| Index: net/data/ssl/scripts/generate-policy-certs.sh
|
| diff --git a/net/data/ssl/scripts/generate-policy-certs.sh b/net/data/ssl/scripts/generate-policy-certs.sh
|
| new file mode 100755
|
| index 0000000000000000000000000000000000000000..4a6b35dc4635bbeb14c014239967abb798b0d584
|
| --- /dev/null
|
| +++ b/net/data/ssl/scripts/generate-policy-certs.sh
|
| @@ -0,0 +1,96 @@
|
| +#!/bin/sh
|
| +
|
| +# Copyright 2013 The Chromium Authors. All rights reserved.
|
| +# Use of this source code is governed by a BSD-style license that can be
|
| +# found in the LICENSE file.
|
| +
|
| +# This script generates a (end-entity, intermediate, root) certificate, where
|
| +# the root has no explicit policies associated, the intermediate has multiple
|
| +# policies, and the leaf has a single policy.
|
| +#
|
| +# When validating, supplying no policy OID should not result in an error.
|
| +
|
| +try() {
|
| + echo "$@"
|
| + $@ || exit 1
|
| +}
|
| +
|
| +try rm -rf out
|
| +try mkdir out
|
| +
|
| +# Create the serial number files.
|
| +try echo 1 > out/policy-root-serial
|
| +try echo 1 > out/policy-intermediate-serial
|
| +
|
| +# Create the signers' DB files.
|
| +touch out/policy-root-index.txt
|
| +touch out/policy-intermediate-index.txt
|
| +
|
| +# Generate the keys
|
| +try openssl genrsa -out out/policy-root.key 2048
|
| +try openssl genrsa -out out/policy-intermediate.key 2048
|
| +try openssl genrsa -out out/policy-cert.key 2048
|
| +
|
| +# Generate the root certificate
|
| +COMMON_NAME="Policy Test Root CA" \
|
| + CA_DIR=out \
|
| + CA_NAME=policy-root \
|
| + try openssl req \
|
| + -new \
|
| + -key out/policy-root.key \
|
| + -out out/policy-root.csr \
|
| + -config policy.cnf
|
| +
|
| +COMMON_NAME="Policy Test Root CA" \
|
| + CA_DIR=out \
|
| + CA_NAME=policy-root \
|
| + try openssl x509 \
|
| + -req -days 3650 \
|
| + -in out/policy-root.csr \
|
| + -out out/policy-root.pem \
|
| + -signkey out/policy-root.key \
|
| + -extfile policy.cnf \
|
| + -extensions ca_cert
|
| +
|
| +# Generate the intermediate
|
| +COMMON_NAME="Policy Test Intermediate CA" \
|
| + CA_DIR=out \
|
| + try openssl req \
|
| + -new \
|
| + -key out/policy-intermediate.key \
|
| + -out out/policy-intermediate.csr \
|
| + -config policy.cnf
|
| +
|
| +COMMON_NAME="UNUSED" \
|
| + CA_DIR=out \
|
| + CA_NAME=policy-root \
|
| + try openssl ca \
|
| + -batch \
|
| + -in out/policy-intermediate.csr \
|
| + -out out/policy-intermediate.pem \
|
| + -config policy.cnf \
|
| + -extensions intermediate_cert
|
| +
|
| +# Generate the leaf
|
| +COMMON_NAME="policy_test.example" \
|
| +CA_DIR=out \
|
| +CA_NAME=policy-intermediate \
|
| +try openssl req \
|
| + -new \
|
| + -key out/policy-cert.key \
|
| + -out out/policy-cert.csr \
|
| + -config policy.cnf
|
| +
|
| +COMMON_NAME="Policy Test Intermediate CA" \
|
| + CA_DIR=out \
|
| + CA_NAME=policy-intermediate \
|
| + try openssl ca \
|
| + -batch \
|
| + -in out/policy-cert.csr \
|
| + -out out/policy-cert.pem \
|
| + -config policy.cnf \
|
| + -extensions user_cert
|
| +
|
| +cat out/policy-cert.pem \
|
| + out/policy-intermediate.pem \
|
| + out/policy-root.pem >../certificates/explicit-policy-chain.pem
|
|
|
Chromium Code Reviews
Issue 18223006:
Add script for generating certificates that require an explicit policy (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src