key.pem -out localhost_request.pem | |
| 42 | |
| 43 # Sign the server certificate with the intermediate authority. Add the | |
| 44 # certificate extensions for SubjectAltName and that it is not a CA itself. | |
| 45 openssl x509 -req -in localhost_request.pem -out localhost.pem -set_serial 1 \ | |
| 46 -CA intermediate_authority.pem -CAkey intermediate_authority_key.pem \ | |
| 47 -passin $password -extfile ../localhost_v3_extensions -days 3650 | |
| 48 | |
| 49 mkdir ../certificates > /dev/null 2>&1 | |
| 50 | |
| 51 cat localhost.pem intermediate_authority.pem root_authority.pem \ | |
| 52 > ../certificates/server_chain.pem | |
| 53 | |
| 54 # BoringSSL only accepts private keys signed with the PBE-SHA1-RC4-128 cipher. | |
| 55 openssl pkcs8 -in localhost_key.pem -out ../certificates/server_key.pem \ | |
| 56 -topk8 -v1 PBE-SHA1-RC4-128 -passin $password -passout $password | |
| 57 | |
| 58 cp root_authority.pem ../certificates/trusted_certs.pem | |
|
Søren Gjesse
2015/10/14 07:22:12
You don't want to also keep the keys for the root
Bill Hesse
2015/10/14 08:50:11
No. I only want what we will use in the tests. W
| |
| 59 | |
| 60 cd .. | |
| OLD | NEW |
