mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-08 05:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
bca106d35e
flatcar-scripts/mod_for_test_scripts/710enableAuthTesting
Chris Masone 626ced822c Fake authserver SSL certs now valid for 21 days, instead of 2 
BUG=5130
TEST=create a test image, boot it on a device, and run "sudo nsscertutil -d "sql:/etc/fake_root_ca/nssdb" -L -n FakeCert | less".  Look at the section of the output marked "Validity:" and make sure the Not Before and Not After sections indicate dates that are 3 weeks apart

Change-Id: I67cf7e71027147f83c1bc916557bc06ef66fa0e0

Review URL: http://codereview.chromium.org/3075025
2010-08-09 14:41:17 -07:00

61 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
echo "Adding mock Google Accounts server certs."
case "${ARCH}" in
arm*)
QEMU="/tmp/qemu-arm"
cp "/usr/bin/qemu-arm" "${ROOT_FS_DIR}/${QEMU}"
;;
*86)
QEMU=""
;;
*)
error "Invalid ARCH: ${ARCH}"
exit 1
esac
CERT_NAME="mock_server"
FAKE_CA_DIR="/etc/fake_root_ca"
FAKE_NSSDB="${FAKE_CA_DIR}/nssdb"
TMP_KEY=$(mktemp -p /tmp "${CERT_NAME}.key.XXXXX")
TMP_CERT=$(mktemp -p /tmp "${CERT_NAME}.pem.XXXXX")
mv -f "${TMP_KEY}" "${ROOT_FS_DIR}/${TMP_KEY}"
mv -f "${TMP_CERT}" "${ROOT_FS_DIR}/${TMP_CERT}"
# Generate testing root cert on the fly.
sudo chroot "${ROOT_FS_DIR}" ${QEMU} /usr/bin/openssl req -x509 -days 21 \
-subj "/CN=www.google.com" \
-newkey rsa:1024 -nodes -keyout "${TMP_KEY}" -out "${TMP_CERT}"
mkdir -m 0755 -p "${ROOT_FS_DIR}/${FAKE_NSSDB}"
sudo chroot "${ROOT_FS_DIR}" ${QEMU} \
/usr/local/bin/nsscertutil -d sql:"${FAKE_NSSDB}" -N -f <(echo "")
cp "${ROOT_FS_DIR}/${TMP_KEY}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.key"
cp "${ROOT_FS_DIR}/${TMP_CERT}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.pem"
echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${ROOT_FS_DIR}/${FAKE_CA_DIR}/README"
sudo chroot "${ROOT_FS_DIR}" ${QEMU} \
/usr/local/bin/nsscertutil -d sql:"${FAKE_NSSDB}" -A \
-n FakeCert -t "C,," -a -i "${FAKE_CA_DIR}/${CERT_NAME}.pem"
chmod 0644 "${ROOT_FS_DIR}/${FAKE_NSSDB}"/*
# TODO(cmasone): get rid of this once we're off pam_google for good.
# Sadly, our fake cert HAS to be first in this file.
TMPFILE=$(mktemp)
CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem"
PERMS=$(stat --printf="%a" "${CERT_FILE}")
cat "${ROOT_FS_DIR}/${TMP_CERT}" "${CERT_FILE}" > "${TMPFILE}"
mv -f "${TMPFILE}" "${CERT_FILE}"
chmod "${PERMS}" "${CERT_FILE}"
if [ -n "${QEMU}" ] ; then
rm "${ROOT_FS_DIR}/${QEMU}"
fi
rm "${ROOT_FS_DIR}/${TMP_KEY}"
rm "${ROOT_FS_DIR}/${TMP_CERT}"
Reference in New Issue View Git Blame Copy Permalink