From c865e3d07e57f9d349449fbccbf1ae5f38767869 Mon Sep 17 00:00:00 2001
From: "mattm@chromium.org"
 <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Tue, 4 Feb 2014 02:09:45 +0000
Subject: test-cert generation scripts: Actually generate the checked-in files.

BUG=none
R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/143763003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@248663 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/data/ssl/scripts/generate-aia-certs.sh         |  8 +++++
 net/data/ssl/scripts/generate-bad-eku-certs.sh     | 35 +++++++++++++---------
 .../ssl/scripts/generate-client-certificates.sh    | 16 +++++-----
 .../ssl/scripts/generate-duplicate-cn-certs.sh     |  4 +--
 net/data/ssl/scripts/generate-policy-certs.sh      |  4 +--
 .../ssl/scripts/generate-redundant-test-chains.sh  |  9 +++---
 net/data/ssl/scripts/generate-test-certs.sh        | 12 ++++----
 net/data/ssl/scripts/generate-weak-test-chains.sh  |  2 ++
 8 files changed, 54 insertions(+), 36 deletions(-)

(limited to 'net')

diff --git a/net/data/ssl/scripts/generate-aia-certs.sh b/net/data/ssl/scripts/generate-aia-certs.sh
index a509cde..9f38871 100755
--- a/net/data/ssl/scripts/generate-aia-certs.sh
+++ b/net/data/ssl/scripts/generate-aia-certs.sh
@@ -89,3 +89,11 @@ CA_COMMON_NAME="AIA Test Intermediate CA" \
     -out out/aia-test-cert.pem \
     -config aia-test.cnf \
     -extensions user_cert
+
+# Copy to the file names that are actually checked in.
+try cp out/aia-test-cert.pem ../certificates/aia-cert.pem
+try openssl x509 \
+  -outform der \
+  -in out/aia-test-intermediate.pem \
+  -out ../certificates/aia-intermediate.der
+try cp out/aia-test-root.pem ../certificates/aia-root.pem
diff --git a/net/data/ssl/scripts/generate-bad-eku-certs.sh b/net/data/ssl/scripts/generate-bad-eku-certs.sh
index 88fc79c..e560e06 100755
--- a/net/data/ssl/scripts/generate-bad-eku-certs.sh
+++ b/net/data/ssl/scripts/generate-bad-eku-certs.sh
@@ -17,16 +17,16 @@ try () {
 try rm -rf out
 try mkdir out
 
-eku_test_root="eku-test-root"
+eku_test_root="2048-rsa-root"
 
 # Create the serial number files.
-try /bin/sh -c "echo 01 > out/$eku_test_root-serial"
+try /bin/sh -c "echo 01 > \"out/$eku_test_root-serial\""
 
 # Make sure the signers' DB files exist.
-touch out/$eku_test_root-index.txt
+touch "out/$eku_test_root-index.txt"
 
 # Generate one root CA certificate.
-try openssl genrsa -out out/$eku_test_root.key 2048
+try openssl genrsa -out "out/$eku_test_root.key" 2048
 
 CA_COMMON_NAME="2048 RSA Test Root CA" \
   CA_DIR=out \
@@ -36,9 +36,9 @@ CA_COMMON_NAME="2048 RSA Test Root CA" \
   CERT_TYPE=root \
   try openssl req \
     -new \
-    -key out/$eku_test_root.key \
+    -key "out/$eku_test_root.key" \
     -extensions ca_cert \
-    -out out/$eku_test_root.csr \
+    -out "out/$eku_test_root.csr" \
     -config ca.cnf
 
 CA_COMMON_NAME="2048 RSA Test Root CA" \
@@ -46,20 +46,20 @@ CA_COMMON_NAME="2048 RSA Test Root CA" \
   CA_NAME=req_env_dn \
   try openssl x509 \
     -req -days 3650 \
-    -in out/$eku_test_root.csr \
+    -in "out/$eku_test_root.csr" \
     -extensions ca_cert \
-    -signkey out/$eku_test_root.key \
-    -out out/$eku_test_root.pem
+    -signkey "out/$eku_test_root.key" \
+    -out "out/$eku_test_root.pem"
 
 # Generate EE certs.
 for cert_type in non-crit-codeSigning crit-codeSigning
 do
-  try openssl genrsa -out out/$cert_type.key 2048
+  try openssl genrsa -out "out/$cert_type.key" 2048
 
   try openssl req \
     -new \
-    -key out/$cert_type.key \
-    -out out/$cert_type.csr \
+    -key "out/$cert_type.key" \
+    -out "out/$cert_type.csr" \
     -config eku-test.cnf \
     -reqexts "$cert_type"
 
@@ -71,7 +71,14 @@ do
     CERT_TYPE=root \
     try openssl ca \
       -batch \
-      -in out/$cert_type.csr \
-      -out out/$cert_type.pem \
+      -in "out/$cert_type.csr" \
+      -out "out/$cert_type.pem" \
       -config ca.cnf
 done
+
+# Copy to the file names that are actually checked in.
+try cp "out/$eku_test_root.pem" ../certificates/eku-test-root.pem
+try /bin/sh -c "cat out/crit-codeSigning.key out/crit-codeSigning.pem \
+  > ../certificates/crit-codeSigning-chain.pem"
+try /bin/sh -c "cat out/non-crit-codeSigning.key out/non-crit-codeSigning.pem \
+  > ../certificates/non-crit-codeSigning-chain.pem"
diff --git a/net/data/ssl/scripts/generate-client-certificates.sh b/net/data/ssl/scripts/generate-client-certificates.sh
index f1e7fe4..16321ab 100755
--- a/net/data/ssl/scripts/generate-client-certificates.sh
+++ b/net/data/ssl/scripts/generate-client-certificates.sh
@@ -138,8 +138,8 @@ COMMON_NAME="E CA" \
 
 echo Package the client certs and private keys into PKCS12 files
 # This is done for easily importing all of the certs needed for clients.
-cat out/A.pem out/A.key out/B.pem out/C.pem > out/A-chain.pem
-cat out/D.pem out/D.key out/E.pem out/C.pem > out/D-chain.pem
+try /bin/sh -c "cat out/A.pem out/A.key out/B.pem out/C.pem > out/A-chain.pem"
+try /bin/sh -c "cat out/D.pem out/D.key out/E.pem out/C.pem > out/D-chain.pem"
 
 try openssl pkcs12 \
   -in out/A-chain.pem \
@@ -154,10 +154,10 @@ try openssl pkcs12 \
   -passout pass:chrome
 
 echo Package the client certs for unit tests
-cp out/A.pem client_1.pem
-cp out/A.key client_1.key
-cp out/B.pem client_1_ca.pem
+try cp out/A.pem ../certificates/client_1.pem
+try cp out/A.key ../certificates/client_1.key
+try cp out/B.pem ../certificates/client_1_ca.pem
 
-cp out/D.pem client_2.pem
-cp out/D.key client_2.key
-cp out/E.pem client_2_ca.pem
+try cp out/D.pem ../certificates/client_2.pem
+try cp out/D.key ../certificates/client_2.key
+try cp out/E.pem ../certificates/client_2_ca.pem
diff --git a/net/data/ssl/scripts/generate-duplicate-cn-certs.sh b/net/data/ssl/scripts/generate-duplicate-cn-certs.sh
index 2a31f46c..fa2c0df 100755
--- a/net/data/ssl/scripts/generate-duplicate-cn-certs.sh
+++ b/net/data/ssl/scripts/generate-duplicate-cn-certs.sh
@@ -101,5 +101,5 @@ try openssl pkcs12 \
   -out ../certificates/duplicate_cn_2.p12 \
   -passout pass:chrome
 
-cp out/A1.pem ../certificates/duplicate_cn_1.pem
-cp out/A2.pem ../certificates/duplicate_cn_2.pem
+try cp out/A1.pem ../certificates/duplicate_cn_1.pem
+try cp out/A2.pem ../certificates/duplicate_cn_2.pem
diff --git a/net/data/ssl/scripts/generate-policy-certs.sh b/net/data/ssl/scripts/generate-policy-certs.sh
index 6f592308..ec71a58 100755
--- a/net/data/ssl/scripts/generate-policy-certs.sh
+++ b/net/data/ssl/scripts/generate-policy-certs.sh
@@ -91,6 +91,6 @@ COMMON_NAME="Policy Test Intermediate CA" \
     -config policy.cnf \
     -extensions user_cert
 
-cat out/policy-cert.pem \
+try /bin/sh -c "cat out/policy-cert.pem \
     out/policy-intermediate.pem \
-    out/policy-root.pem >../certificates/explicit-policy-chain.pem
+    out/policy-root.pem >../certificates/explicit-policy-chain.pem"
diff --git a/net/data/ssl/scripts/generate-redundant-test-chains.sh b/net/data/ssl/scripts/generate-redundant-test-chains.sh
index 32a7e0d..a0977c2 100755
--- a/net/data/ssl/scripts/generate-redundant-test-chains.sh
+++ b/net/data/ssl/scripts/generate-redundant-test-chains.sh
@@ -132,12 +132,13 @@ CA_COMMON_NAME="B CA" \
     -config redundant-ca.cnf
 
 echo Create redundant-server-chain.pem
-cat out/A.key out/A.pem out/B.pem out/C.pem out/D.pem \
-    > redundant-server-chain.pem
+try /bin/sh -c "cat out/A.key out/A.pem out/B.pem out/C.pem out/D.pem \
+    > ../certificates/redundant-server-chain.pem"
 
 echo Create redundant-validated-chain.pem
-cat out/A.key out/A.pem out/B.pem out/C2.pem > redundant-validated-chain.pem
+try /bin/sh -c "cat out/A.key out/A.pem out/B.pem out/C2.pem \
+  > ../certificates/redundant-validated-chain.pem"
 
 echo Create redundant-validated-chain-root.pem
-cp out/C2.pem redundant-validated-chain-root.pem
+try cp out/C2.pem ../certificates/redundant-validated-chain-root.pem
 
diff --git a/net/data/ssl/scripts/generate-test-certs.sh b/net/data/ssl/scripts/generate-test-certs.sh
index 4c13bce..b00d7cd 100755
--- a/net/data/ssl/scripts/generate-test-certs.sh
+++ b/net/data/ssl/scripts/generate-test-certs.sh
@@ -72,10 +72,10 @@ CA_COMMON_NAME="Test Root CA" \
     -out out/ok_cert.pem \
     -config ca.cnf
 
-cat out/ok_cert.key out/ok_cert.pem \
-    > ../certificates/ok_cert.pem
-cat out/expired_cert.key out/expired_cert.pem \
-    > ../certificates/expired_cert.pem
-cat out/2048-sha1-root.key out/2048-sha1-root.pem \
-    > ../certificates/root_ca_cert.pem
+try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \
+    > ../certificates/ok_cert.pem"
+try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \
+    > ../certificates/expired_cert.pem"
+try /bin/sh -c "cat out/2048-sha1-root.key out/2048-sha1-root.pem \
+    > ../certificates/root_ca_cert.pem"
 
diff --git a/net/data/ssl/scripts/generate-weak-test-chains.sh b/net/data/ssl/scripts/generate-weak-test-chains.sh
index c43c62a..8377ea8 100755
--- a/net/data/ssl/scripts/generate-weak-test-chains.sh
+++ b/net/data/ssl/scripts/generate-weak-test-chains.sh
@@ -166,3 +166,5 @@ do
   done
 done
 
+# Copy final outputs.
+try cp out/*root*pem out/*intermediate*pem ../certificates
-- 
cgit v1.1