projects / platform / upstream / nodejs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
crypto: add cert check to CNNIC Whitelist
[platform/upstream/nodejs.git] / test / fixtures / keys / Makefile
1 all: agent1-cert.pem agent2-cert.pem agent3-cert.pem agent4-cert.pem agent5-cert.pem ca2-crl.pem ec-cert.pem dh512.pem dh1024.pem dh2048.pem rsa_private_1024.pem rsa_private_2048.pem rsa_private_4096.pem rsa_public_1024.pem rsa_public_2048.pem rsa_public_4096.pem
2
3
4 #
5 # Create Certificate Authority: ca1
6 # ('password' is used for the CA password.)
7 #
8 ca1-cert.pem: ca1.cnf
9         openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
10
11 #
12 # Create Certificate Authority: ca2
13 # ('password' is used for the CA password.)
14 #
15 ca2-cert.pem: ca2.cnf
16         openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
17         echo '01' > ca2-serial
18         touch ca2-database.txt
19
20 #
21 # Create Subordinate Certificate Authority: ca3
22 # ('password' is used for the CA password.)
23 #
24 ca3-key.pem:
25         openssl genrsa -out ca3-key.pem 1024
26
27 ca3-csr.pem: ca3.cnf ca3-key.pem
28         openssl req -new \
29                 -extensions v3_ca \
30                 -config ca3.cnf \
31                 -key ca3-key.pem \
32                 -out ca3-csr.pem
33
34 ca3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
35         openssl x509 -req \
36                 -extfile ca3.cnf \
37                 -extensions v3_ca \
38                 -days 9999 \
39                 -passin "pass:password" \
40                 -in ca3-csr.pem \
41                 -CA ca1-cert.pem \
42                 -CAkey ca1-key.pem \
43                 -CAcreateserial \
44                 -out ca3-cert.pem
45
46 #
47 # Create Fake CNNIC Root Certificate Authority: fake-cnnic-root
48 #
49
50 fake-cnnic-root-key.pem:
51         openssl genrsa -out fake-cnnic-root-key.pem 2048
52
53 fake-cnnic-root-cert.pem: fake-cnnic-root.cnf fake-cnnic-root-key.pem
54         openssl req -x509 -new \
55                 -key fake-cnnic-root-key.pem \
56                 -days 1024 \
57                 -out fake-cnnic-root-cert.pem \
58                 -config fake-cnnic-root.cnf
59
60 #
61 # agent1 is signed by ca1.
62 #
63
64 agent1-key.pem:
65         openssl genrsa -out agent1-key.pem 1024
66
67 agent1-csr.pem: agent1.cnf agent1-key.pem
68         openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem
69
70 agent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
71         openssl x509 -req \
72                 -extfile agent1.cnf \
73                 -extensions v3_ca \
74                 -days 9999 \
75                 -passin "pass:password" \
76                 -in agent1-csr.pem \
77                 -CA ca1-cert.pem \
78                 -CAkey ca1-key.pem \
79                 -CAcreateserial \
80                 -out agent1-cert.pem
81
82 agent1-verify: agent1-cert.pem ca1-cert.pem
83         openssl verify -CAfile ca1-cert.pem agent1-cert.pem
84
85
86 #
87 # agent2 has a self signed cert
88 #
89 # Generate new private key
90 agent2-key.pem:
91         openssl genrsa -out agent2-key.pem 1024
92
93 # Create a Certificate Signing Request for the key
94 agent2-csr.pem: agent2-key.pem agent2.cnf
95         openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem
96
97 # Create a Certificate for the agent.
98 agent2-cert.pem: agent2-csr.pem agent2-key.pem
99         openssl x509 -req \
100                 -days 9999 \
101                 -in agent2-csr.pem \
102                 -signkey agent2-key.pem \
103                 -out agent2-cert.pem
104
105 agent2-verify: agent2-cert.pem
106         openssl verify -CAfile agent2-cert.pem agent2-cert.pem
107
108 #
109 # agent3 is signed by ca2.
110 #
111
112 agent3-key.pem:
113         openssl genrsa -out agent3-key.pem 1024
114
115 agent3-csr.pem: agent3.cnf agent3-key.pem
116         openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem
117
118 agent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem
119         openssl x509 -req \
120                 -days 9999 \
121                 -passin "pass:password" \
122                 -in agent3-csr.pem \
123                 -CA ca2-cert.pem \
124                 -CAkey ca2-key.pem \
125                 -CAcreateserial \
126                 -out agent3-cert.pem
127
128 agent3-verify: agent3-cert.pem ca2-cert.pem
129         openssl verify -CAfile ca2-cert.pem agent3-cert.pem
130
131
132 #
133 # agent4 is signed by ca2 (client cert)
134 #
135
136 agent4-key.pem:
137         openssl genrsa -out agent4-key.pem 1024
138
139 agent4-csr.pem: agent4.cnf agent4-key.pem
140         openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem
141
142 agent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem
143         openssl x509 -req \
144                 -days 9999 \
145                 -passin "pass:password" \
146                 -in agent4-csr.pem \
147                 -CA ca2-cert.pem \
148                 -CAkey ca2-key.pem \
149                 -CAcreateserial \
150                 -extfile agent4.cnf \
151                 -extensions ext_key_usage \
152                 -out agent4-cert.pem
153
154 agent4-verify: agent4-cert.pem ca2-cert.pem
155         openssl verify -CAfile ca2-cert.pem agent4-cert.pem
156
157 #
158 # Make CRL with agent4 being rejected
159 #
160 ca2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf
161         openssl ca -revoke agent4-cert.pem \
162                 -keyfile ca2-key.pem \
163                 -cert ca2-cert.pem \
164                 -config ca2.cnf \
165                 -passin 'pass:password'
166         openssl ca \
167                 -keyfile ca2-key.pem \
168                 -cert ca2-cert.pem \
169                 -config ca2.cnf \
170                 -gencrl \
171                 -out ca2-crl.pem \
172                 -passin 'pass:password'
173
174 #
175 # agent5 is signed by ca2 (client cert)
176 #
177
178 agent5-key.pem:
179         openssl genrsa -out agent5-key.pem 1024
180
181 agent5-csr.pem: agent5.cnf agent5-key.pem
182         openssl req -new -config agent5.cnf -key agent5-key.pem -out agent5-csr.pem
183
184 agent5-cert.pem: agent5-csr.pem ca2-cert.pem ca2-key.pem
185         openssl x509 -req \
186                 -days 9999 \
187                 -passin "pass:password" \
188                 -in agent5-csr.pem \
189                 -CA ca2-cert.pem \
190                 -CAkey ca2-key.pem \
191                 -CAcreateserial \
192                 -extfile agent5.cnf \
193                 -extensions ext_key_usage \
194                 -out agent5-cert.pem
195
196 agent5-verify: agent5-cert.pem ca2-cert.pem
197         openssl verify -CAfile ca2-cert.pem agent5-cert.pem
198
199 #
200 # agent6 is signed by ca3
201 #
202
203 agent6-key.pem:
204         openssl genrsa -out agent6-key.pem 1024
205
206 agent6-csr.pem: agent6.cnf agent6-key.pem
207         openssl req -new -config agent6.cnf -key agent6-key.pem -out agent6-csr.pem
208
209 agent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem
210         openssl x509 -req \
211                 -days 9999 \
212                 -passin "pass:password" \
213                 -in agent6-csr.pem \
214                 -CA ca3-cert.pem \
215                 -CAkey ca3-key.pem \
216                 -CAcreateserial \
217                 -extfile agent6.cnf \
218                 -out agent6-cert.pem
219         cat ca3-cert.pem >> agent6-cert.pem
220
221 agent6-verify: agent6-cert.pem ca3-cert.pem
222         openssl verify -CAfile ca3-cert.pem agent6-cert.pem
223
224 #
225 # agent7 is signed by fake-cnnic-root.
226 #
227
228 agent7-key.pem:
229         openssl genrsa -out agent7-key.pem 2048
230
231 agent7-csr.pem: agent1.cnf agent7-key.pem
232         openssl req -new -config agent7.cnf -key agent7-key.pem -out agent7-csr.pem
233
234 agent7-cert.pem: agent7-csr.pem fake-cnnic-root-cert.pem fake-cnnic-root-key.pem
235         openssl x509 -req \
236                 -extfile agent7.cnf \
237                 -days 9999 \
238                 -passin "pass:password" \
239                 -in agent7-csr.pem \
240                 -CA fake-cnnic-root-cert.pem \
241                 -CAkey fake-cnnic-root-key.pem \
242                 -CAcreateserial \
243                 -out agent7-cert.pem
244
245 agent7-verify: agent7-cert.pem fake-cnnic-root-cert.pem
246         openssl verify -CAfile fake-cnnic-root-cert.pem agent7-cert.pem
247
248 ec-key.pem:
249         openssl ecparam -genkey -out ec-key.pem -name prime256v1
250
251 ec-csr.pem: ec-key.pem
252         openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
253
254 ec-cert.pem: ec-csr.pem ec-key.pem
255         openssl x509 -req \
256                 -days 9999 \
257                 -in ec-csr.pem \
258                 -signkey ec-key.pem \
259                 -out ec-cert.pem
260
261 dh512.pem:
262         openssl dhparam -out dh512.pem 512
263
264 dh1024.pem:
265         openssl dhparam -out dh1024.pem 1024
266
267 dh2048.pem:
268         openssl dhparam -out dh2048.pem 2048
269
270 rsa_private_1024.pem:
271         openssl genrsa -out rsa_private_1024.pem 1024
272
273 rsa_private_2048.pem:
274         openssl genrsa -out rsa_private_2048.pem 2048
275
276 rsa_private_4096.pem:
277         openssl genrsa -out rsa_private_4096.pem 4096
278
279 rsa_public_1024.pem: rsa_private_1024.pem
280         openssl rsa -in rsa_private_1024.pem -out rsa_public_1024.pem
281
282 rsa_public_2048.pem: rsa_private_2048.pem
283         openssl rsa -in rsa_private_2048.pem -out rsa_public_2048.pem
284
285 rsa_public_4096.pem: rsa_private_4096.pem
286         openssl rsa -in rsa_private_4096.pem -out rsa_public_4096.pem
287
288 clean:
289         rm -f *.pem *.srl ca2-database.txt ca2-serial
290
291 test: agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify
292
293
294 .PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify
Domain: Web Framework / Common;