OLD | NEW |
1 #!/bin/sh | 1 #!/bin/sh |
2 | 2 |
3 # Copyright 2013 The Chromium Authors. All rights reserved. | 3 # Copyright 2013 The Chromium Authors. All rights reserved. |
4 # Use of this source code is governed by a BSD-style license that can be | 4 # Use of this source code is governed by a BSD-style license that can be |
5 # found in the LICENSE file. | 5 # found in the LICENSE file. |
6 | 6 |
7 # This script generates a set of test (end-entity, intermediate, root) | 7 # This script generates a set of test (end-entity, intermediate, root) |
8 # certificates that can be used to test fetching of an intermediate via AIA. | 8 # certificates that can be used to test fetching of an intermediate via AIA. |
9 | 9 |
10 try() { | 10 try() { |
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
145 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ | 145 try /bin/sh -c "cat out/2048-sha256-root.key out/2048-sha256-root.pem \ |
146 > ../certificates/root_ca_cert.pem" | 146 > ../certificates/root_ca_cert.pem" |
147 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ | 147 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_bad.pem \ |
148 > ../certificates/name_constraint_bad.pem" | 148 > ../certificates/name_constraint_bad.pem" |
149 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ | 149 try /bin/sh -c "cat out/ok_cert.key out/name_constraint_good.pem \ |
150 > ../certificates/name_constraint_good.pem" | 150 > ../certificates/name_constraint_good.pem" |
151 try /bin/sh -c "cat out/ok_cert.key out/bad_validity.pem \ | 151 try /bin/sh -c "cat out/ok_cert.key out/bad_validity.pem \ |
152 > ../certificates/bad_validity.pem" | 152 > ../certificates/bad_validity.pem" |
153 | 153 |
154 # Now generate the one-off certs | 154 # Now generate the one-off certs |
155 ## SHA-256 general test cert | |
156 try openssl req -x509 -days 3650 \ | |
157 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | |
158 -sha256 \ | |
159 -out ../certificates/sha256.pem | |
160 | |
161 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing | 155 ## Self-signed cert for SPDY/QUIC/HTTP2 pooling testing |
162 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ | 156 try openssl req -x509 -days 3650 -extensions req_spdy_pooling \ |
163 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 157 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
164 -out ../certificates/spdy_pooling.pem | 158 -out ../certificates/spdy_pooling.pem |
165 | 159 |
166 ## SubjectAltName parsing | 160 ## SubjectAltName parsing |
167 try openssl req -x509 -days 3650 -extensions req_san_sanity \ | 161 try openssl req -x509 -days 3650 -extensions req_san_sanity \ |
168 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ | 162 -config ../scripts/ee.cnf -newkey rsa:2048 -text \ |
169 -out ../certificates/subjectAltName_sanity_check.pem | 163 -out ../certificates/subjectAltName_sanity_check.pem |
170 | 164 |
(...skipping 205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
376 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued | 370 ## Block a leaf cert by issuer-hash-and-serial. However, this will be issued |
377 ## from an intermediate CA issued underneath a root. | 371 ## from an intermediate CA issued underneath a root. |
378 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ | 372 try python crlsetutil.py -o ../certificates/crlset_by_intermediate_serial.raw \ |
379 <<CRLSETBYINTERMEDIATESERIAL | 373 <<CRLSETBYINTERMEDIATESERIAL |
380 { | 374 { |
381 "BlockedByHash": { | 375 "BlockedByHash": { |
382 "../certificates/quic_intermediate.crt": [3] | 376 "../certificates/quic_intermediate.crt": [3] |
383 } | 377 } |
384 } | 378 } |
385 CRLSETBYINTERMEDIATESERIAL | 379 CRLSETBYINTERMEDIATESERIAL |
OLD | NEW |