test template handling
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19899 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -178,6 +178,15 @@ ${hxtool} issue-certificate \
|
||||
--subject="cn=ca2-cert" \
|
||||
--certificate="FILE:cert-ca.pem" || exit 1
|
||||
|
||||
echo "issue sub-ca cert (generate rsa key)"
|
||||
${hxtool} issue-certificate \
|
||||
--ca-certificate=FILE:cert-ca.pem \
|
||||
--issue-ca \
|
||||
--serial-number="deadbeaf22" \
|
||||
--generate-key=rsa \
|
||||
--subject="cn=sub-ca2-cert" \
|
||||
--certificate="FILE:cert-sub-ca.pem" || exit 1
|
||||
|
||||
echo "issue ee cert (generate rsa key)"
|
||||
${hxtool} issue-certificate \
|
||||
--ca-certificate=FILE:cert-ca.pem \
|
||||
@@ -185,11 +194,24 @@ ${hxtool} issue-certificate \
|
||||
--subject="cn=cert-ee2" \
|
||||
--certificate="FILE:cert-ee.pem" || exit 1
|
||||
|
||||
echo "verify certificate"
|
||||
echo "issue sub-ca ee cert (generate rsa key)"
|
||||
${hxtool} issue-certificate \
|
||||
--ca-certificate=FILE:cert-ca.pem \
|
||||
--generate-key=rsa \
|
||||
--subject="cn=cert-sub-ee2" \
|
||||
--certificate="FILE:cert-sub-ee.pem" || exit 1
|
||||
|
||||
echo "verify certificate (ee)"
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:cert-ee.pem \
|
||||
anchor:FILE:cert-ca.pem > /dev/null || exit 1
|
||||
|
||||
echo "verify certificate (sub-ee)"
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:cert-sub-ee.pem \
|
||||
chain:FILE:cert-sub-ca.pem \
|
||||
anchor:FILE:cert-ca.pem > /dev/null || exit 1
|
||||
|
||||
echo "sign CMS signature (generate key)"
|
||||
${hxtool} cms-create-sd \
|
||||
--certificate=FILE:cert-ee.pem \
|
||||
@@ -218,4 +240,34 @@ ${hxtool} verify --missing-revoke \
|
||||
cert:FILE:cert-ee.pem \
|
||||
anchor:FILE:cert-ca.pem > /dev/null || exit 1
|
||||
|
||||
echo "extend ca cert (template)"
|
||||
${hxtool} issue-certificate \
|
||||
--self-signed \
|
||||
--issue-ca \
|
||||
--lifetime="3years" \
|
||||
--template-certificate="FILE:cert-ca.pem" \
|
||||
--template-fields="serialNumber,notBefore,subject" \
|
||||
--ca-private-key=FILE:cert-ca.pem \
|
||||
--certificate="FILE:cert-ca.pem" || exit 1
|
||||
|
||||
echo "verify certificate generated by previous ca"
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:cert-ee.pem \
|
||||
anchor:FILE:cert-ca.pem > /dev/null || exit 1
|
||||
|
||||
echo "extend sub-ca cert (template)"
|
||||
${hxtool} issue-certificate \
|
||||
--ca-certificate=FILE:cert-ca.pem \
|
||||
--issue-ca \
|
||||
--lifetime="2years" \
|
||||
--template-certificate="FILE:cert-sub-ca.pem" \
|
||||
--template-fields="serialNumber,notBefore,subject,SPKI" \
|
||||
--certificate="FILE:cert-sub-ca2.pem" || exit 1
|
||||
|
||||
echo "verify certificate (sub-ee) with extended chain"
|
||||
${hxtool} verify --missing-revoke \
|
||||
cert:FILE:cert-sub-ee.pem \
|
||||
chain:FILE:cert-sub-ca.pem \
|
||||
anchor:FILE:cert-ca.pem > /dev/null || exit 1
|
||||
|
||||
exit 0
|
||||
|
Reference in New Issue
Block a user