Update test certficate for KeyChain storage CtsVerifier test
Add Subject Alternative Name to the certificate which is required in P.
Test: Run CtsVerifier -> KeyChain Storage Test and verify it passes
Change-Id: I8ef8e41001464cdcce2773c052338b97976e8950
Fix: 78681861
diff --git a/apps/CtsVerifier/create_test_certs.sh b/apps/CtsVerifier/create_test_certs.sh
index b59974a..93fa377 100755
--- a/apps/CtsVerifier/create_test_certs.sh
+++ b/apps/CtsVerifier/create_test_certs.sh
@@ -20,11 +20,15 @@
'/O=Android'\
'/CN=localhost'
PASSWORD='androidtest'
+SAN=\
+'DNS:localhost'
echo "Creating directory '$CA_DIR'..."
mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \
&& echo '01' > "$tmpdir"/"$CA_DIR"/serial \
&& touch "$tmpdir"/"$CA_DIR"/index.txt
+cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \
+ > "$tmpdir"/openssl.conf
echo "Generating CA certificate..."
(cd "$tmpdir" \
@@ -52,6 +56,8 @@
-days 3650 \
-out 'userkey.req' \
-subj "$SUBJECT" \
+ -extensions SAN \
+ -config openssl.conf \
&& openssl pkcs8 \
-topk8 \
-outform DER \
@@ -68,6 +74,8 @@
-keyfile 'cakey.pem' \
-days 3650 \
-passin 'pass:'"$PASSWORD" \
+ -extensions SAN \
+ -config openssl.conf \
-batch \
&& openssl x509 \
-outform DER \
diff --git a/apps/CtsVerifier/res/raw/cacert.der b/apps/CtsVerifier/res/raw/cacert.der
index 3934e1b..9acf82a 100644
--- a/apps/CtsVerifier/res/raw/cacert.der
+++ b/apps/CtsVerifier/res/raw/cacert.der
Binary files differ
diff --git a/apps/CtsVerifier/res/raw/usercert.der b/apps/CtsVerifier/res/raw/usercert.der
index cdfb8f7..cb48852 100644
--- a/apps/CtsVerifier/res/raw/usercert.der
+++ b/apps/CtsVerifier/res/raw/usercert.der
Binary files differ
diff --git a/apps/CtsVerifier/res/raw/userkey.der b/apps/CtsVerifier/res/raw/userkey.der
index 31f1f8c..9216bb8 100644
--- a/apps/CtsVerifier/res/raw/userkey.der
+++ b/apps/CtsVerifier/res/raw/userkey.der
Binary files differ