security/nss/tests/libpkix/certs/make-nc@b8a032363ba2
security/nss/tests/libpkix/certs/make-nc
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rwxr-xr-x
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 #!/bin/sh
2 #
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 mkdir tmp
8 cd tmp
9 dd if=/dev/urandom bs=512 count=1 of=noise
10 echo "" > pwfile
12 certutil -d . -N -f pwfile
14 certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
15 5
16 6
17 9
18 n
19 y
21 n
22 5
23 6
24 7
25 9
26 n
27 CERTSCRIPT
29 certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
30 5
31 6
32 9
33 n
34 y
36 n
37 3
38 .example
39 1
40 n
41 n
42 5
43 6
44 7
45 9
46 n
47 CERTSCRIPT
49 certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
50 0
51 2
52 3
53 4
54 9
55 n
56 n
58 y
59 0
60 1
61 9
62 n
63 CERTSCRIPT
65 certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
66 0
67 2
68 3
69 4
70 9
71 n
72 n
74 y
75 0
76 1
77 9
78 n
79 CERTSCRIPT
81 certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
82 0
83 2
84 3
85 4
86 9
87 n
88 n
90 y
91 0
92 1
93 9
94 n
95 CERTSCRIPT
97 certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
98 5
99 6
100 9
101 n
102 y
104 n
105 5
106 6
107 7
108 9
109 n
110 CERTSCRIPT
112 certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
113 0
114 2
115 3
116 4
117 9
118 n
119 n
121 y
122 0
123 1
124 9
125 n
126 CERTSCRIPT
128 certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT
129 0
130 2
131 3
132 4
133 9
134 n
135 n
137 y
138 0
139 1
140 9
141 n
142 CERTSCRIPT
145 certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
146 0
147 2
148 3
149 4
150 9
151 n
152 n
154 y
155 0
156 1
157 9
158 n
159 CERTSCRIPT
161 certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
162 5
163 6
164 9
165 n
166 y
168 n
169 3
170 foo.example
171 1
172 y
173 5
174 O=Foo,st=ca,c=us
175 1
176 n
177 n
178 5
179 6
180 7
181 9
182 n
183 CERTSCRIPT
185 certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
186 5
187 6
188 9
189 n
190 y
192 n
193 5
194 6
195 7
196 9
197 n
198 CERTSCRIPT
200 certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
201 0
202 2
203 3
204 4
205 9
206 n
207 n
209 y
210 0
211 1
212 9
213 n
214 CERTSCRIPT
216 certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT
217 0
218 2
219 3
220 4
221 9
222 n
223 n
225 y
226 0
227 1
228 9
229 n
230 CERTSCRIPT
232 certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT
233 0
234 2
235 3
236 4
237 9
238 n
239 n
241 y
242 0
243 1
244 9
245 n
246 CERTSCRIPT
248 certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT
249 0
250 2
251 3
252 4
253 9
254 n
255 n
257 y
258 0
259 1
260 9
261 n
262 CERTSCRIPT
264 certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT
265 0
266 2
267 3
268 4
269 9
270 n
271 n
273 y
274 0
275 1
276 9
277 n
278 CERTSCRIPT
280 certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT
281 0
282 2
283 3
284 4
285 9
286 n
287 n
289 y
290 0
291 1
292 9
293 n
294 CERTSCRIPT
296 certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
297 5
298 6
299 9
300 n
301 y
303 n
304 5
305 6
306 7
307 9
308 n
309 CERTSCRIPT
311 certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
312 0
313 2
314 3
315 4
316 9
317 n
318 n
320 y
321 0
322 1
323 9
324 n
325 CERTSCRIPT
327 certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT
328 0
329 2
330 3
331 4
332 9
333 n
334 n
336 y
337 0
338 1
339 9
340 n
341 CERTSCRIPT
343 certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
344 5
345 6
346 9
347 n
348 y
350 n
351 3
352 .example
353 1
354 n
355 n
356 5
357 6
358 7
359 9
360 n
361 CERTSCRIPT
363 certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
364 5
365 6
366 9
367 n
368 y
370 n
371 5
372 6
373 7
374 9
375 n
376 CERTSCRIPT
378 certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
379 0
380 2
381 3
382 4
383 9
384 n
385 n
387 y
388 0
389 1
390 9
391 n
392 CERTSCRIPT
394 certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT
395 0
396 2
397 3
398 4
399 9
400 n
401 n
403 y
404 0
405 1
406 9
407 n
408 CERTSCRIPT
410 certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT
411 0
412 2
413 3
414 4
415 9
416 n
417 n
419 y
420 0
421 1
422 9
423 n
424 CERTSCRIPT
426 #DCISS copy certs
427 certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
428 5
429 6
430 9
431 n
432 y
434 n
435 5
436 6
437 7
438 9
439 n
440 CERTSCRIPT
442 #the following cert MUST not pass
443 certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT
444 0
445 2
446 3
447 4
448 9
449 n
450 n
452 y
453 0
454 1
455 9
456 n
457 CERTSCRIPT
459 #the following cert MUST not pass
460 certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
461 0
462 2
463 3
464 4
465 9
466 n
467 n
469 y
470 0
471 1
472 9
473 n
474 CERTSCRIPT
478 certutil -d . -L -n ca -r > NameConstraints.ca.cert
479 certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
480 certutil -d . -L -n server1 -r > NameConstraints.server1.cert
481 certutil -d . -L -n server2 -r > NameConstraints.server2.cert
482 certutil -d . -L -n server3 -r > NameConstraints.server3.cert
483 certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
484 certutil -d . -L -n server4 -r > NameConstraints.server4.cert
485 certutil -d . -L -n server5 -r > NameConstraints.server5.cert
486 certutil -d . -L -n server6 -r > NameConstraints.server6.cert
487 certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
488 certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
489 certutil -d . -L -n server7 -r > NameConstraints.server7.cert
490 certutil -d . -L -n server8 -r > NameConstraints.server8.cert
491 certutil -d . -L -n server9 -r > NameConstraints.server9.cert
492 certutil -d . -L -n server10 -r > NameConstraints.server10.cert
493 certutil -d . -L -n server11 -r > NameConstraints.server11.cert
494 certutil -d . -L -n server11 -r > NameConstraints.server11.cert
495 certutil -d . -L -n server12 -r > NameConstraints.server12.cert
496 certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
497 certutil -d . -L -n server13 -r > NameConstraints.server13.cert
498 certutil -d . -L -n server14 -r > NameConstraints.server14.cert
499 certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
500 certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
501 certutil -d . -L -n server15 -r > NameConstraints.server15.cert
502 certutil -d . -L -n server16 -r > NameConstraints.server16.cert
503 certutil -d . -L -n server17 -r > NameConstraints.server17.cert
504 certutil -d . -L -n dcisscopy -r > NameConstraints.dcisscopy.cert
505 certutil -d . -L -n dcissblocked -r > NameConstraints.dcissblocked.cert
506 certutil -d . -L -n dcissallowed -r > NameConstraints.dcissallowed.cert
508 echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"
