summaryrefslogtreecommitdiff
path: root/security/nss/tests/common/certsetup.sh
blob: 2f0055f1a240be94778af8d1251301055cb2218d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Generate input to certutil
certscript() {
  ca=n
  while [ $# -gt 0 ]; do
    case $1 in
      sign) echo 0 ;;
      kex) echo 2 ;;
      ca) echo 5;echo 6;ca=y ;;
    esac; shift
  done;
  echo 9
  echo n
  echo $ca
  echo
  echo n
}

# $1: name
# $2: type
# $3+: usages: sign or kex
make_cert() {
  name=$1
  type=$2

  # defaults
  type_args=()
  trust=',,'
  sign=(-x)
  sighash=(-Z SHA256)

  case $type in
    dsa) type_args=(-g 1024) ;;
    rsa) type_args=(-g 1024) ;;
    rsa2048) type_args=(-g 2048);type=rsa ;;
    rsa8192) type_args=(-g 8192);type=rsa ;;
    rsapss) type_args=(-g 1024 --pss);type=rsa ;;
    rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;;
    rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;;
    rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;;
    p256) type_args=(-q nistp256);type=ec ;;
    p384) type_args=(-q secp384r1);type=ec ;;
    p521) type_args=(-q secp521r1);type=ec ;;
    rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;;
    rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;;
    rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;;
    rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;;
    rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;;
    ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;;
    delegator_p256)
        touch empty.txt
        type_args=(-q nistp256 --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
        type=ec
        ;;
    delegator_rsae2048)
        touch empty.txt
        type_args=(-g 2048 --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
        type=rsa
        ;;
    delegator_rsa_pss2048)
        touch empty.txt
        type_args=(-g 2048 --pss --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
        type=rsa
        ;;
  esac
  msg="create certificate: $@"
  shift 2
  counter=$(($counter + 1))
  cmd=(${BINDIR}/certutil -S \
    -z "$R_NOISE_FILE" -d "$PROFILEDIR" \
    -n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \
    -w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2)
  echo "${cmd[@]}"
  certscript $@ | "${cmd[@]}"
  html_msg $? 0 "$msg"
}