The Tor Browser / file comparison
comparison: security/nss/tests/libpkix/certs/make-nc
security/nss/tests/libpkix/certs/make-nc
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:bd490e2555d4 |
|---|---|
| 1 #!/bin/sh | |
| 2 # | |
| 3 # This Source Code Form is subject to the terms of the Mozilla Public | |
| 4 # License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 5 # file, You can obtain one at http://mozilla.org/MPL/2.0/. | |
| 6 | |
| 7 mkdir tmp | |
| 8 cd tmp | |
| 9 dd if=/dev/urandom bs=512 count=1 of=noise | |
| 10 echo "" > pwfile | |
| 11 | |
| 12 certutil -d . -N -f pwfile | |
| 13 | |
| 14 certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 15 5 | |
| 16 6 | |
| 17 9 | |
| 18 n | |
| 19 y | |
| 20 | |
| 21 n | |
| 22 5 | |
| 23 6 | |
| 24 7 | |
| 25 9 | |
| 26 n | |
| 27 CERTSCRIPT | |
| 28 | |
| 29 certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT | |
| 30 5 | |
| 31 6 | |
| 32 9 | |
| 33 n | |
| 34 y | |
| 35 | |
| 36 n | |
| 37 3 | |
| 38 .example | |
| 39 1 | |
| 40 n | |
| 41 n | |
| 42 5 | |
| 43 6 | |
| 44 7 | |
| 45 9 | |
| 46 n | |
| 47 CERTSCRIPT | |
| 48 | |
| 49 certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT | |
| 50 0 | |
| 51 2 | |
| 52 3 | |
| 53 4 | |
| 54 9 | |
| 55 n | |
| 56 n | |
| 57 | |
| 58 y | |
| 59 0 | |
| 60 1 | |
| 61 9 | |
| 62 n | |
| 63 CERTSCRIPT | |
| 64 | |
| 65 certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 66 0 | |
| 67 2 | |
| 68 3 | |
| 69 4 | |
| 70 9 | |
| 71 n | |
| 72 n | |
| 73 | |
| 74 y | |
| 75 0 | |
| 76 1 | |
| 77 9 | |
| 78 n | |
| 79 CERTSCRIPT | |
| 80 | |
| 81 certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT | |
| 82 0 | |
| 83 2 | |
| 84 3 | |
| 85 4 | |
| 86 9 | |
| 87 n | |
| 88 n | |
| 89 | |
| 90 y | |
| 91 0 | |
| 92 1 | |
| 93 9 | |
| 94 n | |
| 95 CERTSCRIPT | |
| 96 | |
| 97 certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 98 5 | |
| 99 6 | |
| 100 9 | |
| 101 n | |
| 102 y | |
| 103 | |
| 104 n | |
| 105 5 | |
| 106 6 | |
| 107 7 | |
| 108 9 | |
| 109 n | |
| 110 CERTSCRIPT | |
| 111 | |
| 112 certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT | |
| 113 0 | |
| 114 2 | |
| 115 3 | |
| 116 4 | |
| 117 9 | |
| 118 n | |
| 119 n | |
| 120 | |
| 121 y | |
| 122 0 | |
| 123 1 | |
| 124 9 | |
| 125 n | |
| 126 CERTSCRIPT | |
| 127 | |
| 128 certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 129 0 | |
| 130 2 | |
| 131 3 | |
| 132 4 | |
| 133 9 | |
| 134 n | |
| 135 n | |
| 136 | |
| 137 y | |
| 138 0 | |
| 139 1 | |
| 140 9 | |
| 141 n | |
| 142 CERTSCRIPT | |
| 143 | |
| 144 | |
| 145 certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT | |
| 146 0 | |
| 147 2 | |
| 148 3 | |
| 149 4 | |
| 150 9 | |
| 151 n | |
| 152 n | |
| 153 | |
| 154 y | |
| 155 0 | |
| 156 1 | |
| 157 9 | |
| 158 n | |
| 159 CERTSCRIPT | |
| 160 | |
| 161 certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT | |
| 162 5 | |
| 163 6 | |
| 164 9 | |
| 165 n | |
| 166 y | |
| 167 | |
| 168 n | |
| 169 3 | |
| 170 foo.example | |
| 171 1 | |
| 172 y | |
| 173 5 | |
| 174 O=Foo,st=ca,c=us | |
| 175 1 | |
| 176 n | |
| 177 n | |
| 178 5 | |
| 179 6 | |
| 180 7 | |
| 181 9 | |
| 182 n | |
| 183 CERTSCRIPT | |
| 184 | |
| 185 certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 186 5 | |
| 187 6 | |
| 188 9 | |
| 189 n | |
| 190 y | |
| 191 | |
| 192 n | |
| 193 5 | |
| 194 6 | |
| 195 7 | |
| 196 9 | |
| 197 n | |
| 198 CERTSCRIPT | |
| 199 | |
| 200 certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 201 0 | |
| 202 2 | |
| 203 3 | |
| 204 4 | |
| 205 9 | |
| 206 n | |
| 207 n | |
| 208 | |
| 209 y | |
| 210 0 | |
| 211 1 | |
| 212 9 | |
| 213 n | |
| 214 CERTSCRIPT | |
| 215 | |
| 216 certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 217 0 | |
| 218 2 | |
| 219 3 | |
| 220 4 | |
| 221 9 | |
| 222 n | |
| 223 n | |
| 224 | |
| 225 y | |
| 226 0 | |
| 227 1 | |
| 228 9 | |
| 229 n | |
| 230 CERTSCRIPT | |
| 231 | |
| 232 certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 233 0 | |
| 234 2 | |
| 235 3 | |
| 236 4 | |
| 237 9 | |
| 238 n | |
| 239 n | |
| 240 | |
| 241 y | |
| 242 0 | |
| 243 1 | |
| 244 9 | |
| 245 n | |
| 246 CERTSCRIPT | |
| 247 | |
| 248 certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 249 0 | |
| 250 2 | |
| 251 3 | |
| 252 4 | |
| 253 9 | |
| 254 n | |
| 255 n | |
| 256 | |
| 257 y | |
| 258 0 | |
| 259 1 | |
| 260 9 | |
| 261 n | |
| 262 CERTSCRIPT | |
| 263 | |
| 264 certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT | |
| 265 0 | |
| 266 2 | |
| 267 3 | |
| 268 4 | |
| 269 9 | |
| 270 n | |
| 271 n | |
| 272 | |
| 273 y | |
| 274 0 | |
| 275 1 | |
| 276 9 | |
| 277 n | |
| 278 CERTSCRIPT | |
| 279 | |
| 280 certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 281 0 | |
| 282 2 | |
| 283 3 | |
| 284 4 | |
| 285 9 | |
| 286 n | |
| 287 n | |
| 288 | |
| 289 y | |
| 290 0 | |
| 291 1 | |
| 292 9 | |
| 293 n | |
| 294 CERTSCRIPT | |
| 295 | |
| 296 certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 297 5 | |
| 298 6 | |
| 299 9 | |
| 300 n | |
| 301 y | |
| 302 | |
| 303 n | |
| 304 5 | |
| 305 6 | |
| 306 7 | |
| 307 9 | |
| 308 n | |
| 309 CERTSCRIPT | |
| 310 | |
| 311 certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 312 0 | |
| 313 2 | |
| 314 3 | |
| 315 4 | |
| 316 9 | |
| 317 n | |
| 318 n | |
| 319 | |
| 320 y | |
| 321 0 | |
| 322 1 | |
| 323 9 | |
| 324 n | |
| 325 CERTSCRIPT | |
| 326 | |
| 327 certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 328 0 | |
| 329 2 | |
| 330 3 | |
| 331 4 | |
| 332 9 | |
| 333 n | |
| 334 n | |
| 335 | |
| 336 y | |
| 337 0 | |
| 338 1 | |
| 339 9 | |
| 340 n | |
| 341 CERTSCRIPT | |
| 342 | |
| 343 certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT | |
| 344 5 | |
| 345 6 | |
| 346 9 | |
| 347 n | |
| 348 y | |
| 349 | |
| 350 n | |
| 351 3 | |
| 352 .example | |
| 353 1 | |
| 354 n | |
| 355 n | |
| 356 5 | |
| 357 6 | |
| 358 7 | |
| 359 9 | |
| 360 n | |
| 361 CERTSCRIPT | |
| 362 | |
| 363 certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 364 5 | |
| 365 6 | |
| 366 9 | |
| 367 n | |
| 368 y | |
| 369 | |
| 370 n | |
| 371 5 | |
| 372 6 | |
| 373 7 | |
| 374 9 | |
| 375 n | |
| 376 CERTSCRIPT | |
| 377 | |
| 378 certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT | |
| 379 0 | |
| 380 2 | |
| 381 3 | |
| 382 4 | |
| 383 9 | |
| 384 n | |
| 385 n | |
| 386 | |
| 387 y | |
| 388 0 | |
| 389 1 | |
| 390 9 | |
| 391 n | |
| 392 CERTSCRIPT | |
| 393 | |
| 394 certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT | |
| 395 0 | |
| 396 2 | |
| 397 3 | |
| 398 4 | |
| 399 9 | |
| 400 n | |
| 401 n | |
| 402 | |
| 403 y | |
| 404 0 | |
| 405 1 | |
| 406 9 | |
| 407 n | |
| 408 CERTSCRIPT | |
| 409 | |
| 410 certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT | |
| 411 0 | |
| 412 2 | |
| 413 3 | |
| 414 4 | |
| 415 9 | |
| 416 n | |
| 417 n | |
| 418 | |
| 419 y | |
| 420 0 | |
| 421 1 | |
| 422 9 | |
| 423 n | |
| 424 CERTSCRIPT | |
| 425 | |
| 426 #DCISS copy certs | |
| 427 certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 428 5 | |
| 429 6 | |
| 430 9 | |
| 431 n | |
| 432 y | |
| 433 | |
| 434 n | |
| 435 5 | |
| 436 6 | |
| 437 7 | |
| 438 9 | |
| 439 n | |
| 440 CERTSCRIPT | |
| 441 | |
| 442 #the following cert MUST not pass | |
| 443 certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 444 0 | |
| 445 2 | |
| 446 3 | |
| 447 4 | |
| 448 9 | |
| 449 n | |
| 450 n | |
| 451 | |
| 452 y | |
| 453 0 | |
| 454 1 | |
| 455 9 | |
| 456 n | |
| 457 CERTSCRIPT | |
| 458 | |
| 459 #the following cert MUST not pass | |
| 460 certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT | |
| 461 0 | |
| 462 2 | |
| 463 3 | |
| 464 4 | |
| 465 9 | |
| 466 n | |
| 467 n | |
| 468 | |
| 469 y | |
| 470 0 | |
| 471 1 | |
| 472 9 | |
| 473 n | |
| 474 CERTSCRIPT | |
| 475 | |
| 476 | |
| 477 | |
| 478 certutil -d . -L -n ca -r > NameConstraints.ca.cert | |
| 479 certutil -d . -L -n ica -r > NameConstraints.intermediate.cert | |
| 480 certutil -d . -L -n server1 -r > NameConstraints.server1.cert | |
| 481 certutil -d . -L -n server2 -r > NameConstraints.server2.cert | |
| 482 certutil -d . -L -n server3 -r > NameConstraints.server3.cert | |
| 483 certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert | |
| 484 certutil -d . -L -n server4 -r > NameConstraints.server4.cert | |
| 485 certutil -d . -L -n server5 -r > NameConstraints.server5.cert | |
| 486 certutil -d . -L -n server6 -r > NameConstraints.server6.cert | |
| 487 certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert | |
| 488 certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert | |
| 489 certutil -d . -L -n server7 -r > NameConstraints.server7.cert | |
| 490 certutil -d . -L -n server8 -r > NameConstraints.server8.cert | |
| 491 certutil -d . -L -n server9 -r > NameConstraints.server9.cert | |
| 492 certutil -d . -L -n server10 -r > NameConstraints.server10.cert | |
| 493 certutil -d . -L -n server11 -r > NameConstraints.server11.cert | |
| 494 certutil -d . -L -n server11 -r > NameConstraints.server11.cert | |
| 495 certutil -d . -L -n server12 -r > NameConstraints.server12.cert | |
| 496 certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert | |
| 497 certutil -d . -L -n server13 -r > NameConstraints.server13.cert | |
| 498 certutil -d . -L -n server14 -r > NameConstraints.server14.cert | |
| 499 certutil -d . -L -n ncca -r > NameConstraints.ncca.cert | |
| 500 certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert | |
| 501 certutil -d . -L -n server15 -r > NameConstraints.server15.cert | |
| 502 certutil -d . -L -n server16 -r > NameConstraints.server16.cert | |
| 503 certutil -d . -L -n server17 -r > NameConstraints.server17.cert | |
| 504 certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert | |
| 505 certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert | |
| 506 certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert | |
| 507 | |
| 508 echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert" |
