abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 08:56:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add error check to scripts

Browse Source
This commit is contained in:
Zhi Guan
2023-02-14 21:33:20 +08:00
parent 14fdc7a5f6
commit 538321d93c
4 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
demos/scripts/cademo.sh
View File

@@ -1,5 +1,6 @@
#!/bin/bash
#!/bin/bash -x
set -e
gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign
@@ -25,3 +26,18 @@ gmssl certrevoke -in enccert.pem -reason keyCompromise >> revoked_certs.der
gmssl crlgen -in revoked_certs.der -cacert cacert.pem -key cakey.pem -pass 1234 -next_update 20240101000000Z -gen_authority_key_id -crl_num 1 -out crl.der
gmssl crlparse -in crl.der
rm -fr rootcakey.pem
rm -fr rootcacert.pem
rm -fr cakey.pem
rm -fr careq.pem
rm -fr cacert.pem
rm -fr signkey.pem
rm -fr signreq.pem
rm -fr signcert.pem
rm -fr enckey.pem
rm -fr encreq.pem
rm -fr enccert.pem
rm -fr revoked_certs.der
rm -fr crl.der
echo "all ok"

5
demos/scripts/certdemo.sh
View File

@@ -1,4 +1,5 @@
#!/bin/bash
#!/bin/bash -x
set -e
gmssl sm2keygen -pass 1234 -out rootcakey.pem
@@ -29,7 +30,6 @@ gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert
-crl_http_uri http://github.com/guanzhi/GmSSL/raw/master/demos/certs/SubCA-1.crl
gmssl certparse -in enccert.pem
cat signcert.pem > certs.pem
cat cacert.pem >> certs.pem
gmssl certverify -in certs.pem -cacert rootcacert.pem #-check_crl
@@ -39,4 +39,5 @@ cat enccert.pem >> dbl_certs.pem
cat cacert.pem >> dbl_certs.pem
gmssl certverify -double_certs -in dbl_certs.pem -cacert rootcacert.pem #-check_crl
echo ok

3
demos/scripts/certs.sh
View File

@@ -1,5 +1,7 @@
#!/bin/bash -x
set -e
cd ../certs
gmssl certparse -in "rootca/Civil Servant ROOT.pem"
@@ -22,3 +24,4 @@ gmssl certverify -in "ca/TJCA.pem" -cacert "rootca/Civil Servant ROOT.pem" #-che
gmssl certverify -in "ca/Taier CA.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
gmssl certverify -in "ca/Ant Financial Certification Authority S1.pem" -cacert "rootca/ROOTCA.pem" #-check_crl
echo ok

7
demos/scripts/certverify.sh
View File

@@ -1,4 +1,6 @@
#!/bin/bash
#!/bin/bash -x
set -e
signcert=ebssec.boc.cn-sign.pem
enccert=ebssec.boc.cn-enc.pem
@@ -113,7 +115,6 @@ gmssl certverify -in $double_chain -cacert $rootcacert -double_certs -check_crl
gmssl crlget -cert $signcert -out $crl
gmssl crlparse -in $crl
rm -fr $signcert
rm -fr $enccert
rm -fr $crl
@@ -124,3 +125,5 @@ rm -fr $chain_with_root
rm -fr $double_certs
rm -fr $double_chain
echo ok