+notBefore=Dec 31 01:16:36 2012 GMT

+notAfter=Dec 29 01:16:36 2022 GMT

+serial=925D02E030B81D33

+f�D�\/�o�����'r9�#�m������ �[0n�2���'9�� �=^k����S5K��� V�IL�e6�$�:k�O�����H�yd:�S=���tMTl�ZK�̉�F�(��
Q����<����`

+f�) \ No newline at end of file

+#!/bin/bash -

+# Copyright (C) 2012 The Android Open Source Project

+#

+# Licensed under the Apache License, Version 2.0 (the "License");

+# you may not use this file except in compliance with the License.

+# You may obtain a copy of the License at

+#

+# http://www.apache.org/licenses/LICENSE-2.0

+#

+# Unless required by applicable law or agreed to in writing, software

+# distributed under the License is distributed on an "AS IS" BASIS,

+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+# See the License for the specific language governing permissions and

+# limitations under the License.

+

+set -o nounset # Treat unset variables as an error

+set -e

+

+DIR=$(dirname $0)

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch > cert-rsa-req.pem

+openssl req -in cert-rsa-req.pem -pubkey -noout | openssl rsa -pubin -pubout -outform der > cert-rsa-pubkey.der

+openssl x509 -extfile ${DIR}/default.cnf -days 3650 -extensions usr_cert -req -signkey privkey.pem -outform d < cert-rsa-req.pem > cert-rsa.der

+rm -f cert-rsa-req.pem

+

+openssl asn1parse -in cert-rsa.der -inform d -out cert-rsa-tbs.der -noout -strparse 4

+SIG_OFFSET=$(openssl asn1parse -in cert-rsa.der -inform d | tail -1 | cut -f1 -d:)

+openssl asn1parse -in cert-rsa.der -inform d -strparse ${SIG_OFFSET} -noout -out cert-rsa-sig.der

+

+# extract startdate and enddate

+openssl x509 -in cert-rsa.der -inform d -noout -startdate -enddate > cert-rsa-dates.txt

+

+# extract serial

+openssl x509 -in cert-rsa.der -inform d -noout -serial > cert-rsa-serial.txt

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_extraLong_cert -req -signkey privkey.pem -outform d > cert-keyUsage-extraLong.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions extendedKeyUsage_cert -req -signkey privkey.pem -outform d > cert-extendedKeyUsage.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions ca_cert -req -signkey privkey.pem -outform d > cert-ca.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions userWithPathLen_cert -req -signkey privkey.pem -outform d > cert-userWithPathLen.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions caWithPathLen_cert -req -signkey privkey.pem -outform d > cert-caWithPathLen.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_other_cert -req -signkey privkey.pem -outform d > cert-alt-other.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_email_cert -req -signkey privkey.pem -outform d > cert-alt-email.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_dns_cert -req -signkey privkey.pem -outform d > cert-alt-dns.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_dirname_cert -req -signkey privkey.pem -outform d > cert-alt-dirname.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_uri_cert -req -signkey privkey.pem -outform d > cert-alt-uri.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions alt_rid_cert -req -signkey privkey.pem -outform d > cert-alt-rid.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions ipv6_cert -req -signkey privkey.pem -outform d > cert-ipv6.der

+

+openssl req -config ${DIR}/default.cnf -new -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions unsupported_cert -req -signkey privkey.pem -outform d > cert-unsupported.der

+

+openssl dsaparam -out dsaparam.pem 1024

+openssl req -config ${DIR}/default.cnf -newkey dsa:dsaparam.pem -keyout dsapriv.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_cert -req -signkey dsapriv.pem -outform d > cert-dsa.der

+rm -f dsaparam.pem

+

+openssl ecparam -name sect283k1 -out ecparam.pem

+openssl req -config ${DIR}/default.cnf -newkey ec:ecparam.pem -keyout ecpriv.pem -nodes -batch | openssl x509 -extfile ${DIR}/default.cnf -extensions keyUsage_critical_cert -req -signkey ecpriv.pem -outform d > cert-ec.der

+rm -f ecparam.pem

+

+rm -f privkey.pem

+rm -f dsapriv.pem

+rm -f ecpriv.pem

+# This is based on the default OpenSSL configuration file which is

+# licensed with the following license:

+

+# Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.

+#

+# Redistribution and use in source and binary forms, with or without

+# modification, are permitted provided that the following conditions

+# are met:

+#

+# 1. Redistributions of source code must retain the above copyright

+# notice, this list of conditions and the following disclaimer.

+#

+# 2. Redistributions in binary form must reproduce the above copyright

+# notice, this list of conditions and the following disclaimer in

+# the documentation and/or other materials provided with the

+# distribution.

+#

+# 3. All advertising materials mentioning features or use of this

+# software must display the following acknowledgment:

+# "This product includes software developed by the OpenSSL Project

+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

+#

+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

+# endorse or promote products derived from this software without

+# prior written permission. For written permission, please contact

+# openssl-core@openssl.org.

+#

+# 5. Products derived from this software may not be called "OpenSSL"

+# nor may "OpenSSL" appear in their names without prior written

+# permission of the OpenSSL Project.

+#

+# 6. Redistributions of any form whatsoever must retain the following

+# acknowledgment:

+# "This product includes software developed by the OpenSSL Project

+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"

+#

+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR

+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

+# OF THE POSSIBILITY OF SUCH DAMAGE.

+# ====================================================================

+#

+# This product includes cryptographic software written by Eric Young

+# (eay@cryptsoft.com). This product includes software written by Tim

+# Hudson (tjh@cryptsoft.com).

+#

+

+HOME = .

+RANDFILE = $ENV::HOME/.rnd

+

+# Extra OBJECT IDENTIFIER info:

+#oid_file = $ENV::HOME/.oid

+oid_section = new_oids

+

+# To use this configuration file with the "-extfile" option of the

+# "openssl x509" utility, name here the section containing the

+# X.509v3 extensions to use:

+# extensions =

+# (Alternatively, use a configuration file that has only

+# X.509v3 extensions in its main [= default] section.)

+

+[ new_oids ]

+

+# We can add new OIDs in here for use by 'ca' and 'req'.

+# Add a simple OID like this:

+# testoid1=1.2.3.4

+# Or use config file substitution like this:

+# testoid2=${testoid1}.5.6

+

+####################################################################

+[ ca ]

+default_ca = CA_default # The default ca section

+

+####################################################################

+[ CA_default ]

+

+dir = /root/certificates # Where everything is kept

+certs = $dir/certs # Where the issued certs are kept

+crl_dir = $dir/crl # Where the issued crl are kept

+database = $dir/index.txt # database index file.

+new_certs_dir = $dir/newcerts # default place for new certs.

+

+certificate = $dir/cacert.pem # The CA certificate

+serial = $dir/serial # The current serial number

+crl = $dir/crl.pem # The current CRL

+private_key = $dir/private/cakey.pem# The private key

+RANDFILE = $dir/private/.rand # private random number file

+

+x509_extensions = usr_cert # The extentions to add to the cert

+

+# Comment out the following two lines for the "traditional"

+# (and highly broken) format.

+name_opt = ca_default # Subject Name options

+cert_opt = ca_default # Certificate field options

+

+# Extension copying option: use with caution.

+# copy_extensions = copy

+

+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs

+# so this is commented out by default to leave a V1 CRL.

+# crl_extensions = crl_ext

+

+default_days = 365 # how long to certify for

+default_crl_days= 30 # how long before next CRL

+default_md = md5 # which md to use.

+preserve = no # keep passed DN ordering

+

+policy = policy_anything

+

+[ policy_match ]

+countryName = match

+stateOrProvinceName = match

+organizationName = match

+organizationalUnitName = optional

+commonName = supplied

+emailAddress = optional

+

+[ policy_anything ]

+countryName = optional

+stateOrProvinceName = optional

+localityName = optional

+organizationName = optional

+organizationalUnitName = optional

+commonName = supplied

+emailAddress = optional

+

+####################################################################

+[ req ]

+default_bits = 1024

+default_keyfile = privkey.pem

+distinguished_name = req_distinguished_name

+attributes = req_attributes

+x509_extensions = v3_ca # The extentions to add to the self signed cert

+string_mask = nombstr

+req_extensions = v3_req # The extensions to add to a certificate request

+

+[ req_distinguished_name ]

+countryName = Country Name (2 letter code)

+countryName_default = US

+countryName_min = 2

+countryName_max = 2

+

+stateOrProvinceName = State or Province Name (full name)

+stateOrProvinceName_default = California

+

+localityName = Locality Name (eg, city)

+localityName_default = San Mateo

+

+0.organizationName = Organization Name (eg, company)

+0.organizationName_default = Genius.com Inc

+

+organizationalUnitName = Organizational Unit Name (eg, section)

+organizationalUnitName_default = NetOps

+

+commonName = Common Name (eg, your name or your server\'s hostname)

+commonName_max = 64

+

+emailAddress = Email Address

+emailAddress_max = 64

+

+[ req_attributes ]

+challengePassword = A challenge password

+challengePassword_min = 4

+challengePassword_max = 20

+unstructuredName = An optional company name

+

+[ unsupported_cert ]

+# Just a made-up OID

+1.2.3.4.99999.1.2.3.4 = critical,ASN1:FORMAT:BITLIST,BITSTRING:0,1,2

+

+[ keyUsage_critical_cert ]

+basicConstraints=CA:FALSE

+keyUsage = critical, decipherOnly, keyAgreement

+

+[ keyUsage_extraLong_cert ]

+keyUsage=ASN1:FORMAT:BITLIST,BITSTRING:0,1,2,3,4,5,6,7,8,9,10

+

+[ keyUsage_cert ]

+basicConstraints=CA:FALSE

+keyUsage = encipherOnly, keyEncipherment, dataEncipherment, keyCertSign, cRLSign, cRLSign, keyEncipherment, dataEncipherment, keyCertSign, cRLSign

+

+[ extendedKeyUsage_cert ]

+extendedKeyUsage=1.2.3.4

+

+[ userWithPathLen_cert ]

+basicConstraints=CA:false,pathlen:10

+

+[ ca_cert ]

+basicConstraints=CA:true

+

+[ caWithPathLen_cert ]

+basicConstraints=CA:true,pathlen:10

+

+[ invalid_ip_cert ]

+subjectAltName = ASN1:SEQUENCE:invalid_ip_SEQ

+issuerAltName = ASN1:SEQUENCE:invalid_ip_SEQ

+

+[ invalid_ip_SEQ ]

+IP.1 = IMPLICIT:7,FORMAT:HEX,OCTETSTRING:0A

+

+[ ipv6_cert ]

+subjectAltName = ASN1:SEQUENCE:ipv6_SEQ

+issuerAltName = ASN1:SEQUENCE:ipv6_SEQ

+

+[ ipv6_SEQ ]

+IP.1 = IMPLICIT:7,FORMAT:HEX,OCTETSTRING:20010DB8000000000000FF0000428329

+

+[ usr_cert ]

+basicConstraints=CA:FALSE

+keyUsage = nonRepudiation, digitalSignature, keyEncipherment

+subjectKeyIdentifier=hash

+authorityKeyIdentifier=keyid,issuer:always

+nsComment = "X.509 Unit Test"

+

+subjectAltName = @alt_names

+issuerAltName = @alt_names

+#subjectAltName = ASN1:SEQUENCE:raw_alt_names

+

+[ alt_names ]

+otherName.0 = 1.2.3.4;UTF8:test1

+email.0 = x509@example.com

+DNS.0 = x509.example.com

+dirName.0 = dir_example

+URI.0 = http://www.example.com/?q=awesomeness

+IP.0 = 192.168.0.1

+RID.0 = 1.2.3.4

+

+[ alt_other_cert ]

+subjectAltName = otherName:1.2.3.4;UTF8:test1

+

+[ alt_email_cert ]

+subjectAltName = email:x509@example.com

+

+[ alt_dns_cert ]

+subjectAltName = DNS:x509.example.com

+

+[ alt_dirname_cert ]

+subjectAltName = dirName:dir_example

+

+[ alt_uri_cert ]

+subjectAltName = URI:http://www.example.com/?q=awesomeness

+

+[ alt_rid_cert ]

+subjectAltName = RID:1.2.3.4

+

+[ raw_alt_names ]

+ediPartyName = IMPLICIT:5,SEQUENCE:ediPartyName_SEQ

+x400 = IMPLICIT:3,SEQUENCE:x400_SEQ

+

+[ x400_SEQ ]

+BuiltInStandardAttributes = SEQUENCE:x400_BuiltInStandardAddtributes_SEQ

+

+[ x400_BuiltInStandardAddtributes_SEQ ]

+PersonalName=IMPLICIT:5,SET:x400_PersonalName_SET

+

+[ x400_PersonalName_SET ]

+Surname=IMPLICIT:0,PRINTABLESTRING:Root

+GivenName=IMPLICIT:1,PRINTABLESTRING:Kenny

+

+[ ediPartyName_SEQ ]

+partyName = IMPLICIT:1,PRINTABLESTRING:Joe

+

+[ dir_example ]

+C=US

+O=Awesome Dudes

+OU=Über Frîends

+CN=example X.509

+CN=∆ƒ

+

+[ v3_req ]

+basicConstraints = CA:FALSE

+keyUsage = nonRepudiation, digitalSignature, keyEncipherment

+subjectAltName = @alt_names

+issuerAltName = @alt_names

+basicConstraints=CA:FALSE

+nsComment = "X.509 Unit Test"

+

+[ v3_ca ]

+subjectKeyIdentifier=hash

+authorityKeyIdentifier=keyid:always,issuer:always

+basicConstraints = CA:true

+

+[ crl_ext ]

+authorityKeyIdentifier=keyid:always,issuer:always