net/data/ssl/scripts/generate-duplicate-cn-certs.sh - Issue 15315003: Generate unique certificate nicknames on Linux/CrOS.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/data/ssl/scripts/generate-duplicate-cn-certs.sh

Issue 15315003: Generate unique certificate nicknames on Linux/CrOS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: _NE -> _STRNE Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 #!/bin/sh

	2

	3 # Copyright (c) 2013 The Chromium Authors. All rights reserved.

	4 # Use of this source code is governed by a BSD-style license that can be

	5 # found in the LICENSE file.

	6

	7 # This script generates two chains of test certificates:

	8 # 1. A1 (end-entity) -> B (self-signed root)

	9 # 2. A2 (end-entity) -> B (self-signed root)

	10 #

	11 # In which A1 and A2 share the same key, the same subject common name, but have

	12 # distinct O values in their subjects.

	13 #

	14 # This is used to test that NSS can properly generate unique certificate

	15 # nicknames for both certificates.

	16

	17 try () {

	18 echo "$@"

	19 $@ \|\| exit 1

	20 }

	21

	22 generate_key_command () {

	23 case "$1" in

	24 rsa)

	25 echo genrsa

	26 ;;

	27 *)

	28 exit 1

	29 esac

	30 }

	31

	32 try rm -rf out

	33 try mkdir out

	34

	35 echo Create the serial number and index files.

	36 try echo 1 > out/B-serial

	37 try touch out/B-index.txt

	38

	39 echo Generate the keys.

	40 try openssl genrsa -out out/A.key 2048

	41 try openssl genrsa -out out/B.key 2048

	42

	43 echo Generate the B CSR.

	44 CA_COMMON_NAME="B Root CA" \

	45 CA_DIR=out \

	46 CA_NAME=req_env_dn \

	47 KEY_SIZE=2048 \

	48 ALGO=rsa \

	49 CERT_TYPE=root \

	50 TYPE=B CERTIFICATE=B \

	51 try openssl req \

	52 -new \

	53 -key out/B.key \

	54 -out out/B.csr \

	55 -config redundant-ca.cnf

	56

	57 echo B signs itself.

	58 CA_COMMON_NAME="B Root CA" \

	59 CA_DIR=out \

	60 CA_NAME=req_env_dn \

	61 try openssl x509 \

	62 -req -days 3650 \

	63 -in out/B.csr \

	64 -extfile redundant-ca.cnf \

	65 -extensions ca_cert \

	66 -signkey out/B.key \

	67 -out out/B.pem

	68

	69 echo Generate the A1 end-entity CSR.

	70 SUBJECT_NAME=req_duplicate_cn_1 \

	71 try openssl req \

	72 -new \

	73 -key out/A.key \

	74 -out out/A1.csr \

	75 -config ee.cnf

	76

	77 echo Generate the A2 end-entity CSR

	78 SUBJECT_NAME=req_duplicate_cn_2 \

	79 try openssl req \

	80 -new \

	81 -key out/A.key \

	82 -out out/A2.csr \

	83 -config ee.cnf

	84

	85

	86 echo B signs A1.

	87 CA_COMMON_NAME="B CA" \

	88 CA_DIR=out \

	89 CA_NAME=req_env_dn \

	90 KEY_SIZE=2048 \

	91 ALGO=sha1 \

	92 CERT_TYPE=intermediate \

	93 TYPE=B CERTIFICATE=B \

	94 try openssl ca \

	95 -batch \

	96 -extensions user_cert \

	97 -in out/A1.csr \

	98 -out out/A1.pem \

	99 -config redundant-ca.cnf

	100

	101 echo B signs A2.

	102 CA_COMMON_NAME="B CA" \

	103 CA_DIR=out \

	104 CA_NAME=req_env_dn \

	105 KEY_SIZE=2048 \

	106 ALGO=sha1 \

	107 CERT_TYPE=intermediate \

	108 TYPE=B CERTIFICATE=B \

	109 try openssl ca \

	110 -batch \

	111 -extensions user_cert \

	112 -in out/A2.csr \

	113 -out out/A2.pem \

	114 -config redundant-ca.cnf

	115

	116 echo Exporting the certificates to PKCS#12

	117 try openssl pkcs12 \

	118 -export \

	119 -inkey out/A.key \

	120 -in out/A1.pem \

	121 -out ../certificates/duplicate_cn_1.p12 \

	122 -passout pass:chrome

	123

	124 try openssl pkcs12 \

	125 -export \

	126 -inkey out/A.key \

	127 -in out/A2.pem \

	128 -out ../certificates/duplicate_cn_2.p12 \

	129 -passout pass:chrome

	130

	131 cp out/A1.pem ../certificates/duplicate_cn_1.pem

	132 cp out/A2.pem ../certificates/duplicate_cn_2.pem

OLD	NEW

« no previous file with comments | « net/data/ssl/scripts/ee.cnf ('k') | net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp » ('j') | no next file with comments »