Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(488)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: tests/standalone/io/create_sample_certificates.sh

Issue 1399243004: Add script that generates X509 certificates for testing dart:io SecureSocket (Closed) Base URL: git@github.com:dart-lang/sdk.git@master
Patch Set: Address comments Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « tests/standalone/io/certificates/untrusted_server_key.pem ('k') | tests/standalone/io/intermediate_authority_v3_extensions » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 #!/bin/bash
2 # Copyright (c) 2015, the Dart project authors. Please see the AUTHORS file
3 # for details. All rights reserved. Use of this source code is governed by a
4 # BSD-style license that can be found in the LICENSE file.
5
6 # Script to create sample certificates for the dart:io SecureSocket tests.
7 # Creates a root certificate authority, an intermediate authority,
8 # and a server certificate,
9
10 password=pass:dartdart
11
12 # We need a server certificate chain where we don't trust the root. Take the
13 # server certificate from the previous run of this script, for that purpose.
14 if [ -d "certificates" ]; then
15 mv certificates/server_key.pem certificates/untrusted_server_key.pem
16 mv certificates/server_chain.pem certificates/untrusted_server_chain.pem
17 else
18 mkdir certificates
19 fi
20
21 mkdir -p certificate_authority
22 cd certificate_authority
23
24 # Create a self-signed certificate authority.
25 openssl req -subj /CN=rootauthority -set_serial 1 -batch -verbose \
26 -passout $password -new -x509 -keyout root_authority_key.pem \
27 -out root_authority.pem -days 3650
28
29 # Create a certificate request for the intermediate authority.
30 openssl req -subj /CN=intermediateauthority -batch -verbose \
31 -passout $password -new -keyout intermediate_authority_key.pem \
32 -out intermediate_authority_request.pem
33
34 # Sign the certificate of the intermediate authority with the root authority.
35 # Add the certificate extensions marking it as a certificate authority.
36 openssl x509 -req -in intermediate_authority_request.pem \
37 -out intermediate_authority.pem -set_serial 1 \
38 -CA root_authority.pem -CAkey root_authority_key.pem \
39 -passin $password -extfile ../intermediate_authority_v3_extensions \
40 -days 3650
41
42 # Create a certificate request for the server certificate
43 openssl req -subj /CN=localhost -batch -verbose -passout $password -new \
44 -keyout localhost_key.pem -out localhost_request.pem
45
46 # Sign the server certificate with the intermediate authority. Add the
47 # certificate extensions for SubjectAltName and that it is not a CA itself.
48 openssl x509 -req -in localhost_request.pem -out localhost.pem -set_serial 1 \
49 -CA intermediate_authority.pem -CAkey intermediate_authority_key.pem \
50 -passin $password -extfile ../localhost_v3_extensions -days 3650
51
52 cat localhost.pem intermediate_authority.pem root_authority.pem \
53 > ../certificates/server_chain.pem
54
55 # BoringSSL only accepts private keys signed with the PBE-SHA1-RC4-128 cipher.
56 openssl pkcs8 -in localhost_key.pem -out ../certificates/server_key.pem \
57 -topk8 -v1 PBE-SHA1-RC4-128 -passin $password -passout $password
58
59 cp root_authority.pem ../certificates/trusted_certs.pem
60
61 cd ..
OLDNEW
« no previous file with comments | « tests/standalone/io/certificates/untrusted_server_key.pem ('k') | tests/standalone/io/intermediate_authority_v3_extensions » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698