1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/libpkix/certs/make-nc Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,508 @@
1.4 +#!/bin/sh
1.5 +#
1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.9 +
1.10 +mkdir tmp
1.11 +cd tmp
1.12 +dd if=/dev/urandom bs=512 count=1 of=noise
1.13 +echo "" > pwfile
1.14 +
1.15 +certutil -d . -N -f pwfile
1.16 +
1.17 +certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
1.18 +5
1.19 +6
1.20 +9
1.21 +n
1.22 +y
1.23 +
1.24 +n
1.25 +5
1.26 +6
1.27 +7
1.28 +9
1.29 +n
1.30 +CERTSCRIPT
1.31 +
1.32 +certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
1.33 +5
1.34 +6
1.35 +9
1.36 +n
1.37 +y
1.38 +
1.39 +n
1.40 +3
1.41 +.example
1.42 +1
1.43 +n
1.44 +n
1.45 +5
1.46 +6
1.47 +7
1.48 +9
1.49 +n
1.50 +CERTSCRIPT
1.51 +
1.52 +certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
1.53 +0
1.54 +2
1.55 +3
1.56 +4
1.57 +9
1.58 +n
1.59 +n
1.60 +
1.61 +y
1.62 +0
1.63 +1
1.64 +9
1.65 +n
1.66 +CERTSCRIPT
1.67 +
1.68 +certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
1.69 +0
1.70 +2
1.71 +3
1.72 +4
1.73 +9
1.74 +n
1.75 +n
1.76 +
1.77 +y
1.78 +0
1.79 +1
1.80 +9
1.81 +n
1.82 +CERTSCRIPT
1.83 +
1.84 +certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
1.85 +0
1.86 +2
1.87 +3
1.88 +4
1.89 +9
1.90 +n
1.91 +n
1.92 +
1.93 +y
1.94 +0
1.95 +1
1.96 +9
1.97 +n
1.98 +CERTSCRIPT
1.99 +
1.100 +certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
1.101 +5
1.102 +6
1.103 +9
1.104 +n
1.105 +y
1.106 +
1.107 +n
1.108 +5
1.109 +6
1.110 +7
1.111 +9
1.112 +n
1.113 +CERTSCRIPT
1.114 +
1.115 +certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
1.116 +0
1.117 +2
1.118 +3
1.119 +4
1.120 +9
1.121 +n
1.122 +n
1.123 +
1.124 +y
1.125 +0
1.126 +1
1.127 +9
1.128 +n
1.129 +CERTSCRIPT
1.130 +
1.131 +certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT
1.132 +0
1.133 +2
1.134 +3
1.135 +4
1.136 +9
1.137 +n
1.138 +n
1.139 +
1.140 +y
1.141 +0
1.142 +1
1.143 +9
1.144 +n
1.145 +CERTSCRIPT
1.146 +
1.147 +
1.148 +certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
1.149 +0
1.150 +2
1.151 +3
1.152 +4
1.153 +9
1.154 +n
1.155 +n
1.156 +
1.157 +y
1.158 +0
1.159 +1
1.160 +9
1.161 +n
1.162 +CERTSCRIPT
1.163 +
1.164 +certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
1.165 +5
1.166 +6
1.167 +9
1.168 +n
1.169 +y
1.170 +
1.171 +n
1.172 +3
1.173 +foo.example
1.174 +1
1.175 +y
1.176 +5
1.177 +O=Foo,st=ca,c=us
1.178 +1
1.179 +n
1.180 +n
1.181 +5
1.182 +6
1.183 +7
1.184 +9
1.185 +n
1.186 +CERTSCRIPT
1.187 +
1.188 +certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
1.189 +5
1.190 +6
1.191 +9
1.192 +n
1.193 +y
1.194 +
1.195 +n
1.196 +5
1.197 +6
1.198 +7
1.199 +9
1.200 +n
1.201 +CERTSCRIPT
1.202 +
1.203 +certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
1.204 +0
1.205 +2
1.206 +3
1.207 +4
1.208 +9
1.209 +n
1.210 +n
1.211 +
1.212 +y
1.213 +0
1.214 +1
1.215 +9
1.216 +n
1.217 +CERTSCRIPT
1.218 +
1.219 +certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT
1.220 +0
1.221 +2
1.222 +3
1.223 +4
1.224 +9
1.225 +n
1.226 +n
1.227 +
1.228 +y
1.229 +0
1.230 +1
1.231 +9
1.232 +n
1.233 +CERTSCRIPT
1.234 +
1.235 +certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT
1.236 +0
1.237 +2
1.238 +3
1.239 +4
1.240 +9
1.241 +n
1.242 +n
1.243 +
1.244 +y
1.245 +0
1.246 +1
1.247 +9
1.248 +n
1.249 +CERTSCRIPT
1.250 +
1.251 +certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT
1.252 +0
1.253 +2
1.254 +3
1.255 +4
1.256 +9
1.257 +n
1.258 +n
1.259 +
1.260 +y
1.261 +0
1.262 +1
1.263 +9
1.264 +n
1.265 +CERTSCRIPT
1.266 +
1.267 +certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT
1.268 +0
1.269 +2
1.270 +3
1.271 +4
1.272 +9
1.273 +n
1.274 +n
1.275 +
1.276 +y
1.277 +0
1.278 +1
1.279 +9
1.280 +n
1.281 +CERTSCRIPT
1.282 +
1.283 +certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT
1.284 +0
1.285 +2
1.286 +3
1.287 +4
1.288 +9
1.289 +n
1.290 +n
1.291 +
1.292 +y
1.293 +0
1.294 +1
1.295 +9
1.296 +n
1.297 +CERTSCRIPT
1.298 +
1.299 +certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
1.300 +5
1.301 +6
1.302 +9
1.303 +n
1.304 +y
1.305 +
1.306 +n
1.307 +5
1.308 +6
1.309 +7
1.310 +9
1.311 +n
1.312 +CERTSCRIPT
1.313 +
1.314 +certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
1.315 +0
1.316 +2
1.317 +3
1.318 +4
1.319 +9
1.320 +n
1.321 +n
1.322 +
1.323 +y
1.324 +0
1.325 +1
1.326 +9
1.327 +n
1.328 +CERTSCRIPT
1.329 +
1.330 +certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT
1.331 +0
1.332 +2
1.333 +3
1.334 +4
1.335 +9
1.336 +n
1.337 +n
1.338 +
1.339 +y
1.340 +0
1.341 +1
1.342 +9
1.343 +n
1.344 +CERTSCRIPT
1.345 +
1.346 +certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
1.347 +5
1.348 +6
1.349 +9
1.350 +n
1.351 +y
1.352 +
1.353 +n
1.354 +3
1.355 +.example
1.356 +1
1.357 +n
1.358 +n
1.359 +5
1.360 +6
1.361 +7
1.362 +9
1.363 +n
1.364 +CERTSCRIPT
1.365 +
1.366 +certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
1.367 +5
1.368 +6
1.369 +9
1.370 +n
1.371 +y
1.372 +
1.373 +n
1.374 +5
1.375 +6
1.376 +7
1.377 +9
1.378 +n
1.379 +CERTSCRIPT
1.380 +
1.381 +certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
1.382 +0
1.383 +2
1.384 +3
1.385 +4
1.386 +9
1.387 +n
1.388 +n
1.389 +
1.390 +y
1.391 +0
1.392 +1
1.393 +9
1.394 +n
1.395 +CERTSCRIPT
1.396 +
1.397 +certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT
1.398 +0
1.399 +2
1.400 +3
1.401 +4
1.402 +9
1.403 +n
1.404 +n
1.405 +
1.406 +y
1.407 +0
1.408 +1
1.409 +9
1.410 +n
1.411 +CERTSCRIPT
1.412 +
1.413 +certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT
1.414 +0
1.415 +2
1.416 +3
1.417 +4
1.418 +9
1.419 +n
1.420 +n
1.421 +
1.422 +y
1.423 +0
1.424 +1
1.425 +9
1.426 +n
1.427 +CERTSCRIPT
1.428 +
1.429 +#DCISS copy certs
1.430 +certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
1.431 +5
1.432 +6
1.433 +9
1.434 +n
1.435 +y
1.436 +
1.437 +n
1.438 +5
1.439 +6
1.440 +7
1.441 +9
1.442 +n
1.443 +CERTSCRIPT
1.444 +
1.445 +#the following cert MUST not pass
1.446 +certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT
1.447 +0
1.448 +2
1.449 +3
1.450 +4
1.451 +9
1.452 +n
1.453 +n
1.454 +
1.455 +y
1.456 +0
1.457 +1
1.458 +9
1.459 +n
1.460 +CERTSCRIPT
1.461 +
1.462 +#the following cert MUST not pass
1.463 +certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
1.464 +0
1.465 +2
1.466 +3
1.467 +4
1.468 +9
1.469 +n
1.470 +n
1.471 +
1.472 +y
1.473 +0
1.474 +1
1.475 +9
1.476 +n
1.477 +CERTSCRIPT
1.478 +
1.479 +
1.480 +
1.481 +certutil -d . -L -n ca -r > NameConstraints.ca.cert
1.482 +certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
1.483 +certutil -d . -L -n server1 -r > NameConstraints.server1.cert
1.484 +certutil -d . -L -n server2 -r > NameConstraints.server2.cert
1.485 +certutil -d . -L -n server3 -r > NameConstraints.server3.cert
1.486 +certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
1.487 +certutil -d . -L -n server4 -r > NameConstraints.server4.cert
1.488 +certutil -d . -L -n server5 -r > NameConstraints.server5.cert
1.489 +certutil -d . -L -n server6 -r > NameConstraints.server6.cert
1.490 +certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
1.491 +certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
1.492 +certutil -d . -L -n server7 -r > NameConstraints.server7.cert
1.493 +certutil -d . -L -n server8 -r > NameConstraints.server8.cert
1.494 +certutil -d . -L -n server9 -r > NameConstraints.server9.cert
1.495 +certutil -d . -L -n server10 -r > NameConstraints.server10.cert
1.496 +certutil -d . -L -n server11 -r > NameConstraints.server11.cert
1.497 +certutil -d . -L -n server11 -r > NameConstraints.server11.cert
1.498 +certutil -d . -L -n server12 -r > NameConstraints.server12.cert
1.499 +certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
1.500 +certutil -d . -L -n server13 -r > NameConstraints.server13.cert
1.501 +certutil -d . -L -n server14 -r > NameConstraints.server14.cert
1.502 +certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
1.503 +certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
1.504 +certutil -d . -L -n server15 -r > NameConstraints.server15.cert
1.505 +certutil -d . -L -n server16 -r > NameConstraints.server16.cert
1.506 +certutil -d . -L -n server17 -r > NameConstraints.server17.cert
1.507 +certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert
1.508 +certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert
1.509 +certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert
1.510 +
1.511 +echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"
