[Libreoffice-commits] core.git: xmlsecurity/qa
Miklos Vajna
vmiklos at collabora.co.uk
Fri Jun 1 08:04:48 UTC 2018
xmlsecurity/qa/create-certs/create-certs.sh | 48 +++++++++++++++++++---------
1 file changed, 34 insertions(+), 14 deletions(-)
New commits:
commit 8a1411905b7624e4980e0cc4ae4e19551a832ab4
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Fri Jun 1 09:08:36 2018 +0200
xmlsecurity: add ecdsa option to certificate generator script
Change-Id: I8bb48c46aaea9ef4ce4bc4ab58ea8b88fe0e48a2
Reviewed-on: https://gerrit.libreoffice.org/55159
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
Tested-by: Jenkins <ci at libreoffice.org>
diff --git a/xmlsecurity/qa/create-certs/create-certs.sh b/xmlsecurity/qa/create-certs/create-certs.sh
index 30ae73df7463..0307d03b6ee2 100755
--- a/xmlsecurity/qa/create-certs/create-certs.sh
+++ b/xmlsecurity/qa/create-certs/create-certs.sh
@@ -28,6 +28,11 @@
#
root="$PWD"
+algo="RSA"
+
+if [ -n "$1" ]; then
+ algo="$1"
+fi
if [ -d "$root/ca" ]; then
echo "'ca' directory already exists in $root, please remove it before running this script."
@@ -63,7 +68,7 @@ openssl req -config openssl.cnf \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
-out certs/ca.cert.pem \
-passin env:SSLPASS \
- -subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test Root CA'
+ -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity ${algo} Test Root CA"
chmod 444 certs/ca.cert.pem
# 2) Create the intermediate pair.
@@ -98,7 +103,7 @@ openssl req -config intermediate/openssl.cnf -new -sha256 \
-key intermediate/private/intermediate.key.pem \
-out intermediate/csr/intermediate.csr.pem \
-passin env:SSLPASS \
- -subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Intermediate Root CA'
+ -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity Intermediate Root CA"
# The certificate itself.
openssl ca -batch -config openssl.cnf -extensions v3_intermediate_ca \
@@ -119,9 +124,14 @@ for i in Alice Bob
do
# Create a key.
cd "$root/ca"
- openssl genrsa -aes256 \
- -out intermediate/private/example-xmlsecurity-${i}.key.pem \
- -passout env:SSLPASS 2048
+ if [ "$algo" == "ECDSA" ]; then
+ openssl ecparam -name secp256r1 -genkey \
+ -out intermediate/private/example-xmlsecurity-${i}.key.pem
+ else
+ openssl genrsa -aes256 \
+ -out intermediate/private/example-xmlsecurity-${i}.key.pem \
+ -passout env:SSLPASS 2048
+ fi
chmod 400 intermediate/private/example-xmlsecurity-${i}.key.pem
# Create a certificate signing request (CSR).
@@ -131,7 +141,7 @@ do
-key intermediate/private/example-xmlsecurity-${i}.key.pem \
-new -sha256 -out intermediate/csr/example-xmlsecurity-${i}.csr.pem \
-passin env:SSLPASS \
- -subj "/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test example ${i}"
+ -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity ${algo} Test example ${i}"
# To create a certificate, use the intermediate CA to sign the CSR.
cd "$root/ca"
@@ -144,14 +154,24 @@ do
chmod 444 intermediate/certs/example-xmlsecurity-${i}.cert.pem
# Export it in PKCS#12 format.
- openssl pkcs12 -export \
- -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \
- -passout env:SSLPASS \
- -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \
- -passin env:SSLPASS \
- -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \
- -certfile intermediate/certs/ca-chain.cert.pem \
- -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+ if [ "$algo" == "ECDSA" ]; then
+ openssl pkcs12 -export \
+ -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \
+ -passout env:SSLPASS \
+ -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \
+ -passin env:SSLPASS \
+ -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \
+ -certfile intermediate/certs/ca-chain.cert.pem
+ else
+ openssl pkcs12 -export \
+ -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \
+ -passout env:SSLPASS \
+ -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \
+ -passin env:SSLPASS \
+ -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \
+ -certfile intermediate/certs/ca-chain.cert.pem \
+ -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+ fi
done
echo
More information about the Libreoffice-commits
mailing list