| Index: net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| diff --git a/net/data/ssl/scripts/generate-multi-root-test-chains.sh b/net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| deleted file mode 100755
|
| index 6f88325a3ccf38debf443645a09a622b1d7b16cb..0000000000000000000000000000000000000000
|
| --- a/net/data/ssl/scripts/generate-multi-root-test-chains.sh
|
| +++ /dev/null
|
| @@ -1,161 +0,0 @@
|
| -#!/bin/sh
|
| -
|
| -# Copyright 2014 The Chromium Authors. All rights reserved.
|
| -# Use of this source code is governed by a BSD-style license that can be
|
| -# found in the LICENSE file.
|
| -
|
| -# This script generates two chains of test certificates:
|
| -#
|
| -# 1. A (end-entity) -> B -> C -> D (self-signed root)
|
| -# 2. A (end-entity) -> B -> C2 -> E (self-signed root)
|
| -#
|
| -# C and C2 have the same subject and keypair.
|
| -#
|
| -# We use these cert chains in CertVerifyProcChromeOSTest
|
| -# to ensure that multiple verification paths are properly handled.
|
| -
|
| -try () {
|
| - echo "$@"
|
| - "$@" || exit 1
|
| -}
|
| -
|
| -try rm -rf out
|
| -try mkdir out
|
| -
|
| -echo Create the serial number files.
|
| -serial=1000
|
| -for i in B C C2 D E
|
| -do
|
| - try /bin/sh -c "echo $serial > out/$i-serial"
|
| - serial=$(expr $serial + 1)
|
| -done
|
| -
|
| -echo Generate the keys.
|
| -try openssl genrsa -out out/A.key 2048
|
| -try openssl genrsa -out out/B.key 2048
|
| -try openssl genrsa -out out/C.key 2048
|
| -try openssl genrsa -out out/D.key 2048
|
| -try openssl genrsa -out out/E.key 2048
|
| -
|
| -echo Generate the D CSR.
|
| -CA_COMMON_NAME="D Root CA" \
|
| - CERTIFICATE=D \
|
| - try openssl req \
|
| - -new \
|
| - -key out/D.key \
|
| - -out out/D.csr \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo D signs itself.
|
| -CA_COMMON_NAME="D Root CA" \
|
| - try openssl x509 \
|
| - -req -days 3650 \
|
| - -in out/D.csr \
|
| - -extensions ca_cert \
|
| - -extfile redundant-ca.cnf \
|
| - -signkey out/D.key \
|
| - -out out/D.pem \
|
| - -text
|
| -
|
| -echo Generate the E CSR.
|
| -CA_COMMON_NAME="E Root CA" \
|
| - CERTIFICATE=E \
|
| - try openssl req \
|
| - -new \
|
| - -key out/E.key \
|
| - -out out/E.csr \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo E signs itself.
|
| -CA_COMMON_NAME="E Root CA" \
|
| - try openssl x509 \
|
| - -req -days 3650 \
|
| - -in out/E.csr \
|
| - -extensions ca_cert \
|
| - -extfile redundant-ca.cnf \
|
| - -signkey out/E.key \
|
| - -out out/E.pem \
|
| - -text
|
| -
|
| -echo Generate the C2 intermediary CSR.
|
| -CA_COMMON_NAME="C CA" \
|
| - CERTIFICATE=C2 \
|
| - try openssl req \
|
| - -new \
|
| - -key out/C.key \
|
| - -out out/C2.csr \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo Generate the B and C intermediaries\' CSRs.
|
| -for i in B C
|
| -do
|
| - CA_COMMON_NAME="$i CA" \
|
| - CERTIFICATE="$i" \
|
| - try openssl req \
|
| - -new \
|
| - -key "out/$i.key" \
|
| - -out "out/$i.csr" \
|
| - -config redundant-ca.cnf
|
| -done
|
| -
|
| -echo D signs the C intermediate.
|
| -# Make sure the signer's DB file exists.
|
| -touch out/D-index.txt
|
| -CA_COMMON_NAME="D Root CA" \
|
| - CERTIFICATE=D \
|
| - try openssl ca \
|
| - -batch \
|
| - -extensions ca_cert \
|
| - -in out/C.csr \
|
| - -out out/C.pem \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo E signs the C2 intermediate.
|
| -# Make sure the signer's DB file exists.
|
| -touch out/E-index.txt
|
| -CA_COMMON_NAME="E Root CA" \
|
| - CERTIFICATE=E \
|
| - try openssl ca \
|
| - -batch \
|
| - -extensions ca_cert \
|
| - -in out/C2.csr \
|
| - -out out/C2.pem \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo C signs the B intermediate.
|
| -touch out/C-index.txt
|
| -CA_COMMON_NAME="C CA" \
|
| - CERTIFICATE=C \
|
| - try openssl ca \
|
| - -batch \
|
| - -extensions ca_cert \
|
| - -in out/B.csr \
|
| - -out out/B.pem \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo Generate the A end-entity CSR.
|
| -try openssl req \
|
| - -new \
|
| - -key out/A.key \
|
| - -out out/A.csr \
|
| - -config ee.cnf
|
| -
|
| -echo B signs A.
|
| -touch out/B-index.txt
|
| -CA_COMMON_NAME="B CA" \
|
| - CERTIFICATE=B \
|
| - try openssl ca \
|
| - -batch \
|
| - -extensions user_cert \
|
| - -in out/A.csr \
|
| - -out out/A.pem \
|
| - -config redundant-ca.cnf
|
| -
|
| -echo Create multi-root-chain1.pem
|
| -try /bin/sh -c "cat out/A.key out/A.pem out/B.pem out/C.pem out/D.pem \
|
| - > ../certificates/multi-root-chain1.pem"
|
| -
|
| -echo Create multi-root-chain2.pem
|
| -try /bin/sh -c "cat out/A.key out/A.pem out/B.pem out/C2.pem out/E.pem \
|
| - > ../certificates/multi-root-chain2.pem"
|
| -
|
|
|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master