Decoralate AAGUID and certificates
This commit is contained in:
Jean-Michel Picod
@@ -35,6 +35,7 @@ enum-iterator = "0.6.0"
|
||||
|
||||
[build-dependencies]
|
||||
openssl = "0.10"
|
||||
uuid = { version = "0.8", features = ["v4"] }
|
||||
|
||||
[profile.dev]
|
||||
panic = "abort"
|
||||
|
||||
11
build.rs
11
build.rs
@@ -21,8 +21,10 @@ use openssl::pkey::PKey;
|
||||
use openssl::x509;
|
||||
use std::env;
|
||||
use std::fs::File;
|
||||
use std::io::Read;
|
||||
use std::io::Write;
|
||||
use std::path::Path;
|
||||
use uuid::Uuid;
|
||||
|
||||
fn main() {
|
||||
println!("cargo:rerun-if-changed=crypto_data/opensk.key");
|
||||
@@ -84,7 +86,10 @@ fn main() {
|
||||
cert_bin_file.write_all(&cert.to_der().unwrap()).unwrap();
|
||||
|
||||
let mut aaguid_bin_file = File::create(&aaguid_bin_path).unwrap();
|
||||
let mut serial = cert.serial_number().to_bn().unwrap().to_vec();
|
||||
serial.resize(16, 0);
|
||||
aaguid_bin_file.write_all(&serial).unwrap();
|
||||
let mut aaguid_txt_file = File::open("crypto_data/aaguid.txt").unwrap();
|
||||
let mut content = String::new();
|
||||
aaguid_txt_file.read_to_string(&mut content).unwrap();
|
||||
content.truncate(36);
|
||||
let aaguid = Uuid::parse_str(&content).unwrap();
|
||||
aaguid_bin_file.write_all(aaguid.as_bytes()).unwrap();
|
||||
}
|
||||
|
||||
@@ -14,6 +14,9 @@
|
||||
# limitations under the License.
|
||||
|
||||
generate_crypto_materials () {
|
||||
# OpenSK AAGUID
|
||||
local aaguid_file=crypto_data/aaguid.txt
|
||||
|
||||
# Root CA key pair and certificate
|
||||
local ca_priv_key=crypto_data/opensk_ca.key
|
||||
local ca_cert_name=crypto_data/opensk_ca
|
||||
@@ -49,7 +52,7 @@ generate_crypto_materials () {
|
||||
-new \
|
||||
-key "${ca_priv_key}" \
|
||||
-out "${ca_cert_name}.csr" \
|
||||
-subj "/CN=Google OpenSK CA"
|
||||
-subj "/CN=OpenSK CA"
|
||||
"${openssl}" x509 \
|
||||
-trustout \
|
||||
-req \
|
||||
@@ -72,7 +75,7 @@ generate_crypto_materials () {
|
||||
-new \
|
||||
-key "${opensk_key}" \
|
||||
-out "${opensk_cert_name}.csr" \
|
||||
-subj "/CN=Google OpenSK Hacker Edition"
|
||||
-subj "/CN=OpenSK Hacker Edition"
|
||||
"${openssl}" x509 \
|
||||
-req \
|
||||
-days 3652 \
|
||||
@@ -84,6 +87,11 @@ generate_crypto_materials () {
|
||||
-out "${opensk_cert_name}.pem" \
|
||||
-sha256
|
||||
fi
|
||||
|
||||
if [ "${force_generate}" = "Y" -o ! -f "${aaguid_file}" ]
|
||||
then
|
||||
uuidgen > "${aaguid_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
generate_crypto_materials "$1"
|
||||
|
||||
Reference in New Issue
Block a user