Add test certs for sha* signatures, make sha1 default also for all user certs, make...

diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh
index bcc7037..efea56f 100755 (executable)
--- a/bin/generate-test-certificates.sh
+++ b/bin/generate-test-certificates.sh
@@ -30,6 +30,8 @@ function create_cert {
 
     dn="/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=$2"
 
+    md=sha1
+
     echo "Creating a cert for '$2' in files named $filebase.(cert|priv)"
     echo "                with $flags flags and $validity days validity time"
 
@@ -46,6 +48,7 @@ function create_cert {
     # next new certificate...
     CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE -passout pass:$PASSWORD"
 
+    # mangle the DN and revert flag to normal client to handle it as normal client otherwise suring certificate req generation.
     case $flags in
         clientserial)
            echo serial cert $flags
@@ -99,13 +102,42 @@ function create_cert {
        exit 1
     fi
 
+    # the different has function options, set the md value end revert to normal client cert signing
+    case $flags in
+        clientmd5)
+           echo user cert with MD5 hash $flags
+           flags="client"
+           md="md5"
+           ;;
+        clientsha224)
+           echo user cert with sha224 hash $flags
+           flags="client"
+           md="sha224"
+           ;;
+        clientsha256)
+           echo user cert with sha256 hash $flags
+           flags="client"
+           md="sha256"
+           ;;
+        clientsha384)
+           echo user cert with sha384 hash $flags
+           flags="client"
+           md="sha384"
+           ;;
+        clientsha512)
+           echo user cert with sha512 hash $flags
+           flags="client"
+           md="sha512"
+           ;;
+    esac
+
     case $flags in
         client|server|clientserver|fclient|none|altname|altname2|altname3)
             echo "Generating a $flags certificate"
             echo $CA_DIR
            echo PDW=`pwd`
             CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir $tmpdir \
-                         -md md5 -config $REQ_CONFIG_FILE -batch -preserveDN \
+                         -md $md -config $REQ_CONFIG_FILE -batch -preserveDN \
                          -extensions ca_$flags -passin pass:$PASSWORD -days $validity $castring"
             ;;
         *)
@@ -746,7 +778,52 @@ function create_all {
     create_cert_proxy_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy_rfc_plen proxy_rfc_plen
     
 
+    TYPE="clientmd5"
+    CTYPE="client with md5 hash"
+
+    create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
+
+    TYPE="clientsha224"
+    CTYPE="client with sha224 hash"
+
+    create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
+
+    TYPE="clientsha256"
+    CTYPE="client with sha256 hash"
+
+    create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
+
+    TYPE="clientsha384"
+    CTYPE="client with sha384 hash"
+
+    create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
+
+    TYPE="clientsha512"
+    CTYPE="client with sha512 hash"
+
+    create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY
+    create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy
+    create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy
 
+    # end of hash variations
     TYPE="clientbaddn"
     CTYPE="client with bad DN"
 
@@ -1100,7 +1177,7 @@ while true; do
         -a|--all)
             ALL='yes'
             CATYPES='trusted fake bad big expired nokeyusage subsubca slash'
-#            CATYPES='subsubca'
+#           CATYPES='trusted'
             shift
             ;;
         -s|--some)