1*6777b538SAndroid Build Coastguard Worker#!/bin/sh 2*6777b538SAndroid Build Coastguard Worker 3*6777b538SAndroid Build Coastguard Worker# Copyright 2013 The Chromium Authors 4*6777b538SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 5*6777b538SAndroid Build Coastguard Worker# found in the LICENSE file. 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker# This script generates two chains of test certificates: 8*6777b538SAndroid Build Coastguard Worker# 1. A1 (end-entity) -> B (self-signed root) 9*6777b538SAndroid Build Coastguard Worker# 2. A2 (end-entity) -> B (self-signed root) 10*6777b538SAndroid Build Coastguard Worker# 11*6777b538SAndroid Build Coastguard Worker# In which A1 and A2 share the same key, the same subject common name, but have 12*6777b538SAndroid Build Coastguard Worker# distinct O values in their subjects. 13*6777b538SAndroid Build Coastguard Worker# 14*6777b538SAndroid Build Coastguard Worker# This is used to test that NSS can properly generate unique certificate 15*6777b538SAndroid Build Coastguard Worker# nicknames for both certificates. 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Workertry () { 18*6777b538SAndroid Build Coastguard Worker echo "$@" 19*6777b538SAndroid Build Coastguard Worker "$@" || exit 1 20*6777b538SAndroid Build Coastguard Worker} 21*6777b538SAndroid Build Coastguard Worker 22*6777b538SAndroid Build Coastguard Workertry rm -rf out 23*6777b538SAndroid Build Coastguard Workertry mkdir out 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Workerecho Create the serial number and index files. 26*6777b538SAndroid Build Coastguard Workertry /bin/sh -c "echo 01 > out/B-serial" 27*6777b538SAndroid Build Coastguard Workertry touch out/B-index.txt 28*6777b538SAndroid Build Coastguard Worker 29*6777b538SAndroid Build Coastguard Workerecho Generate the keys. 30*6777b538SAndroid Build Coastguard Workertry openssl genrsa -out out/A.key 2048 31*6777b538SAndroid Build Coastguard Workertry openssl genrsa -out out/B.key 2048 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Workerecho Generate the B CSR. 34*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="B Root CA" \ 35*6777b538SAndroid Build Coastguard Worker CERTIFICATE=B \ 36*6777b538SAndroid Build Coastguard Worker try openssl req \ 37*6777b538SAndroid Build Coastguard Worker -new \ 38*6777b538SAndroid Build Coastguard Worker -key out/B.key \ 39*6777b538SAndroid Build Coastguard Worker -out out/B.csr \ 40*6777b538SAndroid Build Coastguard Worker -config redundant-ca.cnf 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Workerecho B signs itself. 43*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="B Root CA" \ 44*6777b538SAndroid Build Coastguard Worker try openssl x509 \ 45*6777b538SAndroid Build Coastguard Worker -req -days 3650 \ 46*6777b538SAndroid Build Coastguard Worker -in out/B.csr \ 47*6777b538SAndroid Build Coastguard Worker -extfile redundant-ca.cnf \ 48*6777b538SAndroid Build Coastguard Worker -extensions ca_cert \ 49*6777b538SAndroid Build Coastguard Worker -signkey out/B.key \ 50*6777b538SAndroid Build Coastguard Worker -out out/B.pem 51*6777b538SAndroid Build Coastguard Worker 52*6777b538SAndroid Build Coastguard Workerecho Generate the A1 end-entity CSR. 53*6777b538SAndroid Build Coastguard WorkerSUBJECT_NAME=req_duplicate_cn_1 \ 54*6777b538SAndroid Build Coastguard Worker try openssl req \ 55*6777b538SAndroid Build Coastguard Worker -new \ 56*6777b538SAndroid Build Coastguard Worker -key out/A.key \ 57*6777b538SAndroid Build Coastguard Worker -out out/A1.csr \ 58*6777b538SAndroid Build Coastguard Worker -config ee.cnf 59*6777b538SAndroid Build Coastguard Worker 60*6777b538SAndroid Build Coastguard Workerecho Generate the A2 end-entity CSR 61*6777b538SAndroid Build Coastguard WorkerSUBJECT_NAME=req_duplicate_cn_2 \ 62*6777b538SAndroid Build Coastguard Worker try openssl req \ 63*6777b538SAndroid Build Coastguard Worker -new \ 64*6777b538SAndroid Build Coastguard Worker -key out/A.key \ 65*6777b538SAndroid Build Coastguard Worker -out out/A2.csr \ 66*6777b538SAndroid Build Coastguard Worker -config ee.cnf 67*6777b538SAndroid Build Coastguard Worker 68*6777b538SAndroid Build Coastguard Worker 69*6777b538SAndroid Build Coastguard Workerecho B signs A1. 70*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="B CA" \ 71*6777b538SAndroid Build Coastguard Worker CERTIFICATE=B \ 72*6777b538SAndroid Build Coastguard Worker try openssl ca \ 73*6777b538SAndroid Build Coastguard Worker -batch \ 74*6777b538SAndroid Build Coastguard Worker -extensions user_cert \ 75*6777b538SAndroid Build Coastguard Worker -in out/A1.csr \ 76*6777b538SAndroid Build Coastguard Worker -out out/A1.pem \ 77*6777b538SAndroid Build Coastguard Worker -config redundant-ca.cnf 78*6777b538SAndroid Build Coastguard Worker 79*6777b538SAndroid Build Coastguard Workerecho B signs A2. 80*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="B CA" \ 81*6777b538SAndroid Build Coastguard Worker CERTIFICATE=B \ 82*6777b538SAndroid Build Coastguard Worker try openssl ca \ 83*6777b538SAndroid Build Coastguard Worker -batch \ 84*6777b538SAndroid Build Coastguard Worker -extensions user_cert \ 85*6777b538SAndroid Build Coastguard Worker -in out/A2.csr \ 86*6777b538SAndroid Build Coastguard Worker -out out/A2.pem \ 87*6777b538SAndroid Build Coastguard Worker -config redundant-ca.cnf 88*6777b538SAndroid Build Coastguard Worker 89*6777b538SAndroid Build Coastguard Workerecho Exporting the certificates to PKCS#12 90*6777b538SAndroid Build Coastguard Workertry openssl pkcs12 \ 91*6777b538SAndroid Build Coastguard Worker -export \ 92*6777b538SAndroid Build Coastguard Worker -inkey out/A.key \ 93*6777b538SAndroid Build Coastguard Worker -in out/A1.pem \ 94*6777b538SAndroid Build Coastguard Worker -out ../certificates/duplicate_cn_1.p12 \ 95*6777b538SAndroid Build Coastguard Worker -passout pass:chrome 96*6777b538SAndroid Build Coastguard Worker 97*6777b538SAndroid Build Coastguard Workertry openssl pkcs12 \ 98*6777b538SAndroid Build Coastguard Worker -export \ 99*6777b538SAndroid Build Coastguard Worker -inkey out/A.key \ 100*6777b538SAndroid Build Coastguard Worker -in out/A2.pem \ 101*6777b538SAndroid Build Coastguard Worker -out ../certificates/duplicate_cn_2.p12 \ 102*6777b538SAndroid Build Coastguard Worker -passout pass:chrome 103*6777b538SAndroid Build Coastguard Worker 104*6777b538SAndroid Build Coastguard Workertry cp out/A1.pem ../certificates/duplicate_cn_1.pem 105*6777b538SAndroid Build Coastguard Workertry cp out/A2.pem ../certificates/duplicate_cn_2.pem 106