| OLD | NEW | 
|---|
| (Empty) |  | 
|  | 1 #!/bin/sh | 
|  | 2 | 
|  | 3 # Copyright 2013 The Chromium Authors. All rights reserved. | 
|  | 4 # Use of this source code is governed by a BSD-style license that can be | 
|  | 5 # found in the LICENSE file. | 
|  | 6 | 
|  | 7 # This script generates a set of test (end-entity, intermediate, root) | 
|  | 8 # certificates that can be used to test fetching of an intermediate via AIA. | 
|  | 9 | 
|  | 10 try() { | 
|  | 11   echo "$@" | 
|  | 12   $@ || exit 1 | 
|  | 13 } | 
|  | 14 | 
|  | 15 try rm -rf out | 
|  | 16 try mkdir out | 
|  | 17 | 
|  | 18 try echo 1 > out/2048-sha1-root-serial | 
|  | 19 touch out/2048-sha1-root-index.txt | 
|  | 20 | 
|  | 21 # Generate the key | 
|  | 22 try openssl genrsa -out out/2048-sha1-root.key 2048 | 
|  | 23 | 
|  | 24 # Generate the root certificate | 
|  | 25 CA_COMMON_NAME="Test Root CA" \ | 
|  | 26   try openssl req \ | 
|  | 27     -new \ | 
|  | 28     -key out/2048-sha1-root.key \ | 
|  | 29     -out out/2048-sha1-root.req \ | 
|  | 30     -config ca.cnf | 
|  | 31 | 
|  | 32 CA_COMMON_NAME="Test Root CA" \ | 
|  | 33   try openssl x509 \ | 
|  | 34     -req -days 3650 \ | 
|  | 35     -in out/2048-sha1-root.req \ | 
|  | 36     -out out/2048-sha1-root.pem \ | 
|  | 37     -text \ | 
|  | 38     -signkey out/2048-sha1-root.key \ | 
|  | 39     -extfile ca.cnf \ | 
|  | 40     -extensions ca_cert | 
|  | 41 | 
|  | 42 # Generate the leaf certificate requests | 
|  | 43 try openssl req \ | 
|  | 44   -new \ | 
|  | 45   -keyout out/expired_cert.key \ | 
|  | 46   -out out/expired_cert.req \ | 
|  | 47   -config ee.cnf | 
|  | 48 | 
|  | 49 try openssl req \ | 
|  | 50   -new \ | 
|  | 51   -keyout out/ok_cert.key \ | 
|  | 52   -out out/ok_cert.req \ | 
|  | 53   -config ee.cnf | 
|  | 54 | 
|  | 55 # Generate the leaf certificates | 
|  | 56 CA_COMMON_NAME="Test Root CA" \ | 
|  | 57   try openssl ca \ | 
|  | 58     -batch \ | 
|  | 59     -extensions user_cert \ | 
|  | 60     -startdate 060101000000Z \ | 
|  | 61     -enddate 070101000000Z \ | 
|  | 62     -in out/expired_cert.req \ | 
|  | 63     -out out/expired_cert.pem \ | 
|  | 64     -config ca.cnf | 
|  | 65 | 
|  | 66 CA_COMMON_NAME="Test Root CA" \ | 
|  | 67   try openssl ca \ | 
|  | 68     -batch \ | 
|  | 69     -extensions user_cert \ | 
|  | 70     -days 3650 \ | 
|  | 71     -in out/ok_cert.req \ | 
|  | 72     -out out/ok_cert.pem \ | 
|  | 73     -config ca.cnf | 
|  | 74 | 
|  | 75 cat out/ok_cert.key out/ok_cert.pem \ | 
|  | 76     > ../certificates/ok_cert.pem | 
|  | 77 cat out/expired_cert.key out/expired_cert.pem \ | 
|  | 78     > ../certificates/expired_cert.pem | 
|  | 79 cat out/2048-sha1-root.key out/2048-sha1-root.pem \ | 
|  | 80     > ../certificates/root_ca_cert.pem | 
|  | 81 | 
| OLD | NEW | 
|---|