stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7a08e6bdd6
jdk-24/test/jdk/sun/security/provider/certpath/DisabledAlgorithms/generate.sh
Erik Joelsson 3789983e89 8187443: Forest Consolidation: Move files to unified layout 
Reviewed-by: darcy, ihse
2017-09-12 19:03:39 +02:00

256 lines
10 KiB
Bash
Raw Blame History

#
# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation. Oracle designates this
# particular file as subject to the "Classpath" exception as provided
# by Oracle in the LICENSE file that accompanied this code.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
#!/bin/ksh
#
# needs ksh to run the script.
set -e
OPENSSL=openssl
# generate a self-signed root certificate
if [ ! -f root/finished ]; then
if [ ! -d root ]; then
mkdir root
fi
# SHA1withRSA 1024
${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key_1024.pem \
-out root/root_cert_sha1_1024.pem -subj "/C=US/O=Example" \
-config openssl.cnf -reqexts cert_issuer -days 7650 -sha1 \
-passin pass:passphrase -passout pass:passphrase
# SHA1withRSA 512
${OPENSSL} req -x509 -newkey rsa:512 -keyout root/root_key_512.pem \
-out root/root_cert_sha1_512.pem -subj "/C=US/O=Example" \
-config openssl.cnf -reqexts cert_issuer -days 7650 -sha1 \
-passin pass:passphrase -passout pass:passphrase
# MD2withRSA 2048
${OPENSSL} req -x509 -newkey rsa:2048 -keyout root/root_key_2048.pem \
-out root/root_cert_md2_2048.pem -subj "/C=US/O=Example" \
-config openssl.cnf -reqexts cert_issuer -days 7650 -md2 \
-passin pass:passphrase -passout pass:passphrase
openssl req -newkey rsa:1024 -keyout root/root_crlissuer_key.pem \
-out root/root_crlissuer_req.pem -subj "/C=US/O=Example" -days 7650 \
-passin pass:passphrase -passout pass:passphrase
openssl x509 -req -in root/root_crlissuer_req.pem -extfile openssl.cnf \
-extensions crl_issuer -CA root/root_cert_sha1_1024.pem \
-CAkey root/root_key_1024.pem -out root/root_crlissuer_cert.pem \
-CAcreateserial -CAserial root/root_cert.srl -days 7200 \
-passin pass:passphrase
touch root/finished
fi
# generate subca cert issuer
if [ ! -f subca/finished ]; then
if [ ! -d subca ]; then
mkdir subca
fi
# RSA 1024
${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key_1024.pem \
-out subca/subca_req_1024.pem -subj "/C=US/O=Example/OU=Class-1" \
-days 7650 -passin pass:passphrase -passout pass:passphrase
# RSA 512
${OPENSSL} req -newkey rsa:512 -keyout subca/subca_key_512.pem \
-out subca/subca_req_512.pem -subj "/C=US/O=Example/OU=Class-1" \
-days 7650 -passin pass:passphrase -passout pass:passphrase
# SHA1withRSA 1024 signed with RSA 1024
${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
-extensions cert_issuer -CA root/root_cert_sha1_1024.pem \
-CAkey root/root_key_1024.pem -out subca/subca_cert_sha1_1024_1024.pem \
-CAcreateserial -sha1 \
-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
# SHA1withRSA 1024 signed with RSA 512
${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
-extensions cert_issuer -CA root/root_cert_sha1_512.pem \
-CAkey root/root_key_512.pem -out subca/subca_cert_sha1_1024_512.pem \
-CAcreateserial -sha1 \
-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
# SHA1withRSA 512 signed with RSA 1024
${OPENSSL} x509 -req -in subca/subca_req_512.pem -extfile openssl.cnf \
-extensions cert_issuer -CA root/root_cert_sha1_1024.pem \
-CAkey root/root_key_1024.pem -out subca/subca_cert_sha1_512_1024.pem \
-CAcreateserial -sha1 \
-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
# SHA1withRSA 512 signed with RSA 512
${OPENSSL} x509 -req -in subca/subca_req_512.pem -extfile openssl.cnf \
-extensions cert_issuer -CA root/root_cert_sha1_512.pem \
-CAkey root/root_key_512.pem -out subca/subca_cert_sha1_512_512.pem \
-CAcreateserial -sha1 \
-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
# MD2withRSA 1024 signed with RSA 1024
${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
-extensions cert_issuer -CA root/root_cert_sha1_1024.pem \
-CAkey root/root_key_1024.pem -out subca/subca_cert_md2_1024_1024.pem \
-CAcreateserial -md2 \
-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
# MD2withRSA 1024 signed with RSA 512
${OPENSSL} x509 -req -in subca/subca_req_1024.pem -extfile openssl.cnf \
-extensions cert_issuer -CA root/root_cert_sha1_512.pem \
-CAkey root/root_key_512.pem -out subca/subca_cert_md2_1024_512.pem \
-CAcreateserial -md2 \
-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
openssl req -newkey rsa:1024 -keyout subca/subca_crlissuer_key.pem \
-out subca/subca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-1" \
-days 7650 -passin pass:passphrase -passout pass:passphrase
openssl x509 -req -in subca/subca_crlissuer_req.pem -extfile openssl.cnf \
-extensions crl_issuer -CA root/root_cert_sha1_1024.pem \
-CAkey root/root_key_1024.pem -out subca/subca_crlissuer_cert.pem \
-CAcreateserial -CAserial root/root_cert.srl -days 7200 \
-passin pass:passphrase
touch subca/finished
fi
# generate certifiacte for Alice
if [ ! -f subca/alice/finished ]; then
if [ ! -d subca/alice ]; then
mkdir -p subca/alice
fi
# RSA 1024
${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key_1024.pem \
-out subca/alice/alice_req_1024.pem \
-subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \
-passin pass:passphrase -passout pass:passphrase
# RSA 512
${OPENSSL} req -newkey rsa:512 -keyout subca/alice/alice_key_512.pem \
-out subca/alice/alice_req_512.pem \
-subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \
-passin pass:passphrase -passout pass:passphrase
# SHA1withRSA 1024 signed with RSA 1024
${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
-extfile openssl.cnf -extensions ee_of_subca \
-CA subca/subca_cert_sha1_1024_1024.pem \
-CAkey subca/subca_key_1024.pem \
-out subca/alice/alice_cert_sha1_1024_1024.pem -CAcreateserial -sha1 \
-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
# SHA1withRSA 1024 signed with RSA 512
${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
-extfile openssl.cnf -extensions ee_of_subca \
-CA subca/subca_cert_sha1_512_1024.pem \
-CAkey subca/subca_key_512.pem \
-out subca/alice/alice_cert_sha1_1024_512.pem -CAcreateserial -sha1 \
-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
# SHA1withRSA 512 signed with RSA 1024
${OPENSSL} x509 -req -in subca/alice/alice_req_512.pem \
-extfile openssl.cnf -extensions ee_of_subca \
-CA subca/subca_cert_sha1_1024_1024.pem \
-CAkey subca/subca_key_1024.pem \
-out subca/alice/alice_cert_sha1_512_1024.pem -CAcreateserial -sha1 \
-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
# SHA1withRSA 512 signed with RSA 512
${OPENSSL} x509 -req -in subca/alice/alice_req_512.pem \
-extfile openssl.cnf -extensions ee_of_subca \
-CA subca/subca_cert_sha1_512_1024.pem \
-CAkey subca/subca_key_512.pem \
-out subca/alice/alice_cert_sha1_512_512.pem -CAcreateserial -sha1 \
-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
# MD2withRSA 1024 signed with RSA 1024
${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
-extfile openssl.cnf -extensions ee_of_subca \
-CA subca/subca_cert_sha1_1024_1024.pem \
-CAkey subca/subca_key_1024.pem \
-out subca/alice/alice_cert_md2_1024_1024.pem -CAcreateserial -md2 \
-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
# MD2withRSA 1024 signed with RSA 512
${OPENSSL} x509 -req -in subca/alice/alice_req_1024.pem \
-extfile openssl.cnf -extensions ee_of_subca \
-CA subca/subca_cert_sha1_512_1024.pem \
-CAkey subca/subca_key_512.pem \
-out subca/alice/alice_cert_md2_1024_512.pem -CAcreateserial -md2 \
-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
touch subca/alice/finished
fi
if [ ! -f root/revoked ]; then
if [ ! -d root ]; then
mkdir root
fi
if [ ! -f root/index.txt ]; then
touch root/index.txt
echo 00 > root/crlnumber
fi
openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 -md sha1 \
-crl_reason superseded -keyfile root/root_crlissuer_key.pem \
-cert root/root_crlissuer_cert.pem -out root/top_crl.pem \
-passin pass:passphrase
touch root/revoked
fi
if [ ! -f subca/revoked ]; then
if [ ! -d subca ]; then
mkdir subca
fi
if [ ! -f subca/index.txt ]; then
touch subca/index.txt
echo 00 > subca/crlnumber
fi
# revoke alice's SHA1withRSA 1024 signed with RSA 1024
openssl ca -revoke subca/alice/alice_cert_sha1_1024_1024.pem \
-config openssl.cnf \
-name ca_subca -crl_reason superseded \
-keyfile subca/subca_crlissuer_key.pem \
-cert subca/subca_crlissuer_cert.pem -passin pass:passphrase
openssl ca -gencrl -config openssl.cnf \
-name ca_subca -crldays 7000 -md md2 \
-crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \
-cert subca/subca_crlissuer_cert.pem \
-out subca/subca_crl.pem \
-passin pass:passphrase
touch subca/revoked
fi
Reference in New Issue View Git Blame Copy Permalink