net/data/ssl/scripts/generate-aia-certs.sh

   1 #!/bin/sh
   2
   3 # Copyright 2013 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # This script generates a set of test (end-entity, intermediate, root)
   8 # certificates that can be used to test fetching of an intermediate via AIA.
   9
  10 try() {
  11   echo "$@"
  12   "$@" || exit 1
  13 }
  14
  15 try rm -rf out
  16 try mkdir out
  17
  18 # Create the serial number files.
  19 try /bin/sh -c "echo 01 > out/aia-test-root-serial"
  20 try /bin/sh -c "echo 01 > out/aia-test-intermediate-serial"
  21
  22 # Create the signers' DB files.
  23 touch out/aia-test-root-index.txt
  24 touch out/aia-test-intermediate-index.txt
  25
  26 # Generate the keys
  27 try openssl genrsa -out out/aia-test-root.key 2048
  28 try openssl genrsa -out out/aia-test-intermediate.key 2048
  29 try openssl genrsa -out out/aia-test-cert.key 2048
  30
  31 # Generate the root certificate
  32 CA_COMMON_NAME="AIA Test Root CA" \
  33   CA_DIR=out \
  34   CA_NAME=aia-test-root \
  35   try openssl req \
  36     -new \
  37     -key out/aia-test-root.key \
  38     -out out/aia-test-root.csr \
  39     -config aia-test.cnf
  40
  41 CA_COMMON_NAME="AIA Test Root CA" \
  42   CA_DIR=out \
  43   CA_NAME=aia-test-root \
  44   try openssl x509 \
  45     -req -days 3650 \
  46     -in out/aia-test-root.csr \
  47     -out out/aia-test-root.pem \
  48     -signkey out/aia-test-root.key \
  49     -extfile aia-test.cnf \
  50     -extensions ca_cert \
  51     -text
  52
  53 # Generate the intermediate
  54 CA_COMMON_NAME="AIA Test Intermediate CA" \
  55   CA_DIR=out \
  56   CA_NAME=aia-test-root \
  57   try openssl req \
  58     -new \
  59     -key out/aia-test-intermediate.key \
  60     -out out/aia-test-intermediate.csr \
  61     -config aia-test.cnf
  62
  63 CA_COMMON_NAME="AIA Test Intermediate CA" \
  64   CA_DIR=out \
  65   CA_NAME=aia-test-root \
  66   try openssl ca \
  67     -batch \
  68     -in out/aia-test-intermediate.csr \
  69     -out out/aia-test-intermediate.pem \
  70     -config aia-test.cnf \
  71     -extensions ca_cert
  72
  73 # Generate the leaf
  74 CA_COMMON_NAME="aia-host.invalid" \
  75 CA_DIR=out \
  76 CA_NAME=aia-test-intermediate \
  77 try openssl req \
  78   -new \
  79   -key out/aia-test-cert.key \
  80   -out out/aia-test-cert.csr \
  81   -config aia-test.cnf
  82
  83 CA_COMMON_NAME="AIA Test Intermediate CA" \
  84   CA_DIR=out \
  85   CA_NAME=aia-test-intermediate \
  86   AIA_URL=http://aia-test.invalid \
  87   try openssl ca \
  88     -batch \
  89     -in out/aia-test-cert.csr \
  90     -out out/aia-test-cert.pem \
  91     -config aia-test.cnf \
  92     -extensions user_cert
  93
  94 # Copy to the file names that are actually checked in.
  95 try cp out/aia-test-cert.pem ../certificates/aia-cert.pem
  96 try openssl x509 \
  97   -outform der \
  98   -in out/aia-test-intermediate.pem \
  99   -out ../certificates/aia-intermediate.der
 100 try cp out/aia-test-root.pem ../certificates/aia-root.pem