xref: /third_party/node/test/fixtures/keys/Makefile (revision 1cb0ef41)
11cb0ef41Sopenharmony_ciall: \
21cb0ef41Sopenharmony_ci  ca1-cert.pem \
31cb0ef41Sopenharmony_ci  ca2-cert.pem \
41cb0ef41Sopenharmony_ci  ca2-crl.pem \
51cb0ef41Sopenharmony_ci  ca3-cert.pem \
61cb0ef41Sopenharmony_ci  ca4-cert.pem \
71cb0ef41Sopenharmony_ci  ca5-cert.pem \
81cb0ef41Sopenharmony_ci  ca6-cert.pem \
91cb0ef41Sopenharmony_ci  agent1-cert.pem \
101cb0ef41Sopenharmony_ci  agent1.pfx \
111cb0ef41Sopenharmony_ci  agent2-cert.pem \
121cb0ef41Sopenharmony_ci  agent3-cert.pem \
131cb0ef41Sopenharmony_ci  agent4-cert.pem \
141cb0ef41Sopenharmony_ci  agent5-cert.pem \
151cb0ef41Sopenharmony_ci  agent6-cert.pem \
161cb0ef41Sopenharmony_ci  agent6.pfx \
171cb0ef41Sopenharmony_ci  agent7-cert.pem \
181cb0ef41Sopenharmony_ci  agent8-cert.pem \
191cb0ef41Sopenharmony_ci  agent9-cert.pem \
201cb0ef41Sopenharmony_ci  agent10-cert.pem \
211cb0ef41Sopenharmony_ci  agent10.pfx \
221cb0ef41Sopenharmony_ci  ec10-cert.pem \
231cb0ef41Sopenharmony_ci  ec10.pfx \
241cb0ef41Sopenharmony_ci  dh512.pem \
251cb0ef41Sopenharmony_ci  dh1024.pem \
261cb0ef41Sopenharmony_ci  dh2048.pem \
271cb0ef41Sopenharmony_ci  dherror.pem \
281cb0ef41Sopenharmony_ci  dsa_params.pem \
291cb0ef41Sopenharmony_ci  dsa_private.pem \
301cb0ef41Sopenharmony_ci  dsa_private_encrypted.pem \
311cb0ef41Sopenharmony_ci  dsa_private_pkcs8.pem \
321cb0ef41Sopenharmony_ci  dsa_public.pem \
331cb0ef41Sopenharmony_ci  dsa1025.pem \
341cb0ef41Sopenharmony_ci  dsa_private_1025.pem \
351cb0ef41Sopenharmony_ci  dsa_private_encrypted_1025.pem \
361cb0ef41Sopenharmony_ci  dsa_public_1025.pem \
371cb0ef41Sopenharmony_ci  ec-cert.pem \
381cb0ef41Sopenharmony_ci  ec.pfx \
391cb0ef41Sopenharmony_ci  fake-cnnic-root-cert.pem \
401cb0ef41Sopenharmony_ci  rsa_private.pem \
411cb0ef41Sopenharmony_ci  rsa_private_encrypted.pem \
421cb0ef41Sopenharmony_ci  rsa_private_pkcs8.pem \
431cb0ef41Sopenharmony_ci  rsa_private_pkcs8_bad.pem \
441cb0ef41Sopenharmony_ci  rsa_public.pem \
451cb0ef41Sopenharmony_ci  rsa_ca.crt \
461cb0ef41Sopenharmony_ci  rsa_cert.crt \
471cb0ef41Sopenharmony_ci  rsa_cert.pfx \
481cb0ef41Sopenharmony_ci  rsa_public_sha1_signature_signedby_rsa_private.sha1 \
491cb0ef41Sopenharmony_ci  rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1 \
501cb0ef41Sopenharmony_ci  rsa_private_b.pem \
511cb0ef41Sopenharmony_ci  I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256 \
521cb0ef41Sopenharmony_ci  rsa_public_b.pem \
531cb0ef41Sopenharmony_ci  rsa_cert_foafssl_b.crt \
541cb0ef41Sopenharmony_ci  rsa_cert_foafssl_b.modulus \
551cb0ef41Sopenharmony_ci  rsa_cert_foafssl_b.exponent \
561cb0ef41Sopenharmony_ci  rsa_spkac.spkac \
571cb0ef41Sopenharmony_ci  rsa_spkac_invalid.spkac \
581cb0ef41Sopenharmony_ci  rsa_private_2048.pem \
591cb0ef41Sopenharmony_ci  rsa_private_4096.pem \
601cb0ef41Sopenharmony_ci  rsa_public_2048.pem \
611cb0ef41Sopenharmony_ci  rsa_public_4096.pem \
621cb0ef41Sopenharmony_ci  rsa_pss_private_2048.pem \
631cb0ef41Sopenharmony_ci  rsa_pss_private_2048_sha256_sha256_16.pem \
641cb0ef41Sopenharmony_ci  rsa_pss_private_2048_sha512_sha256_20.pem \
651cb0ef41Sopenharmony_ci  rsa_pss_private_2048_sha1_sha1_20.pem \
661cb0ef41Sopenharmony_ci  rsa_pss_public_2048.pem \
671cb0ef41Sopenharmony_ci  rsa_pss_public_2048_sha256_sha256_16.pem \
681cb0ef41Sopenharmony_ci  rsa_pss_public_2048_sha512_sha256_20.pem \
691cb0ef41Sopenharmony_ci  rsa_pss_public_2048_sha1_sha1_20.pem \
701cb0ef41Sopenharmony_ci  ed25519_private.pem \
711cb0ef41Sopenharmony_ci  ed25519_public.pem \
721cb0ef41Sopenharmony_ci  x25519_private.pem \
731cb0ef41Sopenharmony_ci  x25519_public.pem \
741cb0ef41Sopenharmony_ci  ed448_private.pem \
751cb0ef41Sopenharmony_ci  ed448_public.pem \
761cb0ef41Sopenharmony_ci  x448_private.pem \
771cb0ef41Sopenharmony_ci  x448_public.pem \
781cb0ef41Sopenharmony_ci  ec_p256_private.pem \
791cb0ef41Sopenharmony_ci  ec_p256_public.pem \
801cb0ef41Sopenharmony_ci  ec_p384_private.pem \
811cb0ef41Sopenharmony_ci  ec_p384_public.pem \
821cb0ef41Sopenharmony_ci  ec_p521_private.pem \
831cb0ef41Sopenharmony_ci  ec_p521_public.pem \
841cb0ef41Sopenharmony_ci  ec_secp256k1_private.pem \
851cb0ef41Sopenharmony_ci  ec_secp256k1_public.pem \
861cb0ef41Sopenharmony_ci  incorrect_san_correct_subject-cert.pem \
871cb0ef41Sopenharmony_ci  incorrect_san_correct_subject-key.pem \
881cb0ef41Sopenharmony_ci  irrelevant_san_correct_subject-cert.pem \
891cb0ef41Sopenharmony_ci  irrelevant_san_correct_subject-key.pem \
901cb0ef41Sopenharmony_ci
911cb0ef41Sopenharmony_ci#
921cb0ef41Sopenharmony_ci# Create Certificate Authority: ca1
931cb0ef41Sopenharmony_ci# ('password' is used for the CA password.)
941cb0ef41Sopenharmony_ci#
951cb0ef41Sopenharmony_cica1-cert.pem: ca1.cnf
961cb0ef41Sopenharmony_ci	openssl req -new -x509 -days 99999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem
971cb0ef41Sopenharmony_ci
981cb0ef41Sopenharmony_ci#
991cb0ef41Sopenharmony_ci# Create Certificate Authority: ca2
1001cb0ef41Sopenharmony_ci# ('password' is used for the CA password.)
1011cb0ef41Sopenharmony_ci#
1021cb0ef41Sopenharmony_cica2-cert.pem: ca2.cnf
1031cb0ef41Sopenharmony_ci	openssl req -new -x509 -days 99999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem
1041cb0ef41Sopenharmony_ci	echo '01' > ca2-serial
1051cb0ef41Sopenharmony_ci	touch ca2-database.txt
1061cb0ef41Sopenharmony_ci
1071cb0ef41Sopenharmony_ci#
1081cb0ef41Sopenharmony_ci# Create Subordinate Certificate Authority: ca3 issued by ca1
1091cb0ef41Sopenharmony_ci# ('password' is used for the CA password.)
1101cb0ef41Sopenharmony_ci#
1111cb0ef41Sopenharmony_cica3-key.pem:
1121cb0ef41Sopenharmony_ci	openssl genrsa -out ca3-key.pem 2048
1131cb0ef41Sopenharmony_ci
1141cb0ef41Sopenharmony_cica3-csr.pem: ca3.cnf ca3-key.pem
1151cb0ef41Sopenharmony_ci	openssl req -new \
1161cb0ef41Sopenharmony_ci		-extensions v3_ca \
1171cb0ef41Sopenharmony_ci		-config ca3.cnf \
1181cb0ef41Sopenharmony_ci		-key ca3-key.pem \
1191cb0ef41Sopenharmony_ci		-out ca3-csr.pem
1201cb0ef41Sopenharmony_ci
1211cb0ef41Sopenharmony_cica3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
1221cb0ef41Sopenharmony_ci	openssl x509 -req \
1231cb0ef41Sopenharmony_ci		-extfile ca3.cnf \
1241cb0ef41Sopenharmony_ci		-extensions v3_ca \
1251cb0ef41Sopenharmony_ci		-days 99999 \
1261cb0ef41Sopenharmony_ci		-passin "pass:password" \
1271cb0ef41Sopenharmony_ci		-in ca3-csr.pem \
1281cb0ef41Sopenharmony_ci		-CA ca1-cert.pem \
1291cb0ef41Sopenharmony_ci		-CAkey ca1-key.pem \
1301cb0ef41Sopenharmony_ci		-CAcreateserial \
1311cb0ef41Sopenharmony_ci		-out ca3-cert.pem
1321cb0ef41Sopenharmony_ci
1331cb0ef41Sopenharmony_ci#
1341cb0ef41Sopenharmony_ci# Create Subordinate Certificate Authority: ca4 issued by ca2
1351cb0ef41Sopenharmony_ci# ('password' is used for the CA password.)
1361cb0ef41Sopenharmony_ci#
1371cb0ef41Sopenharmony_cica4-key.pem:
1381cb0ef41Sopenharmony_ci	openssl genrsa -out ca4-key.pem 2048
1391cb0ef41Sopenharmony_ci
1401cb0ef41Sopenharmony_cica4-csr.pem: ca4.cnf ca4-key.pem
1411cb0ef41Sopenharmony_ci	openssl req -new \
1421cb0ef41Sopenharmony_ci		-extensions v3_ca \
1431cb0ef41Sopenharmony_ci		-config ca4.cnf \
1441cb0ef41Sopenharmony_ci		-key ca4-key.pem \
1451cb0ef41Sopenharmony_ci		-out ca4-csr.pem
1461cb0ef41Sopenharmony_ci
1471cb0ef41Sopenharmony_cica4-cert.pem: ca4-csr.pem ca4-key.pem ca4.cnf ca2-cert.pem ca2-key.pem
1481cb0ef41Sopenharmony_ci	openssl x509 -req \
1491cb0ef41Sopenharmony_ci		-extfile ca4.cnf \
1501cb0ef41Sopenharmony_ci		-extensions v3_ca \
1511cb0ef41Sopenharmony_ci		-days 99999 \
1521cb0ef41Sopenharmony_ci		-passin "pass:password" \
1531cb0ef41Sopenharmony_ci		-in ca4-csr.pem \
1541cb0ef41Sopenharmony_ci		-CA ca2-cert.pem \
1551cb0ef41Sopenharmony_ci		-CAkey ca2-key.pem \
1561cb0ef41Sopenharmony_ci		-CAcreateserial \
1571cb0ef41Sopenharmony_ci		-out ca4-cert.pem
1581cb0ef41Sopenharmony_ci
1591cb0ef41Sopenharmony_ci#
1601cb0ef41Sopenharmony_ci# Create Certificate Authority: ca5 with ECC
1611cb0ef41Sopenharmony_ci# ('password' is used for the CA password.)
1621cb0ef41Sopenharmony_ci#
1631cb0ef41Sopenharmony_cica5-key.pem:
1641cb0ef41Sopenharmony_ci	openssl ecparam -genkey -out ca5-key.pem -name prime256v1
1651cb0ef41Sopenharmony_ci
1661cb0ef41Sopenharmony_cica5-csr.pem: ca5.cnf ca5-key.pem
1671cb0ef41Sopenharmony_ci	openssl req -new \
1681cb0ef41Sopenharmony_ci		-config ca5.cnf \
1691cb0ef41Sopenharmony_ci		-key ca5-key.pem \
1701cb0ef41Sopenharmony_ci		-out ca5-csr.pem
1711cb0ef41Sopenharmony_ci
1721cb0ef41Sopenharmony_cica5-cert.pem: ca5.cnf ca5-key.pem ca5-csr.pem
1731cb0ef41Sopenharmony_ci	openssl x509 -req \
1741cb0ef41Sopenharmony_ci		-extfile ca5.cnf \
1751cb0ef41Sopenharmony_ci		-extensions v3_ca \
1761cb0ef41Sopenharmony_ci		-days 99999 \
1771cb0ef41Sopenharmony_ci		-passin "pass:password" \
1781cb0ef41Sopenharmony_ci		-in ca5-csr.pem \
1791cb0ef41Sopenharmony_ci		-signkey ca5-key.pem \
1801cb0ef41Sopenharmony_ci		-out ca5-cert.pem
1811cb0ef41Sopenharmony_ci
1821cb0ef41Sopenharmony_ci#
1831cb0ef41Sopenharmony_ci# Create Subordinate Certificate Authority: ca6 issued by ca5 with ECC
1841cb0ef41Sopenharmony_ci# ('password' is used for the CA password.)
1851cb0ef41Sopenharmony_ci#
1861cb0ef41Sopenharmony_cica6-key.pem:
1871cb0ef41Sopenharmony_ci	openssl ecparam -genkey -out ca6-key.pem -name prime256v1
1881cb0ef41Sopenharmony_ci
1891cb0ef41Sopenharmony_cica6-csr.pem: ca6.cnf ca6-key.pem
1901cb0ef41Sopenharmony_ci	openssl req -new \
1911cb0ef41Sopenharmony_ci		-extensions v3_ca \
1921cb0ef41Sopenharmony_ci		-config ca6.cnf \
1931cb0ef41Sopenharmony_ci		-key ca6-key.pem \
1941cb0ef41Sopenharmony_ci		-out ca6-csr.pem
1951cb0ef41Sopenharmony_ci
1961cb0ef41Sopenharmony_cica6-cert.pem: ca6-csr.pem ca6-key.pem ca6.cnf ca5-cert.pem ca5-key.pem
1971cb0ef41Sopenharmony_ci	openssl x509 -req \
1981cb0ef41Sopenharmony_ci		-extfile ca6.cnf \
1991cb0ef41Sopenharmony_ci		-extensions v3_ca \
2001cb0ef41Sopenharmony_ci		-days 99999 \
2011cb0ef41Sopenharmony_ci		-passin "pass:password" \
2021cb0ef41Sopenharmony_ci		-in ca6-csr.pem \
2031cb0ef41Sopenharmony_ci		-CA ca5-cert.pem \
2041cb0ef41Sopenharmony_ci		-CAkey ca5-key.pem \
2051cb0ef41Sopenharmony_ci		-CAcreateserial \
2061cb0ef41Sopenharmony_ci		-out ca6-cert.pem
2071cb0ef41Sopenharmony_ci
2081cb0ef41Sopenharmony_ci#
2091cb0ef41Sopenharmony_ci# Create Fake CNNIC Root Certificate Authority: fake-cnnic-root
2101cb0ef41Sopenharmony_ci#
2111cb0ef41Sopenharmony_ci
2121cb0ef41Sopenharmony_cifake-cnnic-root-key.pem:
2131cb0ef41Sopenharmony_ci	openssl genrsa -out fake-cnnic-root-key.pem 2048
2141cb0ef41Sopenharmony_ci
2151cb0ef41Sopenharmony_cifake-cnnic-root-cert.pem: fake-cnnic-root.cnf fake-cnnic-root-key.pem
2161cb0ef41Sopenharmony_ci	openssl req -x509 -new \
2171cb0ef41Sopenharmony_ci	        -key fake-cnnic-root-key.pem \
2181cb0ef41Sopenharmony_ci	        -days 99999 \
2191cb0ef41Sopenharmony_ci	        -out fake-cnnic-root-cert.pem \
2201cb0ef41Sopenharmony_ci	        -config fake-cnnic-root.cnf
2211cb0ef41Sopenharmony_ci
2221cb0ef41Sopenharmony_ci#
2231cb0ef41Sopenharmony_ci# Create Fake StartCom Root Certificate Authority: fake-startcom-root
2241cb0ef41Sopenharmony_ci#
2251cb0ef41Sopenharmony_cifake-startcom-root-key.pem:
2261cb0ef41Sopenharmony_ci	openssl genrsa -out fake-startcom-root-key.pem 2048
2271cb0ef41Sopenharmony_ci
2281cb0ef41Sopenharmony_cifake-startcom-root-cert.pem: fake-startcom-root.cnf \
2291cb0ef41Sopenharmony_ci	fake-startcom-root-key.pem
2301cb0ef41Sopenharmony_ci	openssl req -new -x509 -days 99999 -config \
2311cb0ef41Sopenharmony_ci	fake-startcom-root.cnf -key fake-startcom-root-key.pem -out \
2321cb0ef41Sopenharmony_ci	fake-startcom-root-cert.pem
2331cb0ef41Sopenharmony_ci	echo '01' > fake-startcom-root-serial
2341cb0ef41Sopenharmony_ci	touch fake-startcom-root-database.txt
2351cb0ef41Sopenharmony_ci
2361cb0ef41Sopenharmony_ci#
2371cb0ef41Sopenharmony_ci# agent1 is signed by ca1.
2381cb0ef41Sopenharmony_ci#
2391cb0ef41Sopenharmony_ci
2401cb0ef41Sopenharmony_ciagent1-key.pem:
2411cb0ef41Sopenharmony_ci	openssl genrsa -out agent1-key.pem 2048
2421cb0ef41Sopenharmony_ci
2431cb0ef41Sopenharmony_ciagent1-csr.pem: agent1.cnf agent1-key.pem
2441cb0ef41Sopenharmony_ci	openssl req -new -config agent1.cnf -key agent1-key.pem -out agent1-csr.pem
2451cb0ef41Sopenharmony_ci
2461cb0ef41Sopenharmony_ciagent1-cert.pem: agent1-csr.pem ca1-cert.pem ca1-key.pem
2471cb0ef41Sopenharmony_ci	openssl x509 -req \
2481cb0ef41Sopenharmony_ci		-extfile agent1.cnf \
2491cb0ef41Sopenharmony_ci		-extensions v3_ca \
2501cb0ef41Sopenharmony_ci		-days 99999 \
2511cb0ef41Sopenharmony_ci		-passin "pass:password" \
2521cb0ef41Sopenharmony_ci		-in agent1-csr.pem \
2531cb0ef41Sopenharmony_ci		-CA ca1-cert.pem \
2541cb0ef41Sopenharmony_ci		-CAkey ca1-key.pem \
2551cb0ef41Sopenharmony_ci		-CAcreateserial \
2561cb0ef41Sopenharmony_ci		-out agent1-cert.pem
2571cb0ef41Sopenharmony_ci
2581cb0ef41Sopenharmony_ciagent1.pfx: agent1-cert.pem agent1-key.pem ca1-cert.pem
2591cb0ef41Sopenharmony_ci	openssl pkcs12 -export \
2601cb0ef41Sopenharmony_ci		-descert \
2611cb0ef41Sopenharmony_ci		-in agent1-cert.pem \
2621cb0ef41Sopenharmony_ci		-inkey agent1-key.pem \
2631cb0ef41Sopenharmony_ci		-certfile ca1-cert.pem \
2641cb0ef41Sopenharmony_ci		-out agent1.pfx \
2651cb0ef41Sopenharmony_ci		-password pass:sample
2661cb0ef41Sopenharmony_ci
2671cb0ef41Sopenharmony_ciagent1-verify: agent1-cert.pem ca1-cert.pem
2681cb0ef41Sopenharmony_ci	openssl verify -CAfile ca1-cert.pem agent1-cert.pem
2691cb0ef41Sopenharmony_ci
2701cb0ef41Sopenharmony_ci
2711cb0ef41Sopenharmony_ci#
2721cb0ef41Sopenharmony_ci# agent2 has a self signed cert
2731cb0ef41Sopenharmony_ci#
2741cb0ef41Sopenharmony_ci# Generate new private key
2751cb0ef41Sopenharmony_ciagent2-key.pem:
2761cb0ef41Sopenharmony_ci	openssl genrsa -out agent2-key.pem 2048
2771cb0ef41Sopenharmony_ci
2781cb0ef41Sopenharmony_ci# Create a Certificate Signing Request for the key
2791cb0ef41Sopenharmony_ciagent2-csr.pem: agent2-key.pem agent2.cnf
2801cb0ef41Sopenharmony_ci	openssl req -new -config agent2.cnf -key agent2-key.pem -out agent2-csr.pem
2811cb0ef41Sopenharmony_ci
2821cb0ef41Sopenharmony_ci# Create a Certificate for the agent.
2831cb0ef41Sopenharmony_ciagent2-cert.pem: agent2-csr.pem agent2-key.pem
2841cb0ef41Sopenharmony_ci	openssl x509 -req \
2851cb0ef41Sopenharmony_ci		-days 99999 \
2861cb0ef41Sopenharmony_ci		-in agent2-csr.pem \
2871cb0ef41Sopenharmony_ci		-signkey agent2-key.pem \
2881cb0ef41Sopenharmony_ci		-out agent2-cert.pem
2891cb0ef41Sopenharmony_ci
2901cb0ef41Sopenharmony_ciagent2-verify: agent2-cert.pem
2911cb0ef41Sopenharmony_ci	openssl verify -CAfile agent2-cert.pem agent2-cert.pem
2921cb0ef41Sopenharmony_ci
2931cb0ef41Sopenharmony_ci#
2941cb0ef41Sopenharmony_ci# agent3 is signed by ca2.
2951cb0ef41Sopenharmony_ci#
2961cb0ef41Sopenharmony_ci
2971cb0ef41Sopenharmony_ciagent3-key.pem:
2981cb0ef41Sopenharmony_ci	openssl genrsa -out agent3-key.pem 2048
2991cb0ef41Sopenharmony_ci
3001cb0ef41Sopenharmony_ciagent3-csr.pem: agent3.cnf agent3-key.pem
3011cb0ef41Sopenharmony_ci	openssl req -new -config agent3.cnf -key agent3-key.pem -out agent3-csr.pem
3021cb0ef41Sopenharmony_ci
3031cb0ef41Sopenharmony_ciagent3-cert.pem: agent3-csr.pem ca2-cert.pem ca2-key.pem
3041cb0ef41Sopenharmony_ci	openssl x509 -req \
3051cb0ef41Sopenharmony_ci		-days 99999 \
3061cb0ef41Sopenharmony_ci		-passin "pass:password" \
3071cb0ef41Sopenharmony_ci		-in agent3-csr.pem \
3081cb0ef41Sopenharmony_ci		-CA ca2-cert.pem \
3091cb0ef41Sopenharmony_ci		-CAkey ca2-key.pem \
3101cb0ef41Sopenharmony_ci		-CAcreateserial \
3111cb0ef41Sopenharmony_ci		-out agent3-cert.pem
3121cb0ef41Sopenharmony_ci
3131cb0ef41Sopenharmony_ciagent3-verify: agent3-cert.pem ca2-cert.pem
3141cb0ef41Sopenharmony_ci	openssl verify -CAfile ca2-cert.pem agent3-cert.pem
3151cb0ef41Sopenharmony_ci
3161cb0ef41Sopenharmony_ci
3171cb0ef41Sopenharmony_ci#
3181cb0ef41Sopenharmony_ci# agent4 is signed by ca2 (client cert)
3191cb0ef41Sopenharmony_ci#
3201cb0ef41Sopenharmony_ci
3211cb0ef41Sopenharmony_ciagent4-key.pem:
3221cb0ef41Sopenharmony_ci	openssl genrsa -out agent4-key.pem 2048
3231cb0ef41Sopenharmony_ci
3241cb0ef41Sopenharmony_ciagent4-csr.pem: agent4.cnf agent4-key.pem
3251cb0ef41Sopenharmony_ci	openssl req -new -config agent4.cnf -key agent4-key.pem -out agent4-csr.pem
3261cb0ef41Sopenharmony_ci
3271cb0ef41Sopenharmony_ciagent4-cert.pem: agent4-csr.pem ca2-cert.pem ca2-key.pem
3281cb0ef41Sopenharmony_ci	openssl x509 -req \
3291cb0ef41Sopenharmony_ci		-days 99999 \
3301cb0ef41Sopenharmony_ci		-passin "pass:password" \
3311cb0ef41Sopenharmony_ci		-in agent4-csr.pem \
3321cb0ef41Sopenharmony_ci		-CA ca2-cert.pem \
3331cb0ef41Sopenharmony_ci		-CAkey ca2-key.pem \
3341cb0ef41Sopenharmony_ci		-CAcreateserial \
3351cb0ef41Sopenharmony_ci		-extfile agent4.cnf \
3361cb0ef41Sopenharmony_ci		-extensions ext_key_usage \
3371cb0ef41Sopenharmony_ci		-out agent4-cert.pem
3381cb0ef41Sopenharmony_ci
3391cb0ef41Sopenharmony_ciagent4-verify: agent4-cert.pem ca2-cert.pem
3401cb0ef41Sopenharmony_ci	openssl verify -CAfile ca2-cert.pem agent4-cert.pem
3411cb0ef41Sopenharmony_ci
3421cb0ef41Sopenharmony_ci#
3431cb0ef41Sopenharmony_ci# Make CRL with agent4 being rejected
3441cb0ef41Sopenharmony_ci#
3451cb0ef41Sopenharmony_cica2-crl.pem: ca2-key.pem ca2-cert.pem ca2.cnf agent4-cert.pem
3461cb0ef41Sopenharmony_ci	openssl ca -revoke agent4-cert.pem \
3471cb0ef41Sopenharmony_ci		-keyfile ca2-key.pem \
3481cb0ef41Sopenharmony_ci		-cert ca2-cert.pem \
3491cb0ef41Sopenharmony_ci		-config ca2.cnf \
3501cb0ef41Sopenharmony_ci		-passin 'pass:password'
3511cb0ef41Sopenharmony_ci	openssl ca \
3521cb0ef41Sopenharmony_ci		-keyfile ca2-key.pem \
3531cb0ef41Sopenharmony_ci		-cert ca2-cert.pem \
3541cb0ef41Sopenharmony_ci		-config ca2.cnf \
3551cb0ef41Sopenharmony_ci		-gencrl \
3561cb0ef41Sopenharmony_ci		-out ca2-crl.pem \
3571cb0ef41Sopenharmony_ci		-passin 'pass:password'
3581cb0ef41Sopenharmony_ci
3591cb0ef41Sopenharmony_ci#
3601cb0ef41Sopenharmony_ci# agent5 is signed by ca2 (client cert)
3611cb0ef41Sopenharmony_ci#
3621cb0ef41Sopenharmony_ci
3631cb0ef41Sopenharmony_ciagent5-key.pem:
3641cb0ef41Sopenharmony_ci	openssl genrsa -out agent5-key.pem 2048
3651cb0ef41Sopenharmony_ci
3661cb0ef41Sopenharmony_ciagent5-csr.pem: agent5.cnf agent5-key.pem
3671cb0ef41Sopenharmony_ci	openssl req -new -config agent5.cnf -key agent5-key.pem -out agent5-csr.pem
3681cb0ef41Sopenharmony_ci
3691cb0ef41Sopenharmony_ciagent5-cert.pem: agent5-csr.pem ca2-cert.pem ca2-key.pem
3701cb0ef41Sopenharmony_ci	openssl x509 -req \
3711cb0ef41Sopenharmony_ci		-days 99999 \
3721cb0ef41Sopenharmony_ci		-passin "pass:password" \
3731cb0ef41Sopenharmony_ci		-in agent5-csr.pem \
3741cb0ef41Sopenharmony_ci		-CA ca2-cert.pem \
3751cb0ef41Sopenharmony_ci		-CAkey ca2-key.pem \
3761cb0ef41Sopenharmony_ci		-CAcreateserial \
3771cb0ef41Sopenharmony_ci		-extfile agent5.cnf \
3781cb0ef41Sopenharmony_ci		-extensions ext_key_usage \
3791cb0ef41Sopenharmony_ci		-out agent5-cert.pem
3801cb0ef41Sopenharmony_ci
3811cb0ef41Sopenharmony_ciagent5-verify: agent5-cert.pem ca2-cert.pem
3821cb0ef41Sopenharmony_ci	openssl verify -CAfile ca2-cert.pem agent5-cert.pem
3831cb0ef41Sopenharmony_ci
3841cb0ef41Sopenharmony_ci#
3851cb0ef41Sopenharmony_ci# agent6 is a client RSA cert signed by ca3
3861cb0ef41Sopenharmony_ci#
3871cb0ef41Sopenharmony_ci
3881cb0ef41Sopenharmony_ciagent6-key.pem:
3891cb0ef41Sopenharmony_ci	openssl genrsa -out agent6-key.pem 2048
3901cb0ef41Sopenharmony_ci
3911cb0ef41Sopenharmony_ciagent6-csr.pem: agent6.cnf agent6-key.pem
3921cb0ef41Sopenharmony_ci	openssl req -new -config agent6.cnf -key agent6-key.pem -out agent6-csr.pem
3931cb0ef41Sopenharmony_ci
3941cb0ef41Sopenharmony_ciagent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem
3951cb0ef41Sopenharmony_ci	openssl x509 -req \
3961cb0ef41Sopenharmony_ci		-days 99999 \
3971cb0ef41Sopenharmony_ci		-passin "pass:password" \
3981cb0ef41Sopenharmony_ci		-in agent6-csr.pem \
3991cb0ef41Sopenharmony_ci		-CA ca3-cert.pem \
4001cb0ef41Sopenharmony_ci		-CAkey ca3-key.pem \
4011cb0ef41Sopenharmony_ci		-CAcreateserial \
4021cb0ef41Sopenharmony_ci		-extfile agent6.cnf \
4031cb0ef41Sopenharmony_ci		-out agent6-cert.pem
4041cb0ef41Sopenharmony_ci	cat ca3-cert.pem >> agent6-cert.pem
4051cb0ef41Sopenharmony_ci
4061cb0ef41Sopenharmony_ciagent6-verify: agent6-cert.pem ca3-cert.pem ca1-cert.pem
4071cb0ef41Sopenharmony_ci	openssl verify -trusted ca1-cert.pem -untrusted ca3-cert.pem agent6-cert.pem
4081cb0ef41Sopenharmony_ci
4091cb0ef41Sopenharmony_ciagent6.pfx: agent6-cert.pem agent6-key.pem ca1-cert.pem
4101cb0ef41Sopenharmony_ci	openssl pkcs12 -export \
4111cb0ef41Sopenharmony_ci		-descert \
4121cb0ef41Sopenharmony_ci		-in agent6-cert.pem \
4131cb0ef41Sopenharmony_ci		-inkey agent6-key.pem \
4141cb0ef41Sopenharmony_ci		-certfile ca1-cert.pem \
4151cb0ef41Sopenharmony_ci		-out agent6.pfx \
4161cb0ef41Sopenharmony_ci		-password pass:sample
4171cb0ef41Sopenharmony_ci
4181cb0ef41Sopenharmony_ci#
4191cb0ef41Sopenharmony_ci# agent7 is signed by fake-cnnic-root.
4201cb0ef41Sopenharmony_ci#
4211cb0ef41Sopenharmony_ci
4221cb0ef41Sopenharmony_ciagent7-key.pem:
4231cb0ef41Sopenharmony_ci	openssl genrsa -out agent7-key.pem 2048
4241cb0ef41Sopenharmony_ci
4251cb0ef41Sopenharmony_ciagent7-csr.pem: agent1.cnf agent7-key.pem
4261cb0ef41Sopenharmony_ci	openssl req -new -config agent7.cnf -key agent7-key.pem -out agent7-csr.pem
4271cb0ef41Sopenharmony_ci
4281cb0ef41Sopenharmony_ciagent7-cert.pem: agent7-csr.pem fake-cnnic-root-cert.pem fake-cnnic-root-key.pem
4291cb0ef41Sopenharmony_ci	openssl x509 -req \
4301cb0ef41Sopenharmony_ci		-extfile agent7.cnf \
4311cb0ef41Sopenharmony_ci		-days 99999 \
4321cb0ef41Sopenharmony_ci		-passin "pass:password" \
4331cb0ef41Sopenharmony_ci		-in agent7-csr.pem \
4341cb0ef41Sopenharmony_ci		-CA fake-cnnic-root-cert.pem \
4351cb0ef41Sopenharmony_ci		-CAkey fake-cnnic-root-key.pem \
4361cb0ef41Sopenharmony_ci		-CAcreateserial \
4371cb0ef41Sopenharmony_ci		-out agent7-cert.pem
4381cb0ef41Sopenharmony_ci
4391cb0ef41Sopenharmony_ciagent7-verify: agent7-cert.pem fake-cnnic-root-cert.pem
4401cb0ef41Sopenharmony_ci	openssl verify -CAfile fake-cnnic-root-cert.pem agent7-cert.pem
4411cb0ef41Sopenharmony_ci
4421cb0ef41Sopenharmony_ci#
4431cb0ef41Sopenharmony_ci# agent8 is signed by fake-startcom-root with notBefore
4441cb0ef41Sopenharmony_ci# of Oct 20 23:59:59 2016 GMT
4451cb0ef41Sopenharmony_ci#
4461cb0ef41Sopenharmony_ci
4471cb0ef41Sopenharmony_ciagent8-key.pem:
4481cb0ef41Sopenharmony_ci	openssl genrsa -out agent8-key.pem 2048
4491cb0ef41Sopenharmony_ci
4501cb0ef41Sopenharmony_ciagent8-csr.pem: agent8.cnf agent8-key.pem
4511cb0ef41Sopenharmony_ci	openssl req -new -config agent8.cnf -key agent8-key.pem \
4521cb0ef41Sopenharmony_ci	-out agent8-csr.pem
4531cb0ef41Sopenharmony_ci
4541cb0ef41Sopenharmony_ciagent8-cert.pem: agent8-csr.pem fake-startcom-root-cert.pem fake-startcom-root-key.pem
4551cb0ef41Sopenharmony_ci	openssl ca \
4561cb0ef41Sopenharmony_ci		-config fake-startcom-root.cnf \
4571cb0ef41Sopenharmony_ci		-keyfile fake-startcom-root-key.pem \
4581cb0ef41Sopenharmony_ci		-cert fake-startcom-root-cert.pem \
4591cb0ef41Sopenharmony_ci		-batch \
4601cb0ef41Sopenharmony_ci		-days 99999 \
4611cb0ef41Sopenharmony_ci		-passin "pass:password" \
4621cb0ef41Sopenharmony_ci		-in agent8-csr.pem \
4631cb0ef41Sopenharmony_ci		-startdate 161020235959Z \
4641cb0ef41Sopenharmony_ci		-notext -out agent8-cert.pem
4651cb0ef41Sopenharmony_ci
4661cb0ef41Sopenharmony_ci
4671cb0ef41Sopenharmony_ciagent8-verify: agent8-cert.pem fake-startcom-root-cert.pem
4681cb0ef41Sopenharmony_ci	openssl verify -CAfile fake-startcom-root-cert.pem \
4691cb0ef41Sopenharmony_ci	agent8-cert.pem
4701cb0ef41Sopenharmony_ci
4711cb0ef41Sopenharmony_ci
4721cb0ef41Sopenharmony_ci#
4731cb0ef41Sopenharmony_ci# agent9 is signed by fake-startcom-root with notBefore
4741cb0ef41Sopenharmony_ci# of Oct 21 00:00:01 2016 GMT
4751cb0ef41Sopenharmony_ci#
4761cb0ef41Sopenharmony_ciagent9-key.pem:
4771cb0ef41Sopenharmony_ci	openssl genrsa -out agent9-key.pem 2048
4781cb0ef41Sopenharmony_ci
4791cb0ef41Sopenharmony_ciagent9-csr.pem: agent9.cnf agent9-key.pem
4801cb0ef41Sopenharmony_ci	openssl req -new -config agent9.cnf -key agent9-key.pem \
4811cb0ef41Sopenharmony_ci	-out agent9-csr.pem
4821cb0ef41Sopenharmony_ci
4831cb0ef41Sopenharmony_ci
4841cb0ef41Sopenharmony_ciagent9-cert.pem: agent9-csr.pem
4851cb0ef41Sopenharmony_ci	openssl ca \
4861cb0ef41Sopenharmony_ci		-config fake-startcom-root.cnf \
4871cb0ef41Sopenharmony_ci		-keyfile fake-startcom-root-key.pem \
4881cb0ef41Sopenharmony_ci		-cert fake-startcom-root-cert.pem \
4891cb0ef41Sopenharmony_ci		-batch \
4901cb0ef41Sopenharmony_ci		-days 99999 \
4911cb0ef41Sopenharmony_ci		-passin "pass:password" \
4921cb0ef41Sopenharmony_ci		-in agent9-csr.pem \
4931cb0ef41Sopenharmony_ci		-startdate 20161021000001Z \
4941cb0ef41Sopenharmony_ci		-notext -out agent9-cert.pem
4951cb0ef41Sopenharmony_ci
4961cb0ef41Sopenharmony_ci# agent10 is a server RSA cert signed by ca4 for agent10.example.com
4971cb0ef41Sopenharmony_ci#
4981cb0ef41Sopenharmony_ci
4991cb0ef41Sopenharmony_ciagent10-key.pem:
5001cb0ef41Sopenharmony_ci	openssl genrsa -out agent10-key.pem 2048
5011cb0ef41Sopenharmony_ci
5021cb0ef41Sopenharmony_ciagent10-csr.pem: agent10.cnf agent10-key.pem
5031cb0ef41Sopenharmony_ci	openssl req -new -config agent10.cnf -key agent10-key.pem -out agent10-csr.pem
5041cb0ef41Sopenharmony_ci
5051cb0ef41Sopenharmony_ciagent10-cert.pem: agent10-csr.pem ca4-cert.pem ca4-key.pem
5061cb0ef41Sopenharmony_ci	openssl x509 -req \
5071cb0ef41Sopenharmony_ci		-days 99999 \
5081cb0ef41Sopenharmony_ci		-passin "pass:password" \
5091cb0ef41Sopenharmony_ci		-in agent10-csr.pem \
5101cb0ef41Sopenharmony_ci		-CA ca4-cert.pem \
5111cb0ef41Sopenharmony_ci		-CAkey ca4-key.pem \
5121cb0ef41Sopenharmony_ci		-CAcreateserial \
5131cb0ef41Sopenharmony_ci		-extfile agent10.cnf \
5141cb0ef41Sopenharmony_ci		-out agent10-cert.pem
5151cb0ef41Sopenharmony_ci	cat ca4-cert.pem >> agent10-cert.pem
5161cb0ef41Sopenharmony_ci
5171cb0ef41Sopenharmony_ciagent10-verify: agent10-cert.pem ca4-cert.pem ca2-cert.pem
5181cb0ef41Sopenharmony_ci	openssl verify -trusted ca2-cert.pem -untrusted ca4-cert.pem agent10-cert.pem
5191cb0ef41Sopenharmony_ci
5201cb0ef41Sopenharmony_ciagent10.pfx: agent10-cert.pem agent10-key.pem ca1-cert.pem
5211cb0ef41Sopenharmony_ci	openssl pkcs12 -export \
5221cb0ef41Sopenharmony_ci		-descert \
5231cb0ef41Sopenharmony_ci		-in agent10-cert.pem \
5241cb0ef41Sopenharmony_ci		-inkey agent10-key.pem \
5251cb0ef41Sopenharmony_ci		-certfile ca1-cert.pem \
5261cb0ef41Sopenharmony_ci		-out agent10.pfx \
5271cb0ef41Sopenharmony_ci		-password pass:sample
5281cb0ef41Sopenharmony_ci
5291cb0ef41Sopenharmony_ci#
5301cb0ef41Sopenharmony_ci# ec10 is a server EC cert signed by ca6 for agent10.example.com
5311cb0ef41Sopenharmony_ci#
5321cb0ef41Sopenharmony_ci
5331cb0ef41Sopenharmony_ciec10-key.pem:
5341cb0ef41Sopenharmony_ci	openssl ecparam -genkey -out ec10-key.pem -name prime256v1
5351cb0ef41Sopenharmony_ci
5361cb0ef41Sopenharmony_ciec10-csr.pem: ec10-key.pem
5371cb0ef41Sopenharmony_ci	openssl req -new -config agent10.cnf -key ec10-key.pem -out ec10-csr.pem
5381cb0ef41Sopenharmony_ci
5391cb0ef41Sopenharmony_ciec10-cert.pem: ec10-csr.pem ca6-cert.pem ca6-key.pem
5401cb0ef41Sopenharmony_ci	openssl x509 -req \
5411cb0ef41Sopenharmony_ci		-days 99999 \
5421cb0ef41Sopenharmony_ci		-passin "pass:password" \
5431cb0ef41Sopenharmony_ci		-in ec10-csr.pem \
5441cb0ef41Sopenharmony_ci		-CA ca6-cert.pem \
5451cb0ef41Sopenharmony_ci		-CAkey ca6-key.pem \
5461cb0ef41Sopenharmony_ci		-CAcreateserial \
5471cb0ef41Sopenharmony_ci		-extfile agent10.cnf \
5481cb0ef41Sopenharmony_ci		-out ec10-cert.pem
5491cb0ef41Sopenharmony_ci	cat ca6-cert.pem >> ec10-cert.pem
5501cb0ef41Sopenharmony_ci
5511cb0ef41Sopenharmony_ciec10-verify: ec10-cert.pem ca6-cert.pem ca5-cert.pem
5521cb0ef41Sopenharmony_ci	openssl verify -trusted ca5-cert.pem -untrusted ca6-cert.pem ec10-cert.pem
5531cb0ef41Sopenharmony_ci
5541cb0ef41Sopenharmony_ciec10.pfx: ec10-cert.pem ec10-key.pem ca6-cert.pem
5551cb0ef41Sopenharmony_ci	openssl pkcs12 -export \
5561cb0ef41Sopenharmony_ci		-descert \
5571cb0ef41Sopenharmony_ci		-in ec10-cert.pem \
5581cb0ef41Sopenharmony_ci		-inkey ec10-key.pem \
5591cb0ef41Sopenharmony_ci		-certfile ca6-cert.pem \
5601cb0ef41Sopenharmony_ci		-out ec10.pfx \
5611cb0ef41Sopenharmony_ci		-password pass:sample
5621cb0ef41Sopenharmony_ci
5631cb0ef41Sopenharmony_ci
5641cb0ef41Sopenharmony_ci#
5651cb0ef41Sopenharmony_ci# ec is a self-signed EC cert for CN "agent2"
5661cb0ef41Sopenharmony_ci#
5671cb0ef41Sopenharmony_ciec-key.pem:
5681cb0ef41Sopenharmony_ci	openssl ecparam -genkey -out ec-key.pem -name prime256v1
5691cb0ef41Sopenharmony_ci
5701cb0ef41Sopenharmony_ciec-csr.pem: ec-key.pem
5711cb0ef41Sopenharmony_ci	openssl req -new -config ec.cnf -key ec-key.pem -out ec-csr.pem
5721cb0ef41Sopenharmony_ci
5731cb0ef41Sopenharmony_ciec-cert.pem: ec-csr.pem ec-key.pem
5741cb0ef41Sopenharmony_ci	openssl x509 -req \
5751cb0ef41Sopenharmony_ci		-days 99999 \
5761cb0ef41Sopenharmony_ci		-in ec-csr.pem \
5771cb0ef41Sopenharmony_ci		-signkey ec-key.pem \
5781cb0ef41Sopenharmony_ci		-out ec-cert.pem
5791cb0ef41Sopenharmony_ci
5801cb0ef41Sopenharmony_ciec.pfx: ec-cert.pem ec-key.pem
5811cb0ef41Sopenharmony_ci	openssl pkcs12 -export \
5821cb0ef41Sopenharmony_ci		-descert \
5831cb0ef41Sopenharmony_ci		-in ec-cert.pem \
5841cb0ef41Sopenharmony_ci		-inkey ec-key.pem \
5851cb0ef41Sopenharmony_ci		-out ec.pfx \
5861cb0ef41Sopenharmony_ci		-password pass:
5871cb0ef41Sopenharmony_ci
5881cb0ef41Sopenharmony_cidh512.pem:
5891cb0ef41Sopenharmony_ci	openssl dhparam -out dh512.pem 512
5901cb0ef41Sopenharmony_ci
5911cb0ef41Sopenharmony_cidh1024.pem:
5921cb0ef41Sopenharmony_ci	openssl dhparam -out dh1024.pem 1024
5931cb0ef41Sopenharmony_ci
5941cb0ef41Sopenharmony_cidh2048.pem:
5951cb0ef41Sopenharmony_ci	openssl dhparam -out dh2048.pem 2048
5961cb0ef41Sopenharmony_ci
5971cb0ef41Sopenharmony_cidherror.pem: dh1024.pem
5981cb0ef41Sopenharmony_ci	sed 's/^[^-].*/AAAAAAAAAA/g' dh1024.pem > dherror.pem
5991cb0ef41Sopenharmony_ci
6001cb0ef41Sopenharmony_cidsa_params.pem:
6011cb0ef41Sopenharmony_ci	openssl dsaparam -out dsa_params.pem 2048
6021cb0ef41Sopenharmony_ci
6031cb0ef41Sopenharmony_cidsa_private.pem: dsa_params.pem
6041cb0ef41Sopenharmony_ci	openssl gendsa -out dsa_private.pem dsa_params.pem
6051cb0ef41Sopenharmony_ci
6061cb0ef41Sopenharmony_cidsa_private_encrypted.pem: dsa_private.pem
6071cb0ef41Sopenharmony_ci	openssl dsa -aes256 -in dsa_private.pem -passout 'pass:password' -out dsa_private_encrypted.pem
6081cb0ef41Sopenharmony_ci
6091cb0ef41Sopenharmony_cidsa_private_pkcs8.pem: dsa_private.pem
6101cb0ef41Sopenharmony_ci	openssl pkcs8 -topk8 -inform PEM -outform PEM -in dsa_private.pem -out dsa_private_pkcs8.pem -nocrypt
6111cb0ef41Sopenharmony_ci
6121cb0ef41Sopenharmony_cidsa_public.pem: dsa_private.pem
6131cb0ef41Sopenharmony_ci	openssl dsa -in dsa_private.pem -pubout -out dsa_public.pem
6141cb0ef41Sopenharmony_ci
6151cb0ef41Sopenharmony_cidsa1025.pem:
6161cb0ef41Sopenharmony_ci	openssl dsaparam -out dsa1025.pem 1025
6171cb0ef41Sopenharmony_ci
6181cb0ef41Sopenharmony_cidsa_private_1025.pem:
6191cb0ef41Sopenharmony_ci	openssl gendsa -out dsa_private_1025.pem dsa1025.pem
6201cb0ef41Sopenharmony_ci
6211cb0ef41Sopenharmony_cidsa_private_encrypted_1025.pem:
6221cb0ef41Sopenharmony_ci	openssl pkcs8 -in dsa_private_1025.pem -topk8 -passout 'pass:secret' -out dsa_private_encrypted_1025.pem
6231cb0ef41Sopenharmony_ci
6241cb0ef41Sopenharmony_cidsa_public_1025.pem:
6251cb0ef41Sopenharmony_ci	openssl dsa -in dsa_private_1025.pem -pubout -out dsa_public_1025.pem
6261cb0ef41Sopenharmony_ci
6271cb0ef41Sopenharmony_cirsa_private.pem:
6281cb0ef41Sopenharmony_ci	openssl genrsa -out rsa_private.pem 2048
6291cb0ef41Sopenharmony_ci
6301cb0ef41Sopenharmony_cirsa_private_encrypted.pem: rsa_private.pem
6311cb0ef41Sopenharmony_ci	openssl rsa -aes256 -in rsa_private.pem -passout 'pass:password' -out rsa_private_encrypted.pem
6321cb0ef41Sopenharmony_ci
6331cb0ef41Sopenharmony_cirsa_private_pkcs8.pem: rsa_private.pem
6341cb0ef41Sopenharmony_ci	openssl pkcs8 -topk8 -inform PEM -outform PEM -in rsa_private.pem -out rsa_private_pkcs8.pem -nocrypt
6351cb0ef41Sopenharmony_ci
6361cb0ef41Sopenharmony_cirsa_private_pkcs8_bad.pem: rsa_private_pkcs8.pem
6371cb0ef41Sopenharmony_ci	sed 's/PRIVATE/RSA PRIVATE/g' rsa_private_pkcs8.pem > rsa_private_pkcs8_bad.pem
6381cb0ef41Sopenharmony_ci
6391cb0ef41Sopenharmony_cirsa_public.pem: rsa_private.pem
6401cb0ef41Sopenharmony_ci	openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem
6411cb0ef41Sopenharmony_ci
6421cb0ef41Sopenharmony_cirsa_cert.crt: rsa_private.pem
6431cb0ef41Sopenharmony_ci	openssl req -new -x509 -days 99999 -key rsa_private.pem -config rsa_cert.cnf -out rsa_cert.crt
6441cb0ef41Sopenharmony_ci
6451cb0ef41Sopenharmony_cirsa_cert.pfx: rsa_cert.crt
6461cb0ef41Sopenharmony_ci	openssl pkcs12 -export -descert -passout 'pass:sample' -inkey rsa_private.pem -in rsa_cert.crt -out rsa_cert.pfx
6471cb0ef41Sopenharmony_ci
6481cb0ef41Sopenharmony_cirsa_ca.crt: rsa_cert.crt
6491cb0ef41Sopenharmony_ci	cp rsa_cert.crt rsa_ca.crt
6501cb0ef41Sopenharmony_ci
6511cb0ef41Sopenharmony_cirsa_public_sha1_signature_signedby_rsa_private.sha1: rsa_public.pem rsa_private.pem
6521cb0ef41Sopenharmony_ci	openssl dgst -sha1 -sign rsa_private.pem -out rsa_public_sha1_signature_signedby_rsa_private.sha1 rsa_public.pem
6531cb0ef41Sopenharmony_ci
6541cb0ef41Sopenharmony_cirsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1: rsa_public.pem rsa_private_pkcs8.pem
6551cb0ef41Sopenharmony_ci	openssl dgst -sha1 -sign rsa_private_pkcs8.pem -out rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1 rsa_public.pem
6561cb0ef41Sopenharmony_ci
6571cb0ef41Sopenharmony_cirsa_private_b.pem:
6581cb0ef41Sopenharmony_ci	openssl genrsa -out rsa_private_b.pem 2048
6591cb0ef41Sopenharmony_ci
6601cb0ef41Sopenharmony_ciI_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256: rsa_private_b.pem
6611cb0ef41Sopenharmony_ci	echo -n "I AM THE WALRUS" | openssl dgst -sha256 -sign rsa_private_b.pem -out I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256
6621cb0ef41Sopenharmony_ci
6631cb0ef41Sopenharmony_cirsa_public_b.pem: rsa_private_b.pem
6641cb0ef41Sopenharmony_ci	openssl rsa -in rsa_private_b.pem -pubout -out rsa_public_b.pem
6651cb0ef41Sopenharmony_ci
6661cb0ef41Sopenharmony_ci# The following 'foafssl' cert is used in test/parallel/test-https-foafssl.js.
6671cb0ef41Sopenharmony_ci# It requires a SAN like 'http://example.com/#me'. More info here:
6681cb0ef41Sopenharmony_ci# https://www.w3.org/wiki/Foaf+ssl
6691cb0ef41Sopenharmony_cirsa_cert_foafssl_b.crt: rsa_private_b.pem
6701cb0ef41Sopenharmony_ci	openssl req -new -x509 -days 99999 -config rsa_cert_foafssl_b.cnf -key rsa_private_b.pem -out rsa_cert_foafssl_b.crt
6711cb0ef41Sopenharmony_ci
6721cb0ef41Sopenharmony_ci# The 'modulus=' in the output must be stripped out
6731cb0ef41Sopenharmony_cirsa_cert_foafssl_b.modulus: rsa_cert_foafssl_b.crt
6741cb0ef41Sopenharmony_ci	openssl x509 -modulus -in rsa_cert_foafssl_b.crt -noout | cut -c 9- > rsa_cert_foafssl_b.modulus
6751cb0ef41Sopenharmony_ci
6761cb0ef41Sopenharmony_ci# Have to parse out the hex exponent
6771cb0ef41Sopenharmony_cirsa_cert_foafssl_b.exponent: rsa_cert_foafssl_b.crt
6781cb0ef41Sopenharmony_ci	openssl x509 -in  rsa_cert_foafssl_b.crt -text | grep -o 'Exponent:.*' | sed 's/\(.*(\|).*\)//g' > rsa_cert_foafssl_b.exponent
6791cb0ef41Sopenharmony_ci
6801cb0ef41Sopenharmony_ci# openssl outputs `SPKAC=[SPKAC]`. That prefix needs to be removed to work with node
6811cb0ef41Sopenharmony_cirsa_spkac.spkac: rsa_private.pem
6821cb0ef41Sopenharmony_ci	openssl spkac -key rsa_private.pem -challenge this-is-a-challenge | cut -c 7- > rsa_spkac.spkac
6831cb0ef41Sopenharmony_ci
6841cb0ef41Sopenharmony_ci# cutting characters from the start to invalidate the spkac
6851cb0ef41Sopenharmony_cirsa_spkac_invalid.spkac: rsa_spkac.spkac
6861cb0ef41Sopenharmony_ci	cat rsa_spkac.spkac | cut -c 5- > rsa_spkac_invalid.spkac
6871cb0ef41Sopenharmony_ci
6881cb0ef41Sopenharmony_cirsa_private_2048.pem:
6891cb0ef41Sopenharmony_ci	openssl genrsa -out rsa_private_2048.pem 2048
6901cb0ef41Sopenharmony_ci
6911cb0ef41Sopenharmony_cirsa_private_4096.pem:
6921cb0ef41Sopenharmony_ci	openssl genrsa -out rsa_private_4096.pem 4096
6931cb0ef41Sopenharmony_ci
6941cb0ef41Sopenharmony_cirsa_public_2048.pem: rsa_private_2048.pem
6951cb0ef41Sopenharmony_ci	openssl rsa -in rsa_private_2048.pem -pubout -out rsa_public_2048.pem
6961cb0ef41Sopenharmony_ci
6971cb0ef41Sopenharmony_cirsa_public_4096.pem: rsa_private_4096.pem
6981cb0ef41Sopenharmony_ci	openssl rsa -in rsa_private_4096.pem -pubout -out rsa_public_4096.pem
6991cb0ef41Sopenharmony_ci
7001cb0ef41Sopenharmony_cirsa_pss_private_2048.pem:
7011cb0ef41Sopenharmony_ci	openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out rsa_pss_private_2048.pem
7021cb0ef41Sopenharmony_ci
7031cb0ef41Sopenharmony_cirsa_pss_private_2048_sha256_sha256_16.pem:
7041cb0ef41Sopenharmony_ci	openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_sha256_sha256_16.pem
7051cb0ef41Sopenharmony_ci
7061cb0ef41Sopenharmony_cirsa_pss_private_2048_sha512_sha256_20.pem:
7071cb0ef41Sopenharmony_ci	openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha512 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha512_sha256_20.pem
7081cb0ef41Sopenharmony_ci
7091cb0ef41Sopenharmony_cirsa_pss_private_2048_sha1_sha1_20.pem:
7101cb0ef41Sopenharmony_ci	openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha1 -pkeyopt rsa_pss_keygen_mgf1_md:sha1 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha1_sha1_20.pem
7111cb0ef41Sopenharmony_ci
7121cb0ef41Sopenharmony_cirsa_pss_public_2048.pem: rsa_pss_private_2048.pem
7131cb0ef41Sopenharmony_ci	openssl pkey -in rsa_pss_private_2048.pem -pubout -out rsa_pss_public_2048.pem
7141cb0ef41Sopenharmony_ci
7151cb0ef41Sopenharmony_cirsa_pss_public_2048_sha256_sha256_16.pem: rsa_pss_private_2048_sha256_sha256_16.pem
7161cb0ef41Sopenharmony_ci	openssl pkey -in rsa_pss_private_2048_sha256_sha256_16.pem -pubout -out rsa_pss_public_2048_sha256_sha256_16.pem
7171cb0ef41Sopenharmony_ci
7181cb0ef41Sopenharmony_cirsa_pss_public_2048_sha512_sha256_20.pem: rsa_pss_private_2048_sha512_sha256_20.pem
7191cb0ef41Sopenharmony_ci	openssl pkey -in rsa_pss_private_2048_sha512_sha256_20.pem -pubout -out rsa_pss_public_2048_sha512_sha256_20.pem
7201cb0ef41Sopenharmony_ci
7211cb0ef41Sopenharmony_cirsa_pss_public_2048_sha1_sha1_20.pem: rsa_pss_private_2048_sha1_sha1_20.pem
7221cb0ef41Sopenharmony_ci	openssl pkey -in rsa_pss_private_2048_sha1_sha1_20.pem -pubout -out rsa_pss_public_2048_sha1_sha1_20.pem
7231cb0ef41Sopenharmony_ci
7241cb0ef41Sopenharmony_cied25519_private.pem:
7251cb0ef41Sopenharmony_ci	openssl genpkey -algorithm ED25519 -out ed25519_private.pem
7261cb0ef41Sopenharmony_ci
7271cb0ef41Sopenharmony_cied25519_public.pem: ed25519_private.pem
7281cb0ef41Sopenharmony_ci	openssl pkey -in ed25519_private.pem -pubout -out ed25519_public.pem
7291cb0ef41Sopenharmony_ci
7301cb0ef41Sopenharmony_cix25519_private.pem:
7311cb0ef41Sopenharmony_ci	openssl genpkey -algorithm x25519 -out x25519_private.pem
7321cb0ef41Sopenharmony_ci
7331cb0ef41Sopenharmony_cix25519_public.pem: x25519_private.pem
7341cb0ef41Sopenharmony_ci	openssl pkey -in x25519_private.pem -pubout -out x25519_public.pem
7351cb0ef41Sopenharmony_ci
7361cb0ef41Sopenharmony_cied448_private.pem:
7371cb0ef41Sopenharmony_ci	openssl genpkey -algorithm ed448 -out ed448_private.pem
7381cb0ef41Sopenharmony_ci
7391cb0ef41Sopenharmony_cied448_public.pem: ed448_private.pem
7401cb0ef41Sopenharmony_ci	openssl pkey -in ed448_private.pem -pubout -out ed448_public.pem
7411cb0ef41Sopenharmony_ci
7421cb0ef41Sopenharmony_cix448_private.pem:
7431cb0ef41Sopenharmony_ci	openssl genpkey -algorithm x448 -out x448_private.pem
7441cb0ef41Sopenharmony_ci
7451cb0ef41Sopenharmony_cix448_public.pem: x448_private.pem
7461cb0ef41Sopenharmony_ci	openssl pkey -in x448_private.pem -pubout -out x448_public.pem
7471cb0ef41Sopenharmony_ci
7481cb0ef41Sopenharmony_ciec_p256_private.pem:
7491cb0ef41Sopenharmony_ci	openssl ecparam -name prime256v1 -genkey -noout -out sec1_ec_p256_private.pem
7501cb0ef41Sopenharmony_ci	openssl pkcs8 -topk8 -nocrypt -in sec1_ec_p256_private.pem -out ec_p256_private.pem
7511cb0ef41Sopenharmony_ci	rm sec1_ec_p256_private.pem
7521cb0ef41Sopenharmony_ci
7531cb0ef41Sopenharmony_ciec_p256_public.pem: ec_p256_private.pem
7541cb0ef41Sopenharmony_ci	openssl ec -in ec_p256_private.pem -pubout -out ec_p256_public.pem
7551cb0ef41Sopenharmony_ci
7561cb0ef41Sopenharmony_ciec_p384_private.pem:
7571cb0ef41Sopenharmony_ci	openssl ecparam -name secp384r1 -genkey -noout -out sec1_ec_p384_private.pem
7581cb0ef41Sopenharmony_ci	openssl pkcs8 -topk8 -nocrypt -in sec1_ec_p384_private.pem -out ec_p384_private.pem
7591cb0ef41Sopenharmony_ci	rm sec1_ec_p384_private.pem
7601cb0ef41Sopenharmony_ci
7611cb0ef41Sopenharmony_ciec_p384_public.pem: ec_p384_private.pem
7621cb0ef41Sopenharmony_ci	openssl ec -in ec_p384_private.pem -pubout -out ec_p384_public.pem
7631cb0ef41Sopenharmony_ci
7641cb0ef41Sopenharmony_ciec_p521_private.pem:
7651cb0ef41Sopenharmony_ci	openssl ecparam -name secp521r1 -genkey -noout -out sec1_ec_p521_private.pem
7661cb0ef41Sopenharmony_ci	openssl pkcs8 -topk8 -nocrypt -in sec1_ec_p521_private.pem -out ec_p521_private.pem
7671cb0ef41Sopenharmony_ci	rm sec1_ec_p521_private.pem
7681cb0ef41Sopenharmony_ci
7691cb0ef41Sopenharmony_ciec_p521_public.pem: ec_p521_private.pem
7701cb0ef41Sopenharmony_ci	openssl ec -in ec_p521_private.pem -pubout -out ec_p521_public.pem
7711cb0ef41Sopenharmony_ci
7721cb0ef41Sopenharmony_ciec_secp256k1_private.pem:
7731cb0ef41Sopenharmony_ci	openssl ecparam -name secp256k1 -genkey -noout -out sec1_ec_secp256k1_private.pem
7741cb0ef41Sopenharmony_ci	openssl pkcs8 -topk8 -nocrypt -in sec1_ec_secp256k1_private.pem -out ec_secp256k1_private.pem
7751cb0ef41Sopenharmony_ci	rm sec1_ec_secp256k1_private.pem
7761cb0ef41Sopenharmony_ci
7771cb0ef41Sopenharmony_ciec_secp256k1_public.pem: ec_secp256k1_private.pem
7781cb0ef41Sopenharmony_ci	openssl ec -in ec_secp256k1_private.pem -pubout -out ec_secp256k1_public.pem
7791cb0ef41Sopenharmony_ci
7801cb0ef41Sopenharmony_ciincorrect_san_correct_subject-cert.pem: incorrect_san_correct_subject-key.pem
7811cb0ef41Sopenharmony_ci	openssl req -x509 \
7821cb0ef41Sopenharmony_ci	            -key incorrect_san_correct_subject-key.pem \
7831cb0ef41Sopenharmony_ci	            -out incorrect_san_correct_subject-cert.pem \
7841cb0ef41Sopenharmony_ci	            -sha256 \
7851cb0ef41Sopenharmony_ci	            -days 3650 \
7861cb0ef41Sopenharmony_ci	            -subj "/CN=good.example.com" \
7871cb0ef41Sopenharmony_ci	            -addext "subjectAltName = DNS:evil.example.com"
7881cb0ef41Sopenharmony_ci
7891cb0ef41Sopenharmony_ciincorrect_san_correct_subject-key.pem:
7901cb0ef41Sopenharmony_ci	openssl ecparam -name prime256v1 -genkey -noout -out incorrect_san_correct_subject-key.pem
7911cb0ef41Sopenharmony_ci
7921cb0ef41Sopenharmony_ciirrelevant_san_correct_subject-cert.pem: irrelevant_san_correct_subject-key.pem
7931cb0ef41Sopenharmony_ci	openssl req -x509 \
7941cb0ef41Sopenharmony_ci	            -key irrelevant_san_correct_subject-key.pem \
7951cb0ef41Sopenharmony_ci	            -out irrelevant_san_correct_subject-cert.pem \
7961cb0ef41Sopenharmony_ci	            -sha256 \
7971cb0ef41Sopenharmony_ci	            -days 3650 \
7981cb0ef41Sopenharmony_ci	            -subj "/CN=good.example.com" \
7991cb0ef41Sopenharmony_ci	            -addext "subjectAltName = IP:1.2.3.4"
8001cb0ef41Sopenharmony_ci
8011cb0ef41Sopenharmony_ciirrelevant_san_correct_subject-key.pem:
8021cb0ef41Sopenharmony_ci	openssl ecparam -name prime256v1 -genkey -noout -out irrelevant_san_correct_subject-key.pem
8031cb0ef41Sopenharmony_ci
8041cb0ef41Sopenharmony_ciclean:
8051cb0ef41Sopenharmony_ci	rm -f *.pfx *.pem *.srl ca2-database.txt ca2-serial fake-startcom-root-serial *.print *.old fake-startcom-root-issued-certs/*.pem
8061cb0ef41Sopenharmony_ci	@> fake-startcom-root-database.txt
8071cb0ef41Sopenharmony_ci
8081cb0ef41Sopenharmony_citest: agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify agent6-verify agent7-verify agent8-verify agent10-verify ec10-verify
8091cb0ef41Sopenharmony_ci
8101cb0ef41Sopenharmony_ci%-cert.pem.print: %-cert.pem
8111cb0ef41Sopenharmony_ci	openssl x509 -in $< -text -noout > $@
8121cb0ef41Sopenharmony_ci
8131cb0ef41Sopenharmony_ci.PHONY: all clean test agent1-verify agent2-verify agent3-verify agent4-verify agent5-verify agent6-verify agent7-verify agent8-verify agent10-verify ec10-verify
814