mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-09-30 18:56:40 +00:00
71 lines
2.0 KiB
Bash
71 lines
2.0 KiB
Bash
# Generate input to certutil
|
|
certscript() {
|
|
ca=n
|
|
while [ $# -gt 0 ]; do
|
|
case $1 in
|
|
sign) echo 0 ;;
|
|
kex) echo 2 ;;
|
|
ca) echo 5;echo 6;ca=y ;;
|
|
esac; shift
|
|
done;
|
|
echo 9
|
|
echo n
|
|
echo $ca
|
|
echo
|
|
echo n
|
|
}
|
|
|
|
# $1: name
|
|
# $2: type
|
|
# $3+: usages: sign or kex
|
|
make_cert() {
|
|
name=$1
|
|
type=$2
|
|
|
|
# defaults
|
|
type_args=()
|
|
trust=',,'
|
|
sign=(-x)
|
|
sighash=(-Z SHA256)
|
|
|
|
case $type in
|
|
dsa) type_args=(-g 1024) ;;
|
|
rsa) type_args=(-g 1024) ;;
|
|
rsa2048) type_args=(-g 2048);type=rsa ;;
|
|
rsa8192) type_args=(-g 8192);type=rsa ;;
|
|
rsapss) type_args=(-g 1024 --pss);type=rsa ;;
|
|
rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;;
|
|
rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;;
|
|
rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;;
|
|
p256) type_args=(-q nistp256);type=ec ;;
|
|
p384) type_args=(-q secp384r1);type=ec ;;
|
|
p521) type_args=(-q secp521r1);type=ec ;;
|
|
rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;;
|
|
rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;;
|
|
rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;;
|
|
rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;;
|
|
rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;;
|
|
ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;;
|
|
delegator_p256)
|
|
touch empty.txt
|
|
type_args=(-q nistp256 --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
|
|
type=ec
|
|
;;
|
|
delegator_rsae2048)
|
|
touch empty.txt
|
|
type_args=(-g 2048 --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
|
|
type=rsa
|
|
;;
|
|
esac
|
|
msg="create certificate: $@"
|
|
shift 2
|
|
counter=$(($counter + 1))
|
|
cmd=(${BINDIR}/certutil -S \
|
|
-z "$R_NOISE_FILE" -d "$PROFILEDIR" \
|
|
-n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \
|
|
-w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2)
|
|
echo "${cmd[@]}"
|
|
certscript $@ | "${cmd[@]}"
|
|
html_msg $? 0 "$msg"
|
|
}
|