gen-badsig.sh 1.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. #!/usr/bin/env bash
  2. generate() {
  3. # read in certificate and alter the last part of the signature
  4. num_lines=$(wc -l < $cert)
  5. i=1
  6. rm -f $pem_out
  7. touch $pem_out
  8. while IFS= read -r line
  9. do
  10. if [[ $((i+1)) -eq ${num_lines} ]]; then
  11. # last line before END tag. Alter the sig here
  12. idx=`expr ${#line} - 4`
  13. chr=${line:idx:1}
  14. if [ "$chr" == "x" ] || [ "$chr" == "X" ]; then
  15. echo "${line:0:${idx}}a${line:$((idx+1)):$((idx+4))}" >> $pem_out
  16. else
  17. echo "${line:0:${idx}}x${line:$((idx+1)):$((idx+4))}" >> $pem_out
  18. fi
  19. else
  20. echo "$line" >> $pem_out
  21. fi
  22. let i++
  23. done < "$cert"
  24. # output to DER format also
  25. openssl x509 -in $pem_out -out $der_out -outform DER
  26. }
  27. # create server RSA certificate with bad signature
  28. cert="../server-cert.pem"
  29. pem_out=server-cert-rsa-badsig.pem
  30. der_out=server-cert-rsa-badsig.der
  31. generate
  32. # create server ECC certificate with bad signature
  33. cert="../server-ecc.pem"
  34. pem_out=server-cert-ecc-badsig.pem
  35. der_out=server-cert-ecc-badsig.der
  36. generate