Skip to content

Commit 8f7e2df

Browse files
uliSchusteruliSchuster
committed
feat: Simplify generation of test certificates
1 parent 05f8fd3 commit 8f7e2df

File tree

5 files changed

+15
-26
lines changed

5 files changed

+15
-26
lines changed

Diff for: src/test/resources/alice-certgen-rsa.sh

+2-7
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,8 @@ $openssl_bin genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_k
1515
### Save the private key without password protection
1616
$openssl_bin rsa -in ${priv_key_name}.rsakey -out ${priv_key_name}.nopass.rsakey
1717

18-
echo "Issue certificate signing request (CSR) for the RSA key with parameters in ${certificate_config_filename}"
19-
$openssl_bin req -new -key ${priv_key_name}.nopass.rsakey -sha256 -out ${account_name}.csr -config ${certificate_config_filename}
20-
echo "Content of the certificate signing request:"
21-
$openssl_bin req -text -noout -in ${account_name}.csr
22-
2318
echo "Generating self-signed certificate..."
24-
$openssl_bin x509 -req -days ${validity_days} -in ${account_name}.csr -signkey ${priv_key_name}.nopass.rsakey -sha256 -out ${account_name}.crt -extensions smime -extfile ${certificate_config_filename}
19+
$openssl_bin req -outform PEM -out ${account_name}.pem -key ${priv_key_name}.nopass.rsakey -keyform PEM -x509 -nodes -batch -days $validity_days -config $certificate_config_filename -pkeyopt rsa_keygen_bits:2048 -sha256
2520

2621
echo "Generating .p12 file with certificate and private key..."
27-
$openssl_bin pkcs12 -export -in ${account_name}.crt -inkey ${priv_key_name}.nopass.rsakey -out ${account_name}.p12
22+
$openssl_bin pkcs12 -export -in ${account_name}.pem -inkey ${priv_key_name}.nopass.rsakey -out ${account_name}.p12

Diff for: src/test/resources/alice.p12

-16 Bytes
Binary file not shown.

Diff for: src/test/resources/bob-certgen-rsa.sh

+3-8
Original file line numberDiff line numberDiff line change
@@ -11,17 +11,12 @@ certificate_config_filename="${account_name}.cnf"
1111
validity_days=1825 # Five years, so the tests won't fail too soon.
1212

1313
echo "Generating private RSASSA-PSS key"
14-
$openssl_bin genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 -out ${priv_key_name}.rsapsskey
14+
$openssl_bin genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 -out ${priv_key_name}.rsapsskey
1515
### Save the private key without password protection
1616
$openssl_bin rsa -in ${priv_key_name}.rsapsskey -out ${priv_key_name}.nopass.rsapsskey
1717

18-
echo "Issue certificate signing request (CSR) for the RSASSA-PSS key with parameters in ${certificate_config_filename}"
19-
$openssl_bin req -new -key ${priv_key_name}.nopass.rsapsskey -sha256 -out ${account_name}.csr -config ${certificate_config_filename}
20-
echo "Content of the certificate signing request:"
21-
$openssl_bin req -text -noout -in ${account_name}.csr
22-
2318
echo "Generating self-signed certificate..."
24-
$openssl_bin x509 -req -days ${validity_days} -in ${account_name}.csr -signkey ${priv_key_name}.nopass.rsapsskey -sha256 -out ${account_name}.crt -extensions smime -extfile ${certificate_config_filename}
19+
$openssl_bin req -outform PEM -out ${account_name}.pem -key ${priv_key_name}.nopass.rsapsskey -keyform PEM -x509 -nodes -batch -days $validity_days -config $certificate_config_filename -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -sigopt rsa_mgf1_md:sha256 -sha256
2520

2621
echo "Generating .p12 file with certificate and private key..."
27-
$openssl_bin pkcs12 -export -in ${account_name}.crt -inkey ${priv_key_name}.nopass.rsapsskey -out ${account_name}.p12
22+
$openssl_bin pkcs12 -export -in ${account_name}.pem -inkey ${priv_key_name}.nopass.rsapsskey -out ${account_name}.p12

Diff for: src/test/resources/bob.cnf

+10-11
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
[ req ]
22
default_bits = 4096
33
distinguished_name = req_distinguished_name
4+
x509_extensions = x509_ext
45
string_mask = utf8only
56

67
[ req_distinguished_name ]
@@ -21,15 +22,13 @@ emailAddress = Email Address
2122
emailAddress_default = [email protected]
2223
emailAddress_max = 64
2324

24-
[ usr_cert ]
25-
subjectKeyIdentifier=hash
26-
authorityKeyIdentifier=keyid,issuer
27-
subjectAltName=email:move
25+
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
26+
[ x509_ext ]
2827

29-
[ smime ]
30-
basicConstraints = CA:FALSE
31-
keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment
32-
extendedKeyUsage = emailProtection
33-
subjectKeyIdentifier = hash
34-
authorityKeyIdentifier = keyid:always, issuer
35-
subjectAltName = email:copy
28+
subjectKeyIdentifier = hash
29+
authorityKeyIdentifier = keyid,issuer
30+
31+
basicConstraints = CA:FALSE
32+
keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
33+
extendedKeyUsage = clientAuth, emailProtection
34+
#subjectAltName = email:copy

Diff for: src/test/resources/bob.p12

80 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)