diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-06-01 09:08:36 +0200 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2018-06-01 10:04:10 +0200 |
| commit | 8a1411905b7624e4980e0cc4ae4e19551a832ab4 (patch) | |
| tree | 366b9e78a10c5a78128d7bfda3e654e2907c5e46 /xmlsecurity | |
| parent | b5dd045bf533a2ba4d1c98debe5a2acba4c8b486 (diff) | |
xmlsecurity: add ecdsa option to certificate generator script
Change-Id: I8bb48c46aaea9ef4ce4bc4ab58ea8b88fe0e48a2
Reviewed-on: https://gerrit.libreoffice.org/55159
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>
Diffstat (limited to 'xmlsecurity')
| -rwxr-xr-x | xmlsecurity/qa/create-certs/create-certs.sh | 48 |
1 files changed, 34 insertions, 14 deletions
diff --git a/xmlsecurity/qa/create-certs/create-certs.sh b/xmlsecurity/qa/create-certs/create-certs.sh index 30ae73df7463..0307d03b6ee2 100755 --- a/xmlsecurity/qa/create-certs/create-certs.sh +++ b/xmlsecurity/qa/create-certs/create-certs.sh @@ -28,6 +28,11 @@ # root="$PWD" +algo="RSA" + +if [ -n "$1" ]; then + algo="$1" +fi if [ -d "$root/ca" ]; then echo "'ca' directory already exists in $root, please remove it before running this script." @@ -63,7 +68,7 @@ openssl req -config openssl.cnf \ -new -x509 -days 7300 -sha256 -extensions v3_ca \ -out certs/ca.cert.pem \ -passin env:SSLPASS \ - -subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test Root CA' + -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity ${algo} Test Root CA" chmod 444 certs/ca.cert.pem # 2) Create the intermediate pair. @@ -98,7 +103,7 @@ openssl req -config intermediate/openssl.cnf -new -sha256 \ -key intermediate/private/intermediate.key.pem \ -out intermediate/csr/intermediate.csr.pem \ -passin env:SSLPASS \ - -subj '/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Intermediate Root CA' + -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity Intermediate Root CA" # The certificate itself. openssl ca -batch -config openssl.cnf -extensions v3_intermediate_ca \ @@ -119,9 +124,14 @@ for i in Alice Bob do # Create a key. cd "$root/ca" - openssl genrsa -aes256 \ - -out intermediate/private/example-xmlsecurity-${i}.key.pem \ - -passout env:SSLPASS 2048 + if [ "$algo" == "ECDSA" ]; then + openssl ecparam -name secp256r1 -genkey \ + -out intermediate/private/example-xmlsecurity-${i}.key.pem + else + openssl genrsa -aes256 \ + -out intermediate/private/example-xmlsecurity-${i}.key.pem \ + -passout env:SSLPASS 2048 + fi chmod 400 intermediate/private/example-xmlsecurity-${i}.key.pem # Create a certificate signing request (CSR). @@ -131,7 +141,7 @@ do -key intermediate/private/example-xmlsecurity-${i}.key.pem \ -new -sha256 -out intermediate/csr/example-xmlsecurity-${i}.csr.pem \ -passin env:SSLPASS \ - -subj "/C=UK/ST=England/O=Xmlsecurity Test/CN=Xmlsecurity Test example ${i}" + -subj "/C=UK/ST=England/O=Xmlsecurity ${algo} Test/CN=Xmlsecurity ${algo} Test example ${i}" # To create a certificate, use the intermediate CA to sign the CSR. cd "$root/ca" @@ -144,14 +154,24 @@ do chmod 444 intermediate/certs/example-xmlsecurity-${i}.cert.pem # Export it in PKCS#12 format. - openssl pkcs12 -export \ - -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \ - -passout env:SSLPASS \ - -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \ - -passin env:SSLPASS \ - -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \ - -certfile intermediate/certs/ca-chain.cert.pem \ - -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" + if [ "$algo" == "ECDSA" ]; then + openssl pkcs12 -export \ + -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \ + -passout env:SSLPASS \ + -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \ + -passin env:SSLPASS \ + -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \ + -certfile intermediate/certs/ca-chain.cert.pem + else + openssl pkcs12 -export \ + -out ./intermediate/private/example-xmlsecurity-${i}.cert.p12 \ + -passout env:SSLPASS \ + -inkey intermediate/private/example-xmlsecurity-${i}.key.pem \ + -passin env:SSLPASS \ + -in intermediate/certs/example-xmlsecurity-${i}.cert.pem \ + -certfile intermediate/certs/ca-chain.cert.pem \ + -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" + fi done echo |