File: run.sh

package info (click to toggle)
certmonger 0.75.14-3
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 8,540 kB
  • ctags: 2,176
  • sloc: ansic: 41,340; sh: 9,551; makefile: 528; python: 207; xml: 190; sed: 16
file content (76 lines) | stat: -rwxr-xr-x 2,086 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/bin/bash -e

cd "$tmpdir"

source "$srcdir"/functions
initnssdb "$tmpdir"

grep -v ^validity_period $CERTMONGER_CONFIG_DIR/certmonger.conf > \
	$tmpdir/certmonger.conf
cat >> $tmpdir/certmonger.conf << EOF
[selfsign]
validity_period = 46129s
EOF

function append() {
	cat >> $1 <<- EOF
	template_subject=CN=Babs Jensen
	template_hostname=localhost,localhost.localdomain
	template_email=root@localhost,root@localhost.localdomain
	template_principal=root@EXAMPLE.COM,root@FOO.EXAMPLE.COM
	template_ku=111
	template_eku=id-kp-clientAuth,id-kp-emailProtection
	EOF
}

function setupca() {
	cat > ca.self <<- EOF
	id=self_signer
	ca_is_default=0
	ca_type=INTERNAL:SELF
	ca_internal_serial=04
	ca_internal_issue_time=40271
	EOF
}

size=secp256r1
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -n keyi$size \
	-s "cn=T$size" -c "cn=T$size" \
	-x -t u -k ec -q $size
# Export the certificate and key.
pk12util -d "$tmpdir" -o $size.p12 -W "" -n "keyi$size" > /dev/null 2>&1
openssl pkcs12 -in $size.p12 -passin pass: -out key.$size -nodes > /dev/null 2>&1
# Read that OpenSSL key.
cat > entry.$size <<- EOF
key_storage_type=FILE
key_storage_location=$tmpdir/key.$size
EOF
$toolsdir/keyiread entry.$size > /dev/null 2>&1
grep ^key_pubkey_info= entry.$size > pubkey.$size
grep ^key_pubkey= entry.$size >> pubkey.$size
# Use that NSS key.
cat > entry.$size <<- EOF
key_storage_type=NSSDB
key_storage_location=$tmpdir
key_nickname=keyi$size
EOF
append entry.$size
cat pubkey.$size >> entry.$size
$toolsdir/csrgen entry.$size > csr.nss.$size
setupca
$toolsdir/submit ca.self entry.$size > cert.nss.$size
# Use that OpenSSL key.
cat > entry.$size <<- EOF
key_storage_type=FILE
key_storage_location=$tmpdir/key.$size
EOF
append entry.$size
cat pubkey.$size >> entry.$size
$toolsdir/csrgen entry.$size > csr.openssl.$size
setupca
$toolsdir/submit ca.self entry.$size > cert.openssl.$size
# Now check their signatures.
grep -v CERTIFICATE cert.nss.$size     | base64 -d | $toolsdir/checksig
grep -v CERTIFICATE cert.openssl.$size | base64 -d | $toolsdir/checksig
echo Test complete.