[glib-networking/pgriffis/automate-cert-update] Remove sudo requirement from create-files.sh

[Patrick Griffis <pgriffis src gnome org>]

commit d8ea01f4af28576073e39ceb82508f2e413c1dbc
Author: Patrick Griffis <pgriffis igalia com>
Date:   Sun Jun 20 13:44:29 2021 -0500

    Remove sudo requirement from create-files.sh
    
    Use the datefudge tool instead.

 tls/tests/files/create-files.sh | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)
---
diff --git a/tls/tests/files/create-files.sh b/tls/tests/files/create-files.sh
index ff9563a..af182ff 100755
--- a/tls/tests/files/create-files.sh
+++ b/tls/tests/files/create-files.sh
@@ -15,14 +15,7 @@ echo "needed to run the Unit Test."
 echo
 echo "                   *** IMPORTANT ***"
 echo
-echo "This script will change the system date momentarily to generate"
-echo "a couple of certificates (sudo password will be requested). This"
-echo "is because it uses the OpenSSL x509 utility instead of the ca"
-echo "utility which allows to set a starting date for the certificates."
-echo
-echo "Note that one of the scripts requires python3's cryptography module."
-echo
-echo "                   *** IMPORTANT ***"
+echo "This script depends on datefudge, openssl, and python3's cryptography module."
 echo
 
 read -p "Press [Enter] key to continue..."
@@ -86,6 +79,10 @@ openssl x509 -in server.pem -outform DER -out server.der
 msg "Converting server private key from PEM to DER"
 openssl rsa -in server-key.pem -outform DER -out server-key.der
 
+msg "Converting server private key to PKCS #8"
+openssl pkcs8 -topk8 -in server-key.pem -outform PEM -nocrypt -out server-key-pkcs8.pem
+openssl pkcs8 -topk8 -in server-key.pem -outform DER -nocrypt -out server-key-pkcs8.der
+
 #######################################################################
 ### Server (self-signed)
 #######################################################################
@@ -113,15 +110,11 @@ cat client-key.pem >> client-and-key.pem
 # It is not possible to specify the start and end date using the "x509" tool.
 # It would be better to use the "ca" tool. Sorry!
 msg "Creating client certificate (past)"
-sudo date -s "17 JUL 2000 18:00:00"
-openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial 
serial -out client-past.pem
-sudo hwclock -s
+datefudge "17 JUL 2000 18:00:00" openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA 
ca.pem -CAkey ca-key.pem -CAserial serial -out client-past.pem
 touch client-past.pem
 
 msg "Creating client certificate (future)"
-sudo date -s "17 JUL 2060 18:00:00"
-openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA ca.pem -CAkey ca-key.pem -CAserial 
serial -out client-future.pem
-sudo hwclock -s
+datefudge "17 JUL 2060 18:00:00" openssl x509 -req -in client-csr.pem -days 365 -startdate -enddate -CA 
ca.pem -CAkey ca-key.pem -CAserial serial -out client-future.pem
 touch client-future.pem
 
 msg "Creating second client key pair"