kris
/
boringssl
1
0
Çatalla 0
Kod Konular 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
5667 İşleme
12 Dallar
38 MiB
 
 
 
 
 
 
Ağaç: 9978f0a865
Dallar Biçim İmleri
${ item.name }
${ searchTerm } dalı oluştur
'9978f0a865'den
${ noResults }
boringssl/crypto/x509/make_many_constraints.go

179 satır
6.0 KiB
Ham Suçlama Geçmiş 

  1. /* Copyright (c) 2017, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. // make_many_constraints.go generates test certificates many_constraints.pem,

  16. // many_names*.pem, and some_names*.pem for x509_test.cc

  17. package main

  18. 

  19. import (

  20. 	"crypto/rand"

  21. 	"crypto/rsa"

  22. 	"crypto/x509"

  23. 	"crypto/x509/pkix"

  24. 	"encoding/asn1"

  25. 	"encoding/pem"

  26. 	"fmt"

  27. 	"math/big"

  28. 	"os"

  29. 	"time"

  30. )

  31. 

  32. const privateKeyPEM = `-----BEGIN PRIVATE KEY-----

  33. MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC6C9qEGRIBQXV8

  34. Lj29vVu+U+tyXzSSinWIumK5ijPhCm3DLnv4RayxkFwemtnkGRZ/o94ZnsXkBfU/

  35. IlsYdkuq8wK9WI/ql3gwWjH+KARIhIQcSLGiJcLN6kGuG2nlRBKMcPgPiEq2B0yB

  36. XFf4tG3CBbeae7+8G7uvOmv8NLyKj32neWpnUCTL5o2VwyPoxjLxT5gUR69v9XSV

  37. Fj2irCZbsEedeKSb++LqyMhLfnRTzNv+ZHNh4izZHrktR25MvnT5QyBq32hx7AjZ

  38. 2/xo70OmH7w10a2DwsVjJNMdxTEmgyvU9M6CeYRPX1Ykfg+sXCTtkTVAlBDUviIq

  39. Y95CKy25AgMBAAECggEAHPvvxRiqx2tNRFVn5QF1I4erbJwMcrADc5OmAcXYIz0e

  40. sIOzaJBiQR9+Wn5BZ9nIuYXr+g3UQpvzAyz1CDCVxUIqsRj1AtUqMk4675+IW0vZ

  41. 0RY6Jkq/uJjANsGqk78xLJQE8VaIXSdx8c1THznsx4dgfT6+Ni4T5U6yuA33OZaw

  42. 4NdYZYtEkqNiqK6VYe4mAxxVh5qscihVVMGkBVqJNiiEotctm1lph8ow+7o8ggXO

  43. W9xm+RHHPcH7Epx7hjkb/helANcYOK950W5/R+2zWV9R6kxo6R+/hfGFFmCvl4k5

  44. +i8Y0IlEv3fze1E0Lwyf379i3C/cKcuaE5gwR54BAQKBgQDxlsNy9M37HgguglHt

  45. 8W+cuPNtxNjFCWIjNR9dSvdr1Oi28Z1AY+BBPSv6UBKnT5PpOFjqxfMY/j/zoKdI

  46. aYX1phgeQHXcHrB1pS8yoaF/pTJSN2Yb8v9kl/Ch1yeYXaNVGmeBLkH9H6wIcUxD

  47. Mas1i8VUzshzhcluCNGoJj9wUQKBgQDFJOoWncssfWCrsuDWEoeU71Zh3+bD96GF

  48. s29CdIbHpcbxhWYjA9RM8yxbGPopexzoGcV1HX6j8E1s0xfYZJV23rxoM9Zj9l5D

  49. mZAJQPxYXIdu3h4PslhZLd3p+DEHjbsLC/avk3M4iZim1FMPBJMswKSL23ysqXoY

  50. /ynor+W06QKBgHYeu6M6NHgCYAe1ai+Hq4WaHFNgOohkJRqHv7USkVSkvb+s9LDl

  51. 5GChcx4pBmXNj8ko5rirXkerEEOjGgdaqMfJlOM9qyKb0rVCtYfw5RCPCcKPGZqy

  52. vdJGQ74tf0uNBO34QgE0R8lmMevS0XHNGCPPGgV0MSfikvD82N15De1xAoGAbsZM

  53. RsMJfAlDPZc4oPEuf/BwMHTYPTsy5map2MSTSzGKdQHJH1myfD6TqOiDALXtyzlX

  54. 63PUShfn2YNPvcbe+Tk00rR1/htcYk2yUpDSenAbpZ9ncth6rjmInURZgG4SMKXb

  55. SlLnBljCjtN1jFW8wQPKMc/14SslsVAHY3ka8KkCgYB58QNT1YfH3jS62+mT2pXq

  56. qLjLqvsD742VYnFoHR+HBOnN8ry0dda4lgwM106L5FgSg9DOZvASZ+QGFk+QVQv+

  57. c77ASWpuhmBmamZCrwZXrq9Xc92RDPkKFqnP9MVv06hYKNp0moSdM8dIaM6uSows

  58. /r/aDs4oudubz26o5GDKmA==

  59. -----END PRIVATE KEY-----`

  60. 

  61. var privateKey *rsa.PrivateKey

  62. 

  63. func init() {

  64. 	in := []byte(privateKeyPEM)

  65. 	keyBlock, in := pem.Decode(in)

  66. 	if keyBlock == nil || keyBlock.Type != "PRIVATE KEY" {

  67. 		panic("could not decode private key")

  68. 	}

  69. 	key, err := x509.ParsePKCS8PrivateKey(keyBlock.Bytes)

  70. 	if err != nil {

  71. 		panic(err)

  72. 	}

  73. 	privateKey = key.(*rsa.PrivateKey)

  74. }

  75. 

  76. func randOrDie(out []byte) {

  77. 	if _, err := rand.Reader.Read(out); err != nil {

  78. 		panic(err)

  79. 	}

  80. }

  81. 

  82. func writePEM(path string, in []byte) {

  83. 	file, err := os.Create(path)

  84. 	if err != nil {

  85. 		panic(err)

  86. 	}

  87. 	defer file.Close()

  88. 	err = pem.Encode(file, &pem.Block{Type: "CERTIFICATE", Bytes: in})

  89. 	if err != nil {

  90. 		panic(err)

  91. 	}

  92. }

  93. 

  94. func main() {

  95. 	notBefore, err := time.Parse(time.RFC3339, "2000-01-01T00:00:00Z")

  96. 	if err != nil {

  97. 		panic(err)

  98. 	}

  99. 	notAfter, err := time.Parse(time.RFC3339, "2100-01-01T00:00:00Z")

  100. 	if err != nil {

  101. 		panic(err)

  102. 	}

  103. 

  104. 	caTemplate := x509.Certificate{

  105. 		SerialNumber:          new(big.Int).SetInt64(1),

  106. 		Subject:               pkix.Name{CommonName: "CA"},

  107. 		NotBefore:             notBefore,

  108. 		NotAfter:              notAfter,

  109. 		BasicConstraintsValid: true,

  110. 		IsCA:               true,

  111. 		ExtKeyUsage:        []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},

  112. 		KeyUsage:           x509.KeyUsageCertSign,

  113. 		SignatureAlgorithm: x509.SHA256WithRSA,

  114. 	}

  115. 	for i := 0; i < 513; i++ {

  116. 		caTemplate.ExcludedDNSDomains = append(caTemplate.ExcludedDNSDomains, fmt.Sprintf("x%d.test", i))

  117. 	}

  118. 	for i := 0; i < 513; i++ {

  119. 		caTemplate.PermittedDNSDomains = append(caTemplate.PermittedDNSDomains, fmt.Sprintf("t%d.test", i))

  120. 	}

  121. 	caTemplate.PermittedDNSDomains = append(caTemplate.PermittedDNSDomains, ".test")

  122. 	caBytes, err := x509.CreateCertificate(rand.Reader, &caTemplate, &caTemplate, &privateKey.PublicKey, privateKey)

  123. 	if err != nil {

  124. 		panic(err)

  125. 	}

  126. 	writePEM("many_constraints.pem", caBytes)

  127. 

  128. 	ca, err := x509.ParseCertificate(caBytes)

  129. 	if err != nil {

  130. 		panic(err)

  131. 	}

  132. 

  133. 	leaves := []struct {

  134. 		path   string

  135. 		names  int

  136. 		emails int

  137. 	}{

  138. 		{"many_names1.pem", 513, 513},

  139. 		{"many_names2.pem", 1025, 0},

  140. 		{"many_names3.pem", 0, 1025},

  141. 		{"some_names1.pem", 256, 256},

  142. 		{"some_names2.pem", 513, 0},

  143. 		{"some_names3.pem", 0, 513},

  144. 	}

  145. 	for i, leaf := range leaves {

  146. 		leafTemplate := x509.Certificate{

  147. 			SerialNumber:          new(big.Int).SetInt64(int64(i + 2)),

  148. 			Subject:               pkix.Name{CommonName: "t0.test"},

  149. 			NotBefore:             notBefore,

  150. 			NotAfter:              notAfter,

  151. 			BasicConstraintsValid: true,

  152. 			IsCA:               false,

  153. 			ExtKeyUsage:        []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},

  154. 			KeyUsage:           x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,

  155. 			SignatureAlgorithm: x509.SHA256WithRSA,

  156. 		}

  157. 		for i := 0; i < leaf.names; i++ {

  158. 			leafTemplate.DNSNames = append(leafTemplate.DNSNames, fmt.Sprintf("t%d.test", i))

  159. 		}

  160. 		for i := 0; i < leaf.emails; i++ {

  161. 			leafTemplate.Subject.ExtraNames = append(leafTemplate.Subject.ExtraNames, pkix.AttributeTypeAndValue{

  162. 				Type: []int{1, 2, 840, 113549, 1, 9, 1},

  163. 				Value: asn1.RawValue{

  164. 					Class:      asn1.ClassUniversal,

  165. 					Tag:        asn1.TagIA5String,

  166. 					IsCompound: false,

  167. 					Bytes:      []byte(fmt.Sprintf("t%d@test", i)),

  168. 				},

  169. 			})

  170. 		}

  171. 		leafBytes, err := x509.CreateCertificate(rand.Reader, &leafTemplate, ca, &privateKey.PublicKey, privateKey)

  172. 		if err != nil {

  173. 			panic(err)

  174. 		}

  175. 

  176. 		writePEM(leaf.path, leafBytes)

  177. 	}

  178. }