summaryrefslogtreecommitdiffstats
path: root/net/data/ssl/scripts/generate-weak-test-chains.sh
diff options
context:
space:
mode:
Diffstat (limited to 'net/data/ssl/scripts/generate-weak-test-chains.sh')
-rwxr-xr-xnet/data/ssl/scripts/generate-weak-test-chains.sh168
1 files changed, 168 insertions, 0 deletions
diff --git a/net/data/ssl/scripts/generate-weak-test-chains.sh b/net/data/ssl/scripts/generate-weak-test-chains.sh
new file mode 100755
index 0000000..c99509f
--- /dev/null
+++ b/net/data/ssl/scripts/generate-weak-test-chains.sh
@@ -0,0 +1,168 @@
+#!/bin/sh
+
+# Copyright (c) 2011 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This script generates a set of test (end-entity, intermediate, root)
+# certificates with (weak, strong), (RSA, DSA, ECDSA) key pairs.
+
+key_types="768-rsa 1024-rsa 2048-rsa prime256v1-ecdsa"
+
+try () {
+ echo "$@"
+ $@ || exit 1
+}
+
+generate_key_command () {
+ case "$1" in
+ dsa)
+ echo "dsaparam -genkey"
+ ;;
+ ecdsa)
+ echo "ecparam -genkey"
+ ;;
+ rsa)
+ echo genrsa
+ ;;
+ *)
+ exit 1
+ esac
+}
+
+try rm -rf out
+try mkdir out
+
+# Create the serial number files.
+try echo 1 > out/2048-rsa-root-serial
+for key_type in $key_types
+do
+ try echo 1 > out/$key_type-intermediate-serial
+done
+
+# Generate one root CA certificate.
+try openssl genrsa -out out/2048-rsa-root.key 2048
+
+CA_COMMON_NAME="2048 RSA Test Root CA" \
+ CA_DIR=out \
+ CA_NAME=req_env_dn \
+ KEY_SIZE=2048 \
+ ALGO=rsa \
+ CERT_TYPE=root \
+ try openssl req \
+ -new \
+ -key out/2048-rsa-root.key \
+-extensions ca_cert \
+ -out out/2048-rsa-root.csr \
+ -config ca.cnf
+
+CA_COMMON_NAME="2048 RSA Test Root CA" \
+ CA_DIR=out \
+ CA_NAME=req_env_dn \
+ try openssl x509 \
+ -req -days 3650 \
+ -in out/2048-rsa-root.csr \
+-extensions ca_cert \
+ -signkey out/2048-rsa-root.key \
+ -out out/2048-rsa-root.pem
+
+# Generate private keys of all types and strengths for intermediate CAs and
+# end-entities.
+for key_type in $key_types
+do
+ key_size=$(echo "$key_type" | sed -E 's/-.+//')
+ algo=$(echo "$key_type" | sed -E 's/.+-//')
+
+ if [ ecdsa = $algo ]
+ then
+ key_size="-name $key_size"
+ fi
+
+ try openssl $(generate_key_command $algo) \
+ -out out/$key_type-intermediate.key $key_size
+done
+
+for key_type in $key_types
+do
+ key_size=$(echo "$key_type" | sed -E 's/-.+//')
+ algo=$(echo "$key_type" | sed -E 's/.+-//')
+
+ if [ ecdsa = $algo ]
+ then
+ key_size="-name $key_size"
+ fi
+
+ for signer_key_type in $key_types
+ do
+ try openssl $(generate_key_command $algo) \
+ -out out/$key_type-ee-by-$signer_key_type-intermediate.key $key_size
+ done
+done
+
+# The root signs the intermediates.
+for key_type in $key_types
+do
+ key_size=$(echo "$key_type" | sed -E 's/-.+//')
+ algo=$(echo "$key_type" | sed -E 's/.+-//')
+
+ CA_COMMON_NAME="$key_size $algo Test intermediate CA" \
+ CA_DIR=out \
+ CA_NAME=req_env_dn \
+ KEY_SIZE=$key_size \
+ ALGO=$algo \
+ CERT_TYPE=intermediate \
+ try openssl req \
+ -new \
+ -key out/$key_type-intermediate.key \
+ -out out/$key_type-intermediate.csr \
+ -config ca.cnf
+
+ # Make sure the signer's DB file exists.
+ touch out/2048-rsa-root-index.txt
+
+ CA_COMMON_NAME="2048 RSA Test Root CA" \
+ CA_DIR=out \
+ CA_NAME=req_env_dn \
+ KEY_SIZE=2048 \
+ ALGO=rsa \
+ CERT_TYPE=root \
+ try openssl ca \
+ -batch \
+ -extensions ca_cert \
+ -in out/$key_type-intermediate.csr \
+ -out out/$key_type-intermediate.pem \
+ -config ca.cnf
+done
+
+# The intermediates sign the end-entities.
+for key_type in $key_types
+do
+ for signer_key_type in $key_types
+ do
+ key_size=$(echo "$key_type" | sed -E 's/-.+//')
+ algo=$(echo "$key_type" | sed -E 's/.+-//')
+ signer_key_size=$(echo "$signer_key_type" | sed -E 's/-.+//')
+ signer_algo=$(echo "$signer_key_type" | sed -E 's/.+-//')
+ touch out/$signer_key_type-intermediate-index.txt
+
+ KEY_SIZE=$key_size \
+ try openssl req \
+ -new \
+ -key out/$key_type-ee-by-$signer_key_type-intermediate.key \
+ -out out/$key_type-ee-by-$signer_key_type-intermediate.csr \
+ -config ee.cnf
+
+ CA_COMMON_NAME="$signer_key_size $algo Test intermediate CA" \
+ CA_DIR=out \
+ CA_NAME=req_env_dn \
+ KEY_SIZE=$signer_key_size \
+ ALGO=$signer_algo \
+ CERT_TYPE=intermediate \
+ try openssl ca \
+ -batch \
+ -in out/$key_type-ee-by-$signer_key_type-intermediate.csr \
+ -out out/$key_type-ee-by-$signer_key_type-intermediate.pem \
+ -config ca.cnf
+ done
+done
+
generated by cgit v1.1 at 2025-03-09 18:21:09 +0000