• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1REM Copyright 2013 The Chromium Authors. All rights reserved.
2REM Use of this source code is governed by a BSD-style license that can be
3REM found in the LICENSE file.
4
5del /q certificates\*
6
7REM Create a Cert Authority.
8makecert -r -pe -n "CN=CertAuthority" -ss CA -sr CurrentUser ^
9         -a sha256 -cy authority -sky signature ^
10         -sv certificates\AuthorityCert.pvk certificates\AuthorityCert.cer
11
12REM Create a second Cert Authority (used to test cert pinning).
13makecert -r -pe -n "CN=OtherCertAuthority" -ss CA -sr CurrentUser ^
14         -a sha256 -cy authority -sky signature ^
15         -sv certificates\OtherAuthorityCert.pvk ^
16         	 certificates\OtherAuthorityCert.cer
17
18REM Create a self-signed cert.
19makecert -r -pe -n "CN=SelfSigned" -ss CA -sr CurrentUser ^
20         -a sha256 -cy authority -sky signature ^
21         -sv certificates\SelfSigned.pvk certificates\SelfSigned.cer
22
23pvk2pfx -pvk certificates\SelfSigned.pvk -spc certificates\SelfSigned.cer ^
24    -pfx certificates\SelfSigned.pfx
25
26signtool sign /v /f certificates\SelfSigned.pfx dlls\self_signed.dll
27
28REM Create a signing cert from our first CA, with proper company name.
29makecert -pe -n "CN=Google Inc, OU=Chrome Testers" -a sha256 -cy end ^
30         -sky signature ^
31         -ic certificates\AuthorityCert.cer -iv certificates\AuthorityCert.pvk ^
32         -sv certificates\ValidCert.pvk certificates\ValidCert.cer
33
34pvk2pfx -pvk certificates\ValidCert.pvk -spc certificates\ValidCert.cer ^
35    -pfx certificates\ValidCert.pfx
36
37signtool sign /v /f certificates\ValidCert.pfx dlls\valid_sig.dll
38
39REM Create a signing cert from our first CA, with wrong company name.
40makecert -pe -n "CN=NotGoogle Inc, OU=Chrome Testers" -a sha256 -cy end ^
41         -sky signature ^
42         -ic certificates\AuthorityCert.cer -iv certificates\AuthorityCert.pvk ^
43         -sv certificates\NotGoogleCert.pvk certificates\NotGoogleCert.cer
44
45pvk2pfx -pvk certificates\NotGoogleCert.pvk ^
46		-spc certificates\NotGoogleCert.cer  -pfx certificates\NotGoogleCert.pfx
47
48signtool sign /v /f certificates\NotGoogleCert.pfx dlls\not_google.dll
49
50REM Create a signing cert from the other CA.
51makecert -pe -n "CN=Google Inc, OU=Other Chrome Testers" -a sha256 -cy end ^
52         -sky signature ^
53         -ic certificates\OtherAuthorityCert.cer ^
54         -iv certificates\OtherAuthorityCert.pvk ^
55         -sv certificates\DifferentHash.pvk certificates\DifferentHash.cer
56
57pvk2pfx -pvk certificates\DifferentHash.pvk ^
58    -spc certificates\DifferentHash.cer -pfx certificates\DifferentHash.pfx
59
60signtool sign /v /f certificates\DifferentHash.pfx dlls\different_hash.dll
61
62REM Create an expired signing cert from our first CA.
63makecert -pe -n "CN=Google Inc, OU=Chrome Testers" -a sha256 -cy end ^
64         -sky signature ^
65         -ic certificates\AuthorityCert.cer -iv certificates\AuthorityCert.pvk ^
66         -e 12/31/2012 ^
67         -sv certificates\ExpiredCert.pvk certificates\ExpiredCert.cer
68
69pvk2pfx -pvk certificates\ExpiredCert.pvk -spc certificates\ExpiredCert.cer ^
70    -pfx certificates\ExpiredCert.pfx
71
72signtool sign /v /f certificates\ExpiredCert.pfx dlls\expired.dll
73
74del /q certificates\*.pvk
75del /q certificates\*.pfx
76