blob: ddb9b60bd433c2c7c7abfb8ac14075a25d245484 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
#!/bin/sh
# Copyright (C) 2011-2012 Free Software Foundation, Inc.
#
# Author: Nikos Mavrogiannopoulos
#
# This file is part of GnuTLS.
#
# GnuTLS is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GnuTLS is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#set -e
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
echo ca > template
echo cn = "ECDSA SHA 256 CA" >> template
$CERTTOOL --generate-privkey --ecc > key-ca-ecdsa.pem 2>/dev/null
$CERTTOOL -d 2 --generate-self-signed --template template \
--load-privkey key-ca-ecdsa.pem \
--outfile new-ca-ecdsa.pem \
--hash sha256 >out 2>&1
if [ $? != 0 ];then
cat out
exit 1
fi
echo ca > template
$CERTTOOL --generate-privkey --ecc > key-subca-ecdsa.pem 2>/dev/null
echo cn = "ECDSA SHA 224 Mid CA" >> template
$CERTTOOL -d 2 --generate-certificate --template template \
--load-ca-privkey key-ca-ecdsa.pem \
--load-ca-certificate new-ca-ecdsa.pem \
--load-privkey key-subca-ecdsa.pem \
--outfile new-subca-ecdsa.pem \
--hash sha224 >out 2>&1
if [ $? != 0 ];then
cat out
exit 1
fi
echo cn = "End-user" > template
$CERTTOOL --generate-privkey --ecc > key-ecdsa.pem 2>/dev/null
$CERTTOOL -d 2 --generate-certificate --template template \
--load-ca-privkey key-subca-ecdsa.pem \
--load-ca-certificate new-subca-ecdsa.pem \
--load-privkey key-ecdsa.pem \
--outfile new-user.pem >out 2>&1
if [ $? != 0 ];then
cat out
exit 1
fi
cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out
$CERTTOOL --verify-chain <out > verify
if [ $? != 0 ];then
cat verify
exit 1
fi
rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out
rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem
$CERTTOOL -k < ${srcdir}/bad-key.pem | grep "validation failed" >/dev/null 2>&1
if [ $? != 0 ];then
echo "certtool didn't detect a bad ECDSA key."
exit 1
fi
exit 0
|
