unplugged-system/external/cronet/net/data/ssl/scripts/generate-bad-self-signed.sh

#!/bin/bash

# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# This script generates self-signed-invalid-name.pem and
# self-signed-invalid-sig.pem, which are "self-signed" test certificates with
# invalid names/signatures, respectively.
set -e

 rm -rf out
 mkdir out

openssl genrsa -out out/bad-self-signed.key 2048
touch out/bad-self-signed-index.txt

# Create two certificate requests with the same key, but different subjects
SUBJECT_NAME="req_self_signed_a" \
openssl req \
  -new \
  -key out/bad-self-signed.key \
  -out out/ss-a.req \
  -config ee.cnf

SUBJECT_NAME="req_self_signed_b" \
openssl req \
  -new \
  -key out/bad-self-signed.key \
  -out out/ss-b.req \
  -config ee.cnf

# Create a normal self-signed certificate from one of these requests
openssl x509 \
  -req \
  -in out/ss-a.req \
  -out out/bad-self-signed-root-a.pem \
  -signkey out/bad-self-signed.key \
  -days 3650

# To invalidate the signature without changing names, replace two bytes from the
# end of the certificate with 0xdead.
openssl x509 -in out/bad-self-signed-root-a.pem -outform DER \
  | head -c -2 \
  > out/bad-sig.der.1
echo -n -e "\xde\xad" > out/bad-sig.der.2
cat out/bad-sig.der.1 out/bad-sig.der.2 \
  | openssl x509 \
      -inform DER \
      -outform PEM \
      -out out/cert-self-signed-invalid-sig.pem

openssl x509 \
  -text \
  -noout \
  -in out/cert-self-signed-invalid-sig.pem \
  > out/self-signed-invalid-sig.pem
cat out/cert-self-signed-invalid-sig.pem >> out/self-signed-invalid-sig.pem

# Make a "self-signed" certificate with mismatched names
openssl x509 \
  -req \
  -in out/ss-b.req \
  -out out/cert-self-signed-invalid-name.pem \
  -days 3650 \
  -CA out/bad-self-signed-root-a.pem \
  -CAkey out/bad-self-signed.key \
  -CAserial out/bad-self-signed-serial.txt \
  -CAcreateserial

openssl x509 \
  -text \
  -noout \
  -in out/cert-self-signed-invalid-name.pem \
  > out/self-signed-invalid-name.pem
cat out/cert-self-signed-invalid-name.pem >> out/self-signed-invalid-name.pem
Initial commit: AOSP 14 with modifications for Unplugged OS 2025-10-06 13:59:42 +00:00			`#!/bin/bash`

			`# Copyright 2016 The Chromium Authors`
			`# Use of this source code is governed by a BSD-style license that can be`
			`# found in the LICENSE file.`

			`# This script generates self-signed-invalid-name.pem and`
			`# self-signed-invalid-sig.pem, which are "self-signed" test certificates with`
			`# invalid names/signatures, respectively.`
			`set -e`

			`rm -rf out`
			`mkdir out`

			`openssl genrsa -out out/bad-self-signed.key 2048`
			`touch out/bad-self-signed-index.txt`

			`# Create two certificate requests with the same key, but different subjects`
			`SUBJECT_NAME="req_self_signed_a" \`
			`openssl req \`
			`-new \`
			`-key out/bad-self-signed.key \`
			`-out out/ss-a.req \`
			`-config ee.cnf`

			`SUBJECT_NAME="req_self_signed_b" \`
			`openssl req \`
			`-new \`
			`-key out/bad-self-signed.key \`
			`-out out/ss-b.req \`
			`-config ee.cnf`

			`# Create a normal self-signed certificate from one of these requests`
			`openssl x509 \`
			`-req \`
			`-in out/ss-a.req \`
			`-out out/bad-self-signed-root-a.pem \`
			`-signkey out/bad-self-signed.key \`
			`-days 3650`

			`# To invalidate the signature without changing names, replace two bytes from the`
			`# end of the certificate with 0xdead.`
			`openssl x509 -in out/bad-self-signed-root-a.pem -outform DER \`
			`\| head -c -2 \`
			`> out/bad-sig.der.1`
			`echo -n -e "\xde\xad" > out/bad-sig.der.2`
			`cat out/bad-sig.der.1 out/bad-sig.der.2 \`
			`\| openssl x509 \`
			`-inform DER \`
			`-outform PEM \`
			`-out out/cert-self-signed-invalid-sig.pem`

			`openssl x509 \`
			`-text \`
			`-noout \`
			`-in out/cert-self-signed-invalid-sig.pem \`
			`> out/self-signed-invalid-sig.pem`
			`cat out/cert-self-signed-invalid-sig.pem >> out/self-signed-invalid-sig.pem`

			`# Make a "self-signed" certificate with mismatched names`
			`openssl x509 \`
			`-req \`
			`-in out/ss-b.req \`
			`-out out/cert-self-signed-invalid-name.pem \`
			`-days 3650 \`
			`-CA out/bad-self-signed-root-a.pem \`
			`-CAkey out/bad-self-signed.key \`
			`-CAserial out/bad-self-signed-serial.txt \`
			`-CAcreateserial`

			`openssl x509 \`
			`-text \`
			`-noout \`
			`-in out/cert-self-signed-invalid-name.pem \`
			`> out/self-signed-invalid-name.pem`
			`cat out/cert-self-signed-invalid-name.pem >> out/self-signed-invalid-name.pem`