tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

certsetup.sh (2235B)

      1 # Generate input to certutil
      2 certscript() {
      3  ca=n
      4  while [ $# -gt 0 ]; do
      5    case $1 in
      6      sign) echo 0 ;;
      7      kex) echo 2 ;;
      8      ca) echo 5;echo 6;ca=y ;;
      9    esac; shift
     10  done;
     11  echo 9
     12  echo n
     13  echo $ca
     14  echo
     15  echo n
     16 }
     17 
     18 # $1: name
     19 # $2: type
     20 # $3+: usages: sign or kex
     21 make_cert() {
     22  name=$1
     23  type=$2
     24 
     25  # defaults
     26  type_args=()
     27  trust=',,'
     28  sign=(-x)
     29  sighash=(-Z SHA256)
     30 
     31  case $type in
     32    dsa) type_args=(-g 1024) ;;
     33    rsa) type_args=(-g 1024) ;;
     34    rsa2048) type_args=(-g 2048);type=rsa ;;
     35    rsa8192) type_args=(-g 8192);type=rsa ;;
     36    rsapss) type_args=(-g 1024 --pss);type=rsa ;;
     37    rsapss384) type_args=(-g 1024 --pss);type=rsa;sighash=(-Z SHA384) ;;
     38    rsapss512) type_args=(-g 2048 --pss);type=rsa;sighash=(-Z SHA512) ;;
     39    rsapss_noparam) type_args=(-g 2048 --pss);type=rsa;sighash=() ;;
     40    p256) type_args=(-q nistp256);type=ec ;;
     41    p384) type_args=(-q secp384r1);type=ec ;;
     42    p521) type_args=(-q secp521r1);type=ec ;;
     43    rsa_ca) type_args=(-g 1024);trust='CT,CT,CT';type=rsa ;;
     44    rsa_chain) type_args=(-g 1024);sign=(-c rsa_ca);type=rsa;;
     45    rsapss_ca) type_args=(-g 1024 --pss);trust='CT,CT,CT';type=rsa ;;
     46    rsapss_chain) type_args=(-g 1024);sign=(-c rsa_pss_ca);type=rsa;;
     47    rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;;
     48    ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;;
     49    delegator_p256)
     50        touch empty.txt
     51        type_args=(-q nistp256 --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
     52        type=ec
     53        ;;
     54    delegator_rsae2048)
     55        touch empty.txt
     56        type_args=(-g 2048 --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
     57        type=rsa
     58        ;;
     59    delegator_rsa_pss2048)
     60        touch empty.txt
     61        type_args=(-g 2048 --pss --extGeneric 1.3.6.1.4.1.44363.44:not-critical:empty.txt)
     62        type=rsa
     63        ;;
     64  esac
     65  msg="create certificate: $@"
     66  shift 2
     67  counter=$(($counter + 1))
     68  cmd=(${BINDIR}/certutil -S \
     69    -z "$R_NOISE_FILE" -d "$PROFILEDIR" \
     70    -n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \
     71    -w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2)
     72  echo "${cmd[@]}"
     73  certscript $@ | "${cmd[@]}"
     74  html_msg $? 0 "$msg"
     75 }