Decoralate AAGUID and certificates
This commit is contained in:
Jean-Michel Picod
@@ -35,6 +35,7 @@ enum-iterator = "0.6.0"
|
|||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
openssl = "0.10"
|
openssl = "0.10"
|
||||||
|
uuid = { version = "0.8", features = ["v4"] }
|
||||||
|
|
||||||
[profile.dev]
|
[profile.dev]
|
||||||
panic = "abort"
|
panic = "abort"
|
||||||
|
|||||||
11
build.rs
11
build.rs
@@ -21,8 +21,10 @@ use openssl::pkey::PKey;
|
|||||||
use openssl::x509;
|
use openssl::x509;
|
||||||
use std::env;
|
use std::env;
|
||||||
use std::fs::File;
|
use std::fs::File;
|
||||||
|
use std::io::Read;
|
||||||
use std::io::Write;
|
use std::io::Write;
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
use uuid::Uuid;
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
println!("cargo:rerun-if-changed=crypto_data/opensk.key");
|
println!("cargo:rerun-if-changed=crypto_data/opensk.key");
|
||||||
@@ -84,7 +86,10 @@ fn main() {
|
|||||||
cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap();
|
cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap();
|
||||||
|
|
||||||
let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap();
|
let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap();
|
||||||
let mut serial = cert.serial_number().to_bn().unwrap().to_vec();
|
let mut aaguid_txt_file = File::open("crypto_data/aaguid.txt").unwrap();
|
||||||
serial.resize(16, 0);
|
let mut content = String::new();
|
||||||
aaguid_bin_file.write_all(&serial).unwrap();
|
aaguid_txt_file.read_to_string(&mut content).unwrap();
|
||||||
|
content.truncate(36);
|
||||||
|
let aaguid = Uuid::parse_str(&content).unwrap();
|
||||||
|
aaguid_bin_file.write_all(aaguid.as_bytes()).unwrap();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -14,6 +14,9 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
generate_crypto_materials () {
|
generate_crypto_materials () {
|
||||||
|
# OpenSK AAGUID
|
||||||
|
local aaguid_file=crypto_data/aaguid.txt
|
||||||
|
|
||||||
# Root CA key pair and certificate
|
# Root CA key pair and certificate
|
||||||
local ca_priv_key=crypto_data/opensk_ca.key
|
local ca_priv_key=crypto_data/opensk_ca.key
|
||||||
local ca_cert_name=crypto_data/opensk_ca
|
local ca_cert_name=crypto_data/opensk_ca
|
||||||
@@ -49,7 +52,7 @@ generate_crypto_materials () {
|
|||||||
-new \
|
-new \
|
||||||
-key "${ca_priv_key}" \
|
-key "${ca_priv_key}" \
|
||||||
-out "${ca_cert_name}.csr" \
|
-out "${ca_cert_name}.csr" \
|
||||||
-subj "/CN=Google OpenSK CA"
|
-subj "/CN=OpenSK CA"
|
||||||
"${openssl}" x509 \
|
"${openssl}" x509 \
|
||||||
-trustout \
|
-trustout \
|
||||||
-req \
|
-req \
|
||||||
@@ -72,7 +75,7 @@ generate_crypto_materials () {
|
|||||||
-new \
|
-new \
|
||||||
-key "${opensk_key}" \
|
-key "${opensk_key}" \
|
||||||
-out "${opensk_cert_name}.csr" \
|
-out "${opensk_cert_name}.csr" \
|
||||||
-subj "/CN=Google OpenSK Hacker Edition"
|
-subj "/CN=OpenSK Hacker Edition"
|
||||||
"${openssl}" x509 \
|
"${openssl}" x509 \
|
||||||
-req \
|
-req \
|
||||||
-days 3652 \
|
-days 3652 \
|
||||||
@@ -84,6 +87,11 @@ generate_crypto_materials () {
|
|||||||
-out "${opensk_cert_name}.pem" \
|
-out "${opensk_cert_name}.pem" \
|
||||||
-sha256
|
-sha256
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "${force_generate}" = "Y" -o ! -f "${aaguid_file}" ]
|
||||||
|
then
|
||||||
|
uuidgen > "${aaguid_file}"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
generate_crypto_materials "$1"
|
generate_crypto_materials "$1"
|
||||||
|
|||||||
Reference in New Issue
Block a user