blob: 2b5cef840b1bdfc985aeab2807dc84c328072adf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# Generate input to certutil
certscript() {
ca=n
while [ $# -gt 0 ]; do
case $1 in
sign) echo 0 ;;
kex) echo 2 ;;
ca) echo 5;echo 6;ca=y ;;
esac; shift
done;
echo 9
echo n
echo $ca
echo
echo n
}
# $1: name
# $2: type
# $3+: usages: sign or kex
make_cert() {
name=$1
type=$2
# defaults
type_args=()
trust=',,'
sign=(-x)
sighash=(-Z SHA256)
case $type in
dsa) type_args=(-g 1024) ;;
rsa) type_args=(-g 1024) ;;
rsa2048) type_args=(-g 2048);type=rsa ;;
rsa8192) type_args=(-g 8192);type=rsa ;;
rsapss) type_args=(-g 1024 --pss);type=rsa ;;
rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;;
rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;;
rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;;
p256) type_args=(-q nistp256);type=ec ;;
p384) type_args=(-q secp384r1);type=ec ;;
p521) type_args=(-q secp521r1);type=ec ;;
rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;;
rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;;
rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;;
rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;;
rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;;
ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;;
esac
shift 2
counter=$(($counter + 1))
certscript $@ | ${BINDIR}/certutil -S \
-z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
-n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \
-w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2
html_msg $? 0 "create certificate: $@"
}
|