The Tor Browser / annotate

security/nss/tests/libpkix/certs/make-nc@b8a032363ba2 (annotated)

security/nss/tests/libpkix/certs/make-nc

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rwxr-xr-x

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 #!/bin/sh
michael@0 2 #
michael@0 3 # This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 # License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0 6
michael@0 7 mkdir tmp
michael@0 8 cd tmp
michael@0 9 dd if=/dev/urandom bs=512 count=1 of=noise
michael@0 10 echo "" > pwfile
michael@0 11
michael@0 12 certutil -d . -N -f pwfile
michael@0 13
michael@0 14 certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 15 5
michael@0 16 6
michael@0 17 9
michael@0 18 n
michael@0 19 y
michael@0 20
michael@0 21 n
michael@0 22 5
michael@0 23 6
michael@0 24 7
michael@0 25 9
michael@0 26 n
michael@0 27 CERTSCRIPT
michael@0 28
michael@0 29 certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
michael@0 30 5
michael@0 31 6
michael@0 32 9
michael@0 33 n
michael@0 34 y
michael@0 35
michael@0 36 n
michael@0 37 3
michael@0 38 .example
michael@0 39 1
michael@0 40 n
michael@0 41 n
michael@0 42 5
michael@0 43 6
michael@0 44 7
michael@0 45 9
michael@0 46 n
michael@0 47 CERTSCRIPT
michael@0 48
michael@0 49 certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
michael@0 50 0
michael@0 51 2
michael@0 52 3
michael@0 53 4
michael@0 54 9
michael@0 55 n
michael@0 56 n
michael@0 57
michael@0 58 y
michael@0 59 0
michael@0 60 1
michael@0 61 9
michael@0 62 n
michael@0 63 CERTSCRIPT
michael@0 64
michael@0 65 certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 66 0
michael@0 67 2
michael@0 68 3
michael@0 69 4
michael@0 70 9
michael@0 71 n
michael@0 72 n
michael@0 73
michael@0 74 y
michael@0 75 0
michael@0 76 1
michael@0 77 9
michael@0 78 n
michael@0 79 CERTSCRIPT
michael@0 80
michael@0 81 certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
michael@0 82 0
michael@0 83 2
michael@0 84 3
michael@0 85 4
michael@0 86 9
michael@0 87 n
michael@0 88 n
michael@0 89
michael@0 90 y
michael@0 91 0
michael@0 92 1
michael@0 93 9
michael@0 94 n
michael@0 95 CERTSCRIPT
michael@0 96
michael@0 97 certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 98 5
michael@0 99 6
michael@0 100 9
michael@0 101 n
michael@0 102 y
michael@0 103
michael@0 104 n
michael@0 105 5
michael@0 106 6
michael@0 107 7
michael@0 108 9
michael@0 109 n
michael@0 110 CERTSCRIPT
michael@0 111
michael@0 112 certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
michael@0 113 0
michael@0 114 2
michael@0 115 3
michael@0 116 4
michael@0 117 9
michael@0 118 n
michael@0 119 n
michael@0 120
michael@0 121 y
michael@0 122 0
michael@0 123 1
michael@0 124 9
michael@0 125 n
michael@0 126 CERTSCRIPT
michael@0 127
michael@0 128 certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 129 0
michael@0 130 2
michael@0 131 3
michael@0 132 4
michael@0 133 9
michael@0 134 n
michael@0 135 n
michael@0 136
michael@0 137 y
michael@0 138 0
michael@0 139 1
michael@0 140 9
michael@0 141 n
michael@0 142 CERTSCRIPT
michael@0 143
michael@0 144
michael@0 145 certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
michael@0 146 0
michael@0 147 2
michael@0 148 3
michael@0 149 4
michael@0 150 9
michael@0 151 n
michael@0 152 n
michael@0 153
michael@0 154 y
michael@0 155 0
michael@0 156 1
michael@0 157 9
michael@0 158 n
michael@0 159 CERTSCRIPT
michael@0 160
michael@0 161 certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
michael@0 162 5
michael@0 163 6
michael@0 164 9
michael@0 165 n
michael@0 166 y
michael@0 167
michael@0 168 n
michael@0 169 3
michael@0 170 foo.example
michael@0 171 1
michael@0 172 y
michael@0 173 5
michael@0 174 O=Foo,st=ca,c=us
michael@0 175 1
michael@0 176 n
michael@0 177 n
michael@0 178 5
michael@0 179 6
michael@0 180 7
michael@0 181 9
michael@0 182 n
michael@0 183 CERTSCRIPT
michael@0 184
michael@0 185 certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 186 5
michael@0 187 6
michael@0 188 9
michael@0 189 n
michael@0 190 y
michael@0 191
michael@0 192 n
michael@0 193 5
michael@0 194 6
michael@0 195 7
michael@0 196 9
michael@0 197 n
michael@0 198 CERTSCRIPT
michael@0 199
michael@0 200 certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 201 0
michael@0 202 2
michael@0 203 3
michael@0 204 4
michael@0 205 9
michael@0 206 n
michael@0 207 n
michael@0 208
michael@0 209 y
michael@0 210 0
michael@0 211 1
michael@0 212 9
michael@0 213 n
michael@0 214 CERTSCRIPT
michael@0 215
michael@0 216 certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 217 0
michael@0 218 2
michael@0 219 3
michael@0 220 4
michael@0 221 9
michael@0 222 n
michael@0 223 n
michael@0 224
michael@0 225 y
michael@0 226 0
michael@0 227 1
michael@0 228 9
michael@0 229 n
michael@0 230 CERTSCRIPT
michael@0 231
michael@0 232 certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 233 0
michael@0 234 2
michael@0 235 3
michael@0 236 4
michael@0 237 9
michael@0 238 n
michael@0 239 n
michael@0 240
michael@0 241 y
michael@0 242 0
michael@0 243 1
michael@0 244 9
michael@0 245 n
michael@0 246 CERTSCRIPT
michael@0 247
michael@0 248 certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 249 0
michael@0 250 2
michael@0 251 3
michael@0 252 4
michael@0 253 9
michael@0 254 n
michael@0 255 n
michael@0 256
michael@0 257 y
michael@0 258 0
michael@0 259 1
michael@0 260 9
michael@0 261 n
michael@0 262 CERTSCRIPT
michael@0 263
michael@0 264 certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT
michael@0 265 0
michael@0 266 2
michael@0 267 3
michael@0 268 4
michael@0 269 9
michael@0 270 n
michael@0 271 n
michael@0 272
michael@0 273 y
michael@0 274 0
michael@0 275 1
michael@0 276 9
michael@0 277 n
michael@0 278 CERTSCRIPT
michael@0 279
michael@0 280 certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 281 0
michael@0 282 2
michael@0 283 3
michael@0 284 4
michael@0 285 9
michael@0 286 n
michael@0 287 n
michael@0 288
michael@0 289 y
michael@0 290 0
michael@0 291 1
michael@0 292 9
michael@0 293 n
michael@0 294 CERTSCRIPT
michael@0 295
michael@0 296 certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 297 5
michael@0 298 6
michael@0 299 9
michael@0 300 n
michael@0 301 y
michael@0 302
michael@0 303 n
michael@0 304 5
michael@0 305 6
michael@0 306 7
michael@0 307 9
michael@0 308 n
michael@0 309 CERTSCRIPT
michael@0 310
michael@0 311 certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 312 0
michael@0 313 2
michael@0 314 3
michael@0 315 4
michael@0 316 9
michael@0 317 n
michael@0 318 n
michael@0 319
michael@0 320 y
michael@0 321 0
michael@0 322 1
michael@0 323 9
michael@0 324 n
michael@0 325 CERTSCRIPT
michael@0 326
michael@0 327 certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 328 0
michael@0 329 2
michael@0 330 3
michael@0 331 4
michael@0 332 9
michael@0 333 n
michael@0 334 n
michael@0 335
michael@0 336 y
michael@0 337 0
michael@0 338 1
michael@0 339 9
michael@0 340 n
michael@0 341 CERTSCRIPT
michael@0 342
michael@0 343 certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
michael@0 344 5
michael@0 345 6
michael@0 346 9
michael@0 347 n
michael@0 348 y
michael@0 349
michael@0 350 n
michael@0 351 3
michael@0 352 .example
michael@0 353 1
michael@0 354 n
michael@0 355 n
michael@0 356 5
michael@0 357 6
michael@0 358 7
michael@0 359 9
michael@0 360 n
michael@0 361 CERTSCRIPT
michael@0 362
michael@0 363 certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 364 5
michael@0 365 6
michael@0 366 9
michael@0 367 n
michael@0 368 y
michael@0 369
michael@0 370 n
michael@0 371 5
michael@0 372 6
michael@0 373 7
michael@0 374 9
michael@0 375 n
michael@0 376 CERTSCRIPT
michael@0 377
michael@0 378 certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
michael@0 379 0
michael@0 380 2
michael@0 381 3
michael@0 382 4
michael@0 383 9
michael@0 384 n
michael@0 385 n
michael@0 386
michael@0 387 y
michael@0 388 0
michael@0 389 1
michael@0 390 9
michael@0 391 n
michael@0 392 CERTSCRIPT
michael@0 393
michael@0 394 certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT
michael@0 395 0
michael@0 396 2
michael@0 397 3
michael@0 398 4
michael@0 399 9
michael@0 400 n
michael@0 401 n
michael@0 402
michael@0 403 y
michael@0 404 0
michael@0 405 1
michael@0 406 9
michael@0 407 n
michael@0 408 CERTSCRIPT
michael@0 409
michael@0 410 certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT
michael@0 411 0
michael@0 412 2
michael@0 413 3
michael@0 414 4
michael@0 415 9
michael@0 416 n
michael@0 417 n
michael@0 418
michael@0 419 y
michael@0 420 0
michael@0 421 1
michael@0 422 9
michael@0 423 n
michael@0 424 CERTSCRIPT
michael@0 425
michael@0 426 #DCISS copy certs
michael@0 427 certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 428 5
michael@0 429 6
michael@0 430 9
michael@0 431 n
michael@0 432 y
michael@0 433
michael@0 434 n
michael@0 435 5
michael@0 436 6
michael@0 437 7
michael@0 438 9
michael@0 439 n
michael@0 440 CERTSCRIPT
michael@0 441
michael@0 442 #the following cert MUST not pass
michael@0 443 certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 444 0
michael@0 445 2
michael@0 446 3
michael@0 447 4
michael@0 448 9
michael@0 449 n
michael@0 450 n
michael@0 451
michael@0 452 y
michael@0 453 0
michael@0 454 1
michael@0 455 9
michael@0 456 n
michael@0 457 CERTSCRIPT
michael@0 458
michael@0 459 #the following cert MUST not pass
michael@0 460 certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
michael@0 461 0
michael@0 462 2
michael@0 463 3
michael@0 464 4
michael@0 465 9
michael@0 466 n
michael@0 467 n
michael@0 468
michael@0 469 y
michael@0 470 0
michael@0 471 1
michael@0 472 9
michael@0 473 n
michael@0 474 CERTSCRIPT
michael@0 475
michael@0 476
michael@0 477
michael@0 478 certutil -d . -L -n ca -r > NameConstraints.ca.cert
michael@0 479 certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
michael@0 480 certutil -d . -L -n server1 -r > NameConstraints.server1.cert
michael@0 481 certutil -d . -L -n server2 -r > NameConstraints.server2.cert
michael@0 482 certutil -d . -L -n server3 -r > NameConstraints.server3.cert
michael@0 483 certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
michael@0 484 certutil -d . -L -n server4 -r > NameConstraints.server4.cert
michael@0 485 certutil -d . -L -n server5 -r > NameConstraints.server5.cert
michael@0 486 certutil -d . -L -n server6 -r > NameConstraints.server6.cert
michael@0 487 certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
michael@0 488 certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
michael@0 489 certutil -d . -L -n server7 -r > NameConstraints.server7.cert
michael@0 490 certutil -d . -L -n server8 -r > NameConstraints.server8.cert
michael@0 491 certutil -d . -L -n server9 -r > NameConstraints.server9.cert
michael@0 492 certutil -d . -L -n server10 -r > NameConstraints.server10.cert
michael@0 493 certutil -d . -L -n server11 -r > NameConstraints.server11.cert
michael@0 494 certutil -d . -L -n server11 -r > NameConstraints.server11.cert
michael@0 495 certutil -d . -L -n server12 -r > NameConstraints.server12.cert
michael@0 496 certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
michael@0 497 certutil -d . -L -n server13 -r > NameConstraints.server13.cert
michael@0 498 certutil -d . -L -n server14 -r > NameConstraints.server14.cert
michael@0 499 certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
michael@0 500 certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
michael@0 501 certutil -d . -L -n server15 -r > NameConstraints.server15.cert
michael@0 502 certutil -d . -L -n server16 -r > NameConstraints.server16.cert
michael@0 503 certutil -d . -L -n server17 -r > NameConstraints.server17.cert
michael@0 504 certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert
michael@0 505 certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert
michael@0 506 certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert
michael@0 507
michael@0 508 echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial