tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

make-nc (8145B)

      1 #!/bin/sh
      2 #
      3 # This Source Code Form is subject to the terms of the Mozilla Public
      4 # License, v. 2.0. If a copy of the MPL was not distributed with this
      5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
      6 
      7 mkdir tmp
      8 cd tmp
      9 dd if=/dev/urandom bs=512 count=1 of=noise
     10 echo "" > pwfile
     11 
     12 certutil -d . -N -f pwfile
     13 
     14 certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 240 -1 -2 -5 <<CERTSCRIPT
     15 5
     16 6
     17 9
     18 n
     19 y
     20 
     21 n
     22 5
     23 6
     24 7
     25 9
     26 n
     27 CERTSCRIPT
     28 
     29 certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 238 -1 -2 -5 --extNC <<CERTSCRIPT
     30 5
     31 6
     32 9
     33 n
     34 y
     35 
     36 n
     37 3
     38 .example
     39 1
     40 n
     41 n
     42 5
     43 6
     44 7
     45 9
     46 n
     47 CERTSCRIPT
     48 
     49 certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 235 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
     50 0
     51 2
     52 3
     53 4
     54 9
     55 n
     56 n
     57 
     58 y
     59 0
     60 1
     61 9
     62 n
     63 CERTSCRIPT
     64 
     65 certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 235 -1 -2 -5 <<CERTSCRIPT
     66 0
     67 2
     68 3
     69 4
     70 9
     71 n
     72 n
     73 
     74 y
     75 0
     76 1
     77 9
     78 n
     79 CERTSCRIPT
     80 
     81 certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 235 -1 -2 -5 -8 test.example <<CERTSCRIPT
     82 0
     83 2
     84 3
     85 4
     86 9
     87 n
     88 n
     89 
     90 y
     91 0
     92 1
     93 9
     94 n
     95 CERTSCRIPT
     96 
     97 certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 240 -1 -2 -5 <<CERTSCRIPT
     98 5
     99 6
    100 9
    101 n
    102 y
    103 
    104 n
    105 5
    106 6
    107 7
    108 9
    109 n
    110 CERTSCRIPT
    111 
    112 certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 235 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
    113 0
    114 2
    115 3
    116 4
    117 9
    118 n
    119 n
    120 
    121 y
    122 0
    123 1
    124 9
    125 n
    126 CERTSCRIPT
    127 
    128 certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 235 -1 -2 -5 <<CERTSCRIPT
    129 0
    130 2
    131 3
    132 4
    133 9
    134 n
    135 n
    136 
    137 y
    138 0
    139 1
    140 9
    141 n
    142 CERTSCRIPT
    143 
    144 
    145 certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 235 -1 -2 -5 -8 test.example <<CERTSCRIPT
    146 0
    147 2
    148 3
    149 4
    150 9
    151 n
    152 n
    153 
    154 y
    155 0
    156 1
    157 9
    158 n
    159 CERTSCRIPT
    160 
    161 certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 238 -1 -2 -5 --extNC <<CERTSCRIPT
    162 5
    163 6
    164 9
    165 n
    166 y
    167 
    168 n
    169 3
    170 foo.example
    171 1
    172 y
    173 5
    174 O=Foo,st=ca,c=us
    175 1
    176 n
    177 n
    178 5
    179 6
    180 7
    181 9
    182 n
    183 CERTSCRIPT
    184 
    185 certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 240 -1 -2 -5 <<CERTSCRIPT
    186 5
    187 6
    188 9
    189 n
    190 y
    191 
    192 n
    193 5
    194 6
    195 7
    196 9
    197 n
    198 CERTSCRIPT
    199 
    200 certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 235 -1 -2 -5 <<CERTSCRIPT
    201 0
    202 2
    203 3
    204 4
    205 9
    206 n
    207 n
    208 
    209 y
    210 0
    211 1
    212 9
    213 n
    214 CERTSCRIPT
    215 
    216 certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 235 -1 -2 -5 <<CERTSCRIPT
    217 0
    218 2
    219 3
    220 4
    221 9
    222 n
    223 n
    224 
    225 y
    226 0
    227 1
    228 9
    229 n
    230 CERTSCRIPT
    231 
    232 certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 235 -1 -2 -5 <<CERTSCRIPT
    233 0
    234 2
    235 3
    236 4
    237 9
    238 n
    239 n
    240 
    241 y
    242 0
    243 1
    244 9
    245 n
    246 CERTSCRIPT
    247 
    248 certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 235 -1 -2 -5 <<CERTSCRIPT
    249 0
    250 2
    251 3
    252 4
    253 9
    254 n
    255 n
    256 
    257 y
    258 0
    259 1
    260 9
    261 n
    262 CERTSCRIPT
    263 
    264 certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 235 -1 -2 -5 -8 foo.example <<CERTSCRIPT
    265 0
    266 2
    267 3
    268 4
    269 9
    270 n
    271 n
    272 
    273 y
    274 0
    275 1
    276 9
    277 n
    278 CERTSCRIPT
    279 
    280 certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Certified pre-owned,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 235 -1 -2 -5 <<CERTSCRIPT
    281 0
    282 2
    283 3
    284 4
    285 9
    286 n
    287 n
    288 
    289 y
    290 0
    291 1
    292 9
    293 n
    294 CERTSCRIPT
    295 
    296 certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 240 -1 -2 -5 <<CERTSCRIPT
    297 5
    298 6
    299 9
    300 n
    301 y
    302 
    303 n
    304 5
    305 6
    306 7
    307 9
    308 n
    309 CERTSCRIPT
    310 
    311 certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 235 -1 -2 -5 <<CERTSCRIPT
    312 0
    313 2
    314 3
    315 4
    316 9
    317 n
    318 n
    319 
    320 y
    321 0
    322 1
    323 9
    324 n
    325 CERTSCRIPT
    326 
    327 certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 235 -1 -2 -5 <<CERTSCRIPT
    328 0
    329 2
    330 3
    331 4
    332 9
    333 n
    334 n
    335 
    336 y
    337 0
    338 1
    339 9
    340 n
    341 CERTSCRIPT
    342 
    343 certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 238 -1 -2 -5 --extNC <<CERTSCRIPT
    344 5
    345 6
    346 9
    347 n
    348 y
    349 
    350 n
    351 3
    352 .example
    353 1
    354 n
    355 n
    356 5
    357 6
    358 7
    359 9
    360 n
    361 CERTSCRIPT
    362 
    363 certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 240 -1 -2 -5 <<CERTSCRIPT
    364 5
    365 6
    366 9
    367 n
    368 y
    369 
    370 n
    371 5
    372 6
    373 7
    374 9
    375 n
    376 CERTSCRIPT
    377 
    378 certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 235 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
    379 0
    380 2
    381 3
    382 4
    383 9
    384 n
    385 n
    386 
    387 y
    388 0
    389 1
    390 9
    391 n
    392 CERTSCRIPT
    393 
    394 certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 235 -1 -2 -5 <<CERTSCRIPT
    395 0
    396 2
    397 3
    398 4
    399 9
    400 n
    401 n
    402 
    403 y
    404 0
    405 1
    406 9
    407 n
    408 CERTSCRIPT
    409 
    410 certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 235 -1 -2 -5 -8 test4.example <<CERTSCRIPT
    411 0
    412 2
    413 3
    414 4
    415 9
    416 n
    417 n
    418 
    419 y
    420 0
    421 1
    422 9
    423 n
    424 CERTSCRIPT
    425 
    426 #DCISS copy certs
    427 certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 240 -1 -2 -5 <<CERTSCRIPT
    428 5
    429 6
    430 9
    431 n
    432 y
    433 
    434 n
    435 5
    436 6
    437 7
    438 9
    439 n
    440 CERTSCRIPT
    441 
    442 #the following cert MUST not pass
    443 certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 240 -1 -2 -5 <<CERTSCRIPT
    444 0
    445 2
    446 3
    447 4
    448 9
    449 n
    450 n
    451 
    452 y
    453 0
    454 1
    455 9
    456 n
    457 CERTSCRIPT
    458 
    459 #the following cert MUST pass
    460 certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 240 -1 -2 -5 <<CERTSCRIPT
    461 0
    462 2
    463 3
    464 4
    465 9
    466 n
    467 n
    468 
    469 y
    470 0
    471 1
    472 9
    473 n
    474 CERTSCRIPT
    475 
    476 
    477 
    478 certutil -d . -L -n ca -r > NameConstraints.ca.cert
    479 certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
    480 certutil -d . -L -n server1 -r > NameConstraints.server1.cert
    481 certutil -d . -L -n server2 -r > NameConstraints.server2.cert
    482 certutil -d . -L -n server3 -r > NameConstraints.server3.cert
    483 certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
    484 certutil -d . -L -n server4 -r > NameConstraints.server4.cert
    485 certutil -d . -L -n server5 -r > NameConstraints.server5.cert
    486 certutil -d . -L -n server6 -r > NameConstraints.server6.cert
    487 certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
    488 certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
    489 certutil -d . -L -n server7 -r > NameConstraints.server7.cert
    490 certutil -d . -L -n server8 -r > NameConstraints.server8.cert
    491 certutil -d . -L -n server9 -r > NameConstraints.server9.cert
    492 certutil -d . -L -n server10 -r > NameConstraints.server10.cert
    493 certutil -d . -L -n server11 -r > NameConstraints.server11.cert
    494 certutil -d . -L -n server11 -r > NameConstraints.server11.cert
    495 certutil -d . -L -n server12 -r > NameConstraints.server12.cert
    496 certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
    497 certutil -d . -L -n server13 -r > NameConstraints.server13.cert
    498 certutil -d . -L -n server14 -r > NameConstraints.server14.cert
    499 certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
    500 certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
    501 certutil -d . -L -n server15 -r > NameConstraints.server15.cert
    502 certutil -d . -L -n server16 -r > NameConstraints.server16.cert
    503 certutil -d . -L -n server17 -r > NameConstraints.server17.cert
    504 certutil -d . -L -n dcisscopy -r >  NameConstraints.dcisscopy.cert
    505 certutil -d . -L -n dcissblocked -r >  NameConstraints.dcissblocked.cert
    506 certutil -d . -L -n dcissallowed -r >  NameConstraints.dcissallowed.cert
    507 
    508 echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"