From f3fd67c54b062dd567060f2f5cc2fb0091acc17f Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Wed, 19 Sep 2018 14:54:19 -0600 Subject: [PATCH] White space updates and revert cnf changes in lieu of PR #1734 --- certs/renewcerts/wolfssl.cnf | 14 +- certs/test/gen-testcerts.sh | 260 +++++++++++++++++------------------ 2 files changed, 137 insertions(+), 137 deletions(-) diff --git a/certs/renewcerts/wolfssl.cnf b/certs/renewcerts/wolfssl.cnf index 367552613..585a46911 100644 --- a/certs/renewcerts/wolfssl.cnf +++ b/certs/renewcerts/wolfssl.cnf @@ -11,13 +11,13 @@ oid_section = new_oids tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 -#businessCategory=2.5.4.15 -#streetAddress=2.5.4.9 -#stateOrProvinceName=2.5.4.8 -#countryName=2.5.4.6 -#jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1 -#jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2 -#jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3 +businessCategory=2.5.4.15 +streetAddress=2.5.4.9 +stateOrProvinceName=2.5.4.8 +countryName=2.5.4.6 +jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1 +jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2 +jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3 #################################################################### [ ca ] diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index 107d7c45c..ccf270ead 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -10,158 +10,158 @@ check_result() { # Args: 1=FileName, 2=CN, 3=AltName, 4=CA build_test_cert_conf() { - echo "# Generated openssl conf" > "$1".conf - echo "" >> "$1".conf - echo "[ ca ]" >> "$1".conf - echo "default_ca = CA_default" >> "$1".conf - echo "[ CA_default ]" >> "$1".conf - echo "certificate = ../ca-cert.pem" >> "$1".conf - echo "database = ./index.txt" >> "$1".conf - echo "new_certs_dir = ./certs" >> "$1".conf - echo "private_key = ./private/cakey.pem" >> "$1".conf - echo "serial = ./serial" >> "$1".conf - echo "default_md = sha256" >> "$1".conf - echo "default_days = 1000" >> "$1".conf - echo "policy = default_ca_policy" >> "$1".conf - echo "" >> "$1".conf - echo "[ default_ca_policy ]" >> "$1".conf - echo "commonName = supplied" >> "$1".conf - echo "stateOrProvinceName = supplied" >> "$1".conf - echo "countryName = supplied" >> "$1".conf - echo "emailAddress = supplied" >> "$1".conf - echo "organizationName = optional" >> "$1".conf - echo "organizationalUnitName = optional" >> "$1".conf - echo "" >> "$1".conf - echo "[ req ]" >> "$1".conf - echo "prompt = no" >> "$1".conf - echo "default_bits = 2048" >> "$1".conf - echo "distinguished_name = req_distinguished_name" >> "$1".conf - if [ -n "$3" ]; then - echo "req_extensions = req_ext" >> "$1".conf - fi - if [ -n "$4" ]; then - echo "basicConstraints=CA:true,pathlen:0" >> "$1".conf - echo "" >> "$1".conf - fi - echo "" >> "$1".conf - echo "[ req_distinguished_name ]" >> "$1".conf - echo "C = US" >> "$1".conf - echo "ST = Montana" >> "$1".conf - echo "L = Bozeman" >> "$1".conf - echo "OU = Engineering" >> "$1".conf - echo "CN = $2" >> "$1".conf - echo "emailAddress = info@wolfssl.com" >> "$1".conf - echo "" >> "$1".conf - if [ -n "$3" ]; then - echo "[ req_ext ]" >> "$1".conf - if [ "$3" != *"DER"* ]; then - echo "subjectAltName = @alt_names" >> "$1".conf - echo "[alt_names]" >> "$1".conf - echo "DNS.1 = $3" >> "$1".conf - else - echo "subjectAltName = $3" >> "$1".conf - fi - fi + echo "# Generated openssl conf" > "$1".conf + echo "" >> "$1".conf + echo "[ ca ]" >> "$1".conf + echo "default_ca = CA_default" >> "$1".conf + echo "[ CA_default ]" >> "$1".conf + echo "certificate = ../ca-cert.pem" >> "$1".conf + echo "database = ./index.txt" >> "$1".conf + echo "new_certs_dir = ./certs" >> "$1".conf + echo "private_key = ./private/cakey.pem" >> "$1".conf + echo "serial = ./serial" >> "$1".conf + echo "default_md = sha256" >> "$1".conf + echo "default_days = 1000" >> "$1".conf + echo "policy = default_ca_policy" >> "$1".conf + echo "" >> "$1".conf + echo "[ default_ca_policy ]" >> "$1".conf + echo "commonName = supplied" >> "$1".conf + echo "stateOrProvinceName = supplied" >> "$1".conf + echo "countryName = supplied" >> "$1".conf + echo "emailAddress = supplied" >> "$1".conf + echo "organizationName = optional" >> "$1".conf + echo "organizationalUnitName = optional" >> "$1".conf + echo "" >> "$1".conf + echo "[ req ]" >> "$1".conf + echo "prompt = no" >> "$1".conf + echo "default_bits = 2048" >> "$1".conf + echo "distinguished_name = req_distinguished_name" >> "$1".conf + if [ -n "$3" ]; then + echo "req_extensions = req_ext" >> "$1".conf + fi + if [ -n "$4" ]; then + echo "basicConstraints=CA:true,pathlen:0" >> "$1".conf + echo "" >> "$1".conf + fi + echo "" >> "$1".conf + echo "[ req_distinguished_name ]" >> "$1".conf + echo "C = US" >> "$1".conf + echo "ST = Montana" >> "$1".conf + echo "L = Bozeman" >> "$1".conf + echo "OU = Engineering" >> "$1".conf + echo "CN = $2" >> "$1".conf + echo "emailAddress = info@wolfssl.com" >> "$1".conf + echo "" >> "$1".conf + if [ -n "$3" ]; then + echo "[ req_ext ]" >> "$1".conf + if [ "$3" != *"DER"* ]; then + echo "subjectAltName = @alt_names" >> "$1".conf + echo "[alt_names]" >> "$1".conf + echo "DNS.1 = $3" >> "$1".conf + else + echo "subjectAltName = $3" >> "$1".conf + fi + fi } # Args: 1=FileName generate_test_cert() { - rm "$1".der - rm "$1".pem + rm "$1".der + rm "$1".pem - echo "step 1 create configuration" - build_test_cert_conf "$1" "$2" "$3" - check_result $? + echo "step 1 create configuration" + build_test_cert_conf "$1" "$2" "$3" + check_result $? - echo "step 2 create csr" - openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf - check_result $? + echo "step 2 create csr" + openssl req -new -sha256 -out "$1".csr -key ../server-key.pem -config "$1".conf + check_result $? - echo "step 3 check csr" - openssl req -text -noout -in "$1".csr - check_result $? + echo "step 3 check csr" + openssl req -text -noout -in "$1".csr + check_result $? - echo "step 4 create cert" - if [ "$3" = "" ]; then - openssl x509 -req -days 1000 -sha256 \ - -in "$1".csr -signkey ../server-key.pem \ - -out "$1".pem -extfile "$1".conf - else - openssl x509 -req -days 1000 -sha256 \ - -in "$1".csr -signkey ../server-key.pem \ - -out "$1".pem -extensions req_ext -extfile "$1".conf - fi - check_result $? - rm "$1".conf - rm "$1".csr + echo "step 4 create cert" + if [ "$3" = "" ]; then + openssl x509 -req -days 1000 -sha256 \ + -in "$1".csr -signkey ../server-key.pem \ + -out "$1".pem -extfile "$1".conf + else + openssl x509 -req -days 1000 -sha256 \ + -in "$1".csr -signkey ../server-key.pem \ + -out "$1".pem -extensions req_ext -extfile "$1".conf + fi + check_result $? + rm "$1".conf + rm "$1".csr - if [ -n "$4" ]; then - echo "step 5 generate crl" - mkdir ../crl/demoCA - touch ../crl/demoCA/index.txt - echo "01" > ../crl/crlnumber - openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \ - -out crl.revoked -keyfile ../server-key.pem -cert "$1".pem - check_result $? - rm ../crl/"$1"Crl.pem - openssl crl -in crl.revoked -text > tmp.pem - check_result $? - mv tmp.pem ../crl/"$1"Crl.pem - rm crl.revoked - rm -rf ../crl/demoCA - rm ../crl/crlnumber* - fi + if [ -n "$4" ]; then + echo "step 5 generate crl" + mkdir ../crl/demoCA + touch ../crl/demoCA/index.txt + echo "01" > ../crl/crlnumber + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 \ + -out crl.revoked -keyfile ../server-key.pem -cert "$1".pem + check_result $? + rm ../crl/"$1"Crl.pem + openssl crl -in crl.revoked -text > tmp.pem + check_result $? + mv tmp.pem ../crl/"$1"Crl.pem + rm crl.revoked + rm -rf ../crl/demoCA + rm ../crl/crlnumber* + fi - echo "step 6 add cert text information to pem" - openssl x509 -inform pem -in "$1".pem -text > tmp.pem - check_result $? - mv tmp.pem "$1".pem + echo "step 6 add cert text information to pem" + openssl x509 -inform pem -in "$1".pem -text > tmp.pem + check_result $? + mv tmp.pem "$1".pem - echo "step 7 make binary der version" - openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der - check_result $? + echo "step 7 make binary der version" + openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der + check_result $? } generate_expired_certs() { - rm "$1".der - rm "$1".pem + rm "$1".der + rm "$1".pem - mkdir -p certs - touch ./index.txt - echo 1000 > ./serial + mkdir -p certs + touch ./index.txt + echo 1000 > ./serial - echo "step 1 create configuration" - build_test_cert_conf "$1" www.wolfssl.com 0 "$3" - check_result $? + echo "step 1 create configuration" + build_test_cert_conf "$1" www.wolfssl.com 0 "$3" + check_result $? - echo "step 2 create csr" - openssl req -new -sha256 -out "$1".csr -key "$2" -config "$1".conf - check_result $? + echo "step 2 create csr" + openssl req -new -sha256 -out "$1".csr -key "$2" -config "$1".conf + check_result $? - echo "step 3 check csr" - openssl req -text -noout -in "$1".csr - check_result $? + echo "step 3 check csr" + openssl req -text -noout -in "$1".csr + check_result $? - echo "step 4 create cert" - openssl ca -config ../renewcerts/wolfssl.cnf -selfsign -config "$1".conf \ - -keyfile "$2" -in "$1".csr -out "$1".pem \ - -startdate 201807310000Z -enddate 201808300000Z -batch - check_result $? - rm "$1".conf - rm "$1".csr + echo "step 4 create cert" + openssl ca -config ../renewcerts/wolfssl.cnf -selfsign -config "$1".conf \ + -keyfile "$2" -in "$1".csr -out "$1".pem \ + -startdate 201807310000Z -enddate 201808300000Z -batch + check_result $? + rm "$1".conf + rm "$1".csr - echo "step 5 add cert text information to pem" - openssl x509 -inform pem -in "$1".pem -text > tmp.pem - check_result $? - mv tmp.pem "$1".pem + echo "step 5 add cert text information to pem" + openssl x509 -inform pem -in "$1".pem -text > tmp.pem + check_result $? + mv tmp.pem "$1".pem - echo "step 7 make binary der version" - openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der - check_result $? + echo "step 7 make binary der version" + openssl x509 -inform pem -in "$1".pem -outform der -out "$1".der + check_result $? - rm -rf certs - rm ./index.txt* - rm ./serial* + rm -rf certs + rm ./index.txt* + rm ./serial* } # Generate Good CN=localhost, Alt=None