Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
OWEALs
/
openssl
-ын хуулбар git://git.openssl.org/openssl.git
2
0
Салаа 0
Файлууд Асуудлууд 1 Мэдлэгийн сан
Мод: c8d1c9b067
Салаанууд Тагууд
openssl
/
test
/
Attic
/
testss

testss 4.7 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. #!/bin/sh
    2. 

  2. 

  3. digest='-sha1'
    4. 

  4. reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
    5. 

  5. x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
    6. 

  6. verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
    7. 

  7. dummycnf="../apps/openssl.cnf"
    8. 

  8. 

  9. CAkey="keyCA.ss"
    10. 

  10. CAcert="certCA.ss"
    11. 

  11. CAserial="certCA.srl"
    12. 

  12. CAreq="reqCA.ss"
    13. 

  13. CAconf="CAss.cnf"
    14. 

  14. CAreq2="req2CA.ss"	# temp
    15. 

  15. 

  16. Uconf="Uss.cnf"
    17. 

  17. Ukey="keyU.ss"
    18. 

  18. Ureq="reqU.ss"
    19. 

  19. Ucert="certU.ss"
    20. 

  20. 

  21. Dkey="keyD.ss"
    22. 

  22. Dreq="reqD.ss"
    23. 

  23. Dcert="certD.ss"
    24. 

  24. 

  25. Ekey="keyE.ss"
    26. 

  26. Ereq="reqE.ss"
    27. 

  27. Ecert="certE.ss"
    28. 

  28. 

  29. P1conf="P1ss.cnf"
    30. 

  30. P1key="keyP1.ss"
    31. 

  31. P1req="reqP1.ss"
    32. 

  32. P1cert="certP1.ss"
    33. 

  33. P1intermediate="tmp_intP1.ss"
    34. 

  34. 

  35. P2conf="P2ss.cnf"
    36. 

  36. P2key="keyP2.ss"
    37. 

  37. P2req="reqP2.ss"
    38. 

  38. P2cert="certP2.ss"
    39. 

  39. P2intermediate="tmp_intP2.ss"
    40. 

  40. 

  41. 

  42. echo string to make the random number generator think it has entropy >> ./.rnd
    43. 

  43. 

  44. req_dsa='-newkey dsa:../apps/dsa1024.pem'
    45. 

  45. 

  46. if ../util/shlib_wrap.sh ../apps/openssl no-rsa >/dev/null; then
    47. 

  47.   req_new=$req_dsa
    48. 

  48. else
    49. 

  49.   req_new='-new'
    50. 

  50. fi
    51. 

  51. 

  52. echo make cert request
    53. 

  53. $reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new || exit 1
    54. 

  54. 

  55. echo convert request into self-signed cert
    56. 

  56. $x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss || exit 1
    57. 

  57. 

  58. echo convert cert into a cert request
    59. 

  59. $x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss || exit 1
    60. 

  60. 

  61. echo verify request 1
    62. 

  62. $reqcmd -config $dummycnf -verify -in $CAreq -noout || exit 1
    63. 

  63. 

  64. echo verify request 1
    65. 

  65. $reqcmd -config $dummycnf -verify -in $CAreq2 -noout || exit 1
    66. 

  66. 

  67. echo verify signature
    68. 

  68. $verifycmd -CAfile $CAcert $CAcert || exit 1
    69. 

  69. 

  70. echo make a user cert request
    71. 

  71. $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1
    72. 

  72. 

  73. echo sign user cert request
    74. 

  74. $x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1
    75. 

  75. $verifycmd -CAfile $CAcert $Ucert || exit 1
    76. 

  76. 

  77. echo Certificate details
    78. 

  78. $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert || exit 1
    79. 

  79. 

  80. if ../util/shlib_wrap.sh ../apps/openssl no-dsa >/dev/null; then
    81. 

  81.         echo skipping DSA certificate creation
    82. 

  82. else
    83. 

  83.         echo make a DSA user cert request
    84. 

  84.         CN2="DSA Certificate" $reqcmd -config $Uconf -out $Dreq -keyout $Dkey $req_dsa >err.ss || exit 1
    85. 

  85. 

  86.         echo sign DSA user cert request
    87. 

  87.         $x509cmd -CAcreateserial -in $Dreq -days 30 -req -out $Dcert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_dsa >err.ss || exit 1
    88. 

  88.         $verifycmd -CAfile $CAcert $Dcert || exit 1
    89. 

  89. 

  90.         echo DSA Certificate details
    91. 

  91.         $x509cmd -subject -issuer -startdate -enddate -noout -in $Dcert || exit 1
    92. 

  92. 

  93. fi
    94. 

  94. 

  95. if ../util/shlib_wrap.sh ../apps/openssl no-ec >/dev/null; then
    96. 

  96.         echo skipping ECDSA/ECDH certificate creation
    97. 

  97. else
    98. 

  98.         echo make an ECDSA/ECDH user cert request
    99. 

  99.         ../util/shlib_wrap.sh ../apps/openssl ecparam -name P-256 -out ecp.ss || exit 1
    100. 

  100.         CN2="ECDSA Certificate" $reqcmd -config $Uconf -out $Ereq -keyout $Ekey -newkey ec:ecp.ss >err.ss || exit 1
    101. 

  101. 

  102.         echo sign ECDSA/ECDH user cert request
    103. 

  103.         $x509cmd -CAcreateserial -in $Ereq -days 30 -req -out $Ecert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee_ec >err.ss || exit 1
    104. 

  104.         $verifycmd -CAfile $CAcert $Ecert || exit 1
    105. 

  105. 

  106.         echo ECDSA Certificate details
    107. 

  107.         $x509cmd -subject -issuer -startdate -enddate -noout -in $Ecert || exit 1
    108. 

  108. 

  109. fi
    110. 

  110. 

  111. echo make a proxy cert request
    112. 

  112. $reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss || exit 1
    113. 

  113. 

  114. echo sign proxy with user cert
    115. 

  115. $x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss || exit 1
    116. 

  116. 

  117. cat $Ucert > $P1intermediate
    118. 

  118. $verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
    119. 

  119. echo Certificate details
    120. 

  120. $x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
    121. 

  121. 

  122. echo make another proxy cert request
    123. 

  123. $reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss || exit 1
    124. 

  124. 

  125. echo sign second proxy cert request with the first proxy cert
    126. 

  126. $x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss || exit 1
    127. 

  127. 

  128. echo Certificate details
    129. 

  129. cat $Ucert $P1cert > $P2intermediate
    130. 

  130. $verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
    131. 

  131. $x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
    132. 

  132. 

  133. echo The generated CA certificate is $CAcert
    134. 

  134. echo The generated CA private key is $CAkey
    135. 

  135. echo The generated user certificate is $Ucert
    136. 

  136. echo The generated user private key is $Ukey
    137. 

  137. echo The first generated proxy certificate is $P1cert
    138. 

  138. echo The first generated proxy private key is $P1key
    139. 

  139. echo The second generated proxy certificate is $P2cert
    140. 

  140. echo The second generated proxy private key is $P2key
    141. 

  141. 

  142. /bin/rm err.ss
    143. 

  143. exit 0
    144.