[Libreoffice-commits] core.git: xmlsecurity/qa

Miklos Vajna vmiklos at collabora.co.uk
Fri Jun 1 08:04:48 UTC 2018


 xmlsecurity/qa/create-certs/create-certs.sh |   48 +++++++++++++++++++---------
 1 file changed, 34 insertions(+), 14 deletions(-)

New commits:
commit 8a1411905b7624e4980e0cc4ae4e19551a832ab4
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Fri Jun 1 09:08:36 2018 +0200

    xmlsecurity: add ecdsa option to certificate generator script
    
    Change-Id: I8bb48c46aaea9ef4ce4bc4ab58ea8b88fe0e48a2
    Reviewed-on: https://gerrit.libreoffice.org/55159
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Jenkins <ci at libreoffice.org>

diff --git a/xmlsecurity/qa/create-certs/create-certs.sh b/xmlsecurity/qa/create-certs/create-certs.sh
index 30ae73df7463..0307d03b6ee2 100755
--- a/xmlsecurity/qa/create-certs/create-certs.sh
+++ b/xmlsecurity/qa/create-certs/create-certs.sh
@@ -28,6 +28,11 @@
 #
 
 root="$PWD"
+algo="RSA"
+
+if [ -n "$1" ]; then
+    algo="$1"
+fi
 
 if [ -d "$root/ca" ]; then
     echo "'ca' directory already exists in $root, please remove it before running this script."
@@ -63,7 +68,7 @@ openssl req -config openssl.cnf \
     -new -x509 -days 7300 -sha256 -extensions v3_ca \
     -out certs/ca.cert.pem \
     -passin env:SSLPASS \
-    -subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test Root CA'
+    -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity ${algo} Test Root CA"
 chmod 444 certs/ca.cert.pem
 
 # 2) Create the intermediate pair.
@@ -98,7 +103,7 @@ openssl req -config intermediate/openssl.cnf -new -sha256 \
     -key intermediate/private/intermediate.key.pem \
     -out intermediate/csr/intermediate.csr.pem \
     -passin env:SSLPASS \
-    -subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Intermediate Root CA'
+    -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity Intermediate Root CA"
 
 # The certificate itself.
 openssl ca -batch -config openssl.cnf -extensions v3_intermediate_ca \
@@ -119,9 +124,14 @@ for i in Alice Bob
 do
     # Create a key.
     cd "$root/ca"
-    openssl genrsa -aes256 \
-        -out intermediate/private/example-xmlsecurity-${i}.key.pem \
-        -passout env:SSLPASS 2048
+    if [ "$algo" == "ECDSA" ]; then
+        openssl ecparam -name secp256r1 -genkey \
+            -out intermediate/private/example-xmlsecurity-${i}.key.pem
+    else
+        openssl genrsa -aes256 \
+            -out intermediate/private/example-xmlsecurity-${i}.key.pem \
+            -passout env:SSLPASS 2048
+    fi
     chmod 400 intermediate/private/example-xmlsecurity-${i}.key.pem
 
     # Create a certificate signing request (CSR).
@@ -131,7 +141,7 @@ do
         -key intermediate/private/example-xmlsecurity-${i}.key.pem \
         -new -sha256 -out intermediate/csr/example-xmlsecurity-${i}.csr.pem \
         -passin env:SSLPASS \
-        -subj "/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test example ${i}"
+        -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity ${algo} Test example ${i}"
 
     # To create a certificate, use the intermediate CA to sign the CSR.
     cd "$root/ca"
@@ -144,14 +154,24 @@ do
     chmod 444 intermediate/certs/example-xmlsecurity-${i}.cert.pem
 
     # Export it in PKCS#12 format.
-    openssl pkcs12 -export \
-        -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \
-        -passout env:SSLPASS \
-        -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \
-        -passin env:SSLPASS \
-        -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \
-        -certfile intermediate/certs/ca-chain.cert.pem \
-        -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+    if [ "$algo" == "ECDSA" ]; then
+        openssl pkcs12 -export \
+            -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \
+            -passout env:SSLPASS \
+            -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \
+            -passin env:SSLPASS \
+            -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \
+            -certfile intermediate/certs/ca-chain.cert.pem
+    else
+        openssl pkcs12 -export \
+            -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \
+            -passout env:SSLPASS \
+            -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \
+            -passin env:SSLPASS \
+            -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \
+            -certfile intermediate/certs/ca-chain.cert.pem \
+            -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+    fi
 done
 
 echo


More information about the Libreoffice-commits mailing list