From: Joni Hahkala Date: Thu, 15 Dec 2011 22:48:24 +0000 (+0000) Subject: Add test certs for sha* signatures, make sha1 default also for all user certs, make... X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=28ab83967b9e796e3c272a49f1fbab54bbe14bb7;p=glite-security-test-utils.git Add test certs for sha* signatures, make sha1 default also for all user certs, make md5 special case. --- diff --git a/bin/generate-test-certificates.sh b/bin/generate-test-certificates.sh index bcc7037..efea56f 100755 --- a/bin/generate-test-certificates.sh +++ b/bin/generate-test-certificates.sh @@ -30,6 +30,8 @@ function create_cert { dn="/C=UG/L=Tropic/O=Utopia/OU=Relaxation/CN=$2" + md=sha1 + echo "Creating a cert for '$2' in files named $filebase.(cert|priv)" echo " with $flags flags and $validity days validity time" @@ -46,6 +48,7 @@ function create_cert { # next new certificate... CMD="openssl req -out $filebase.req -newkey rsa:$bits -new -keyout $filebase.priv -config $REQ_CONFIG_FILE -passout pass:$PASSWORD" + # mangle the DN and revert flag to normal client to handle it as normal client otherwise suring certificate req generation. case $flags in clientserial) echo serial cert $flags @@ -99,13 +102,42 @@ function create_cert { exit 1 fi + # the different has function options, set the md value end revert to normal client cert signing + case $flags in + clientmd5) + echo user cert with MD5 hash $flags + flags="client" + md="md5" + ;; + clientsha224) + echo user cert with sha224 hash $flags + flags="client" + md="sha224" + ;; + clientsha256) + echo user cert with sha256 hash $flags + flags="client" + md="sha256" + ;; + clientsha384) + echo user cert with sha384 hash $flags + flags="client" + md="sha384" + ;; + clientsha512) + echo user cert with sha512 hash $flags + flags="client" + md="sha512" + ;; + esac + case $flags in client|server|clientserver|fclient|none|altname|altname2|altname3) echo "Generating a $flags certificate" echo $CA_DIR echo PDW=`pwd` CMD="openssl ca -in $filebase.req -out $filebase.cert -outdir $tmpdir \ - -md md5 -config $REQ_CONFIG_FILE -batch -preserveDN \ + -md $md -config $REQ_CONFIG_FILE -batch -preserveDN \ -extensions ca_$flags -passin pass:$PASSWORD -days $validity $castring" ;; *) @@ -746,7 +778,52 @@ function create_all { create_cert_proxy_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_rfc "rfc proxy" $PROXY_VALIDITY proxy_rfc_plen proxy_rfc_plen + TYPE="clientmd5" + CTYPE="client with md5 hash" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy + + TYPE="clientsha224" + CTYPE="client with sha224 hash" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy + + TYPE="clientsha256" + CTYPE="client with sha256 hash" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy + + TYPE="clientsha384" + CTYPE="client with sha384 hash" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy + + TYPE="clientsha512" + CTYPE="client with sha512 hash" + + create_cert $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" ${TYPE} $DAYS + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY + create_cert_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy "proxy" $PROXY_VALIDITY proxy + create_cert_proxy_proxy $CERT_DIR/${catype}_${TYPE} "$catype ${CTYPE}" proxy_exp "proxy" -1 proxy + # end of hash variations TYPE="clientbaddn" CTYPE="client with bad DN" @@ -1100,7 +1177,7 @@ while true; do -a|--all) ALL='yes' CATYPES='trusted fake bad big expired nokeyusage subsubca slash' -# CATYPES='subsubca' +# CATYPES='trusted' shift ;; -s|--some)