Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / data / ssl / scripts / generate-duplicate-cn-certs.sh
blobfa2c0df24fe29bcb425d37f59b60f72958d84b87
1 #!/bin/sh
3 # Copyright (c) 2013 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file.
7 # This script generates two chains of test certificates:
8 # 1. A1 (end-entity) -> B (self-signed root)
9 # 2. A2 (end-entity) -> B (self-signed root)
11 # In which A1 and A2 share the same key, the same subject common name, but have
12 # distinct O values in their subjects.
14 # This is used to test that NSS can properly generate unique certificate
15 # nicknames for both certificates.
17 try () {
18 echo "$@"
19 "$@" || exit 1
22 try rm -rf out
23 try mkdir out
25 echo Create the serial number and index files.
26 try /bin/sh -c "echo 01 > out/B-serial"
27 try touch out/B-index.txt
29 echo Generate the keys.
30 try openssl genrsa -out out/A.key 2048
31 try openssl genrsa -out out/B.key 2048
33 echo Generate the B CSR.
34 CA_COMMON_NAME="B Root CA" \
35 CERTIFICATE=B \
36 try openssl req \
37 -new \
38 -key out/B.key \
39 -out out/B.csr \
40 -config redundant-ca.cnf
42 echo B signs itself.
43 CA_COMMON_NAME="B Root CA" \
44 try openssl x509 \
45 -req -days 3650 \
46 -in out/B.csr \
47 -extfile redundant-ca.cnf \
48 -extensions ca_cert \
49 -signkey out/B.key \
50 -out out/B.pem
52 echo Generate the A1 end-entity CSR.
53 SUBJECT_NAME=req_duplicate_cn_1 \
54 try openssl req \
55 -new \
56 -key out/A.key \
57 -out out/A1.csr \
58 -config ee.cnf
60 echo Generate the A2 end-entity CSR
61 SUBJECT_NAME=req_duplicate_cn_2 \
62 try openssl req \
63 -new \
64 -key out/A.key \
65 -out out/A2.csr \
66 -config ee.cnf
69 echo B signs A1.
70 CA_COMMON_NAME="B CA" \
71 CERTIFICATE=B \
72 try openssl ca \
73 -batch \
74 -extensions user_cert \
75 -in out/A1.csr \
76 -out out/A1.pem \
77 -config redundant-ca.cnf
79 echo B signs A2.
80 CA_COMMON_NAME="B CA" \
81 CERTIFICATE=B \
82 try openssl ca \
83 -batch \
84 -extensions user_cert \
85 -in out/A2.csr \
86 -out out/A2.pem \
87 -config redundant-ca.cnf
89 echo Exporting the certificates to PKCS#12
90 try openssl pkcs12 \
91 -export \
92 -inkey out/A.key \
93 -in out/A1.pem \
94 -out ../certificates/duplicate_cn_1.p12 \
95 -passout pass:chrome
97 try openssl pkcs12 \
98 -export \
99 -inkey out/A.key \
100 -in out/A2.pem \
101 -out ../certificates/duplicate_cn_2.p12 \
102 -passout pass:chrome
104 try cp out/A1.pem ../certificates/duplicate_cn_1.pem
105 try cp out/A2.pem ../certificates/duplicate_cn_2.pem