| OLD | NEW |
|---|
| (Empty) |
| 1 #!/bin/sh | |
| 2 | |
| 3 # Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 4 # Use of this source code is governed by a BSD-style license that can be | |
| 5 # found in the LICENSE file. | |
| 6 | |
| 7 # This script generates two chains of test certificates: | |
| 8 # 1. A1 (end-entity) -> B (self-signed root) | |
| 9 # 2. A2 (end-entity) -> B (self-signed root) | |
| 10 # | |
| 11 # In which A1 and A2 share the same key, the same subject common name, but have | |
| 12 # distinct O values in their subjects. | |
| 13 # | |
| 14 # This is used to test that NSS can properly generate unique certificate | |
| 15 # nicknames for both certificates. | |
| 16 | |
| 17 try () { | |
| 18 echo "$@" | |
| 19 "$@" || exit 1 | |
| 20 } | |
| 21 | |
| 22 try rm -rf out | |
| 23 try mkdir out | |
| 24 | |
| 25 echo Create the serial number and index files. | |
| 26 try /bin/sh -c "echo 01 > out/B-serial" | |
| 27 try touch out/B-index.txt | |
| 28 | |
| 29 echo Generate the keys. | |
| 30 try openssl genrsa -out out/A.key 2048 | |
| 31 try openssl genrsa -out out/B.key 2048 | |
| 32 | |
| 33 echo Generate the B CSR. | |
| 34 CA_COMMON_NAME="B Root CA" \ | |
| 35 CERTIFICATE=B \ | |
| 36 try openssl req \ | |
| 37 -new \ | |
| 38 -key out/B.key \ | |
| 39 -out out/B.csr \ | |
| 40 -config redundant-ca.cnf | |
| 41 | |
| 42 echo B signs itself. | |
| 43 CA_COMMON_NAME="B Root CA" \ | |
| 44 try openssl x509 \ | |
| 45 -req -days 3650 \ | |
| 46 -in out/B.csr \ | |
| 47 -extfile redundant-ca.cnf \ | |
| 48 -extensions ca_cert \ | |
| 49 -signkey out/B.key \ | |
| 50 -out out/B.pem | |
| 51 | |
| 52 echo Generate the A1 end-entity CSR. | |
| 53 SUBJECT_NAME=req_duplicate_cn_1 \ | |
| 54 try openssl req \ | |
| 55 -new \ | |
| 56 -key out/A.key \ | |
| 57 -out out/A1.csr \ | |
| 58 -config ee.cnf | |
| 59 | |
| 60 echo Generate the A2 end-entity CSR | |
| 61 SUBJECT_NAME=req_duplicate_cn_2 \ | |
| 62 try openssl req \ | |
| 63 -new \ | |
| 64 -key out/A.key \ | |
| 65 -out out/A2.csr \ | |
| 66 -config ee.cnf | |
| 67 | |
| 68 | |
| 69 echo B signs A1. | |
| 70 CA_COMMON_NAME="B CA" \ | |
| 71 CERTIFICATE=B \ | |
| 72 try openssl ca \ | |
| 73 -batch \ | |
| 74 -extensions user_cert \ | |
| 75 -in out/A1.csr \ | |
| 76 -out out/A1.pem \ | |
| 77 -config redundant-ca.cnf | |
| 78 | |
| 79 echo B signs A2. | |
| 80 CA_COMMON_NAME="B CA" \ | |
| 81 CERTIFICATE=B \ | |
| 82 try openssl ca \ | |
| 83 -batch \ | |
| 84 -extensions user_cert \ | |
| 85 -in out/A2.csr \ | |
| 86 -out out/A2.pem \ | |
| 87 -config redundant-ca.cnf | |
| 88 | |
| 89 echo Exporting the certificates to PKCS#12 | |
| 90 try openssl pkcs12 \ | |
| 91 -export \ | |
| 92 -inkey out/A.key \ | |
| 93 -in out/A1.pem \ | |
| 94 -out ../certificates/duplicate_cn_1.p12 \ | |
| 95 -passout pass:chrome | |
| 96 | |
| 97 try openssl pkcs12 \ | |
| 98 -export \ | |
| 99 -inkey out/A.key \ | |
| 100 -in out/A2.pem \ | |
| 101 -out ../certificates/duplicate_cn_2.p12 \ | |
| 102 -passout pass:chrome | |
| 103 | |
| 104 try cp out/A1.pem ../certificates/duplicate_cn_1.pem | |
| 105 try cp out/A2.pem ../certificates/duplicate_cn_2.pem | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master