net/data/ssl/scripts/generate-policy-certs.sh

   1 #!/bin/sh
   2
   3 # Copyright 2013 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # This script generates a (end-entity, intermediate, root) certificate, where
   8 # the root has no explicit policies associated, the intermediate has multiple
   9 # policies, and the leaf has a single policy.
  10 #
  11 # When validating, supplying no policy OID should not result in an error.
  12
  13 try() {
  14   echo "$@"
  15   "$@" || exit 1
  16 }
  17
  18 try rm -rf out
  19 try mkdir out
  20
  21 # Create the serial number files.
  22 try /bin/sh -c "echo 01 > out/policy-root-serial"
  23 try /bin/sh -c "echo 01 > out/policy-intermediate-serial"
  24
  25 # Create the signers' DB files.
  26 touch out/policy-root-index.txt
  27 touch out/policy-intermediate-index.txt
  28
  29 # Generate the keys
  30 try openssl genrsa -out out/policy-root.key 2048
  31 try openssl genrsa -out out/policy-intermediate.key 2048
  32 try openssl genrsa -out out/policy-cert.key 2048
  33
  34 # Generate the root certificate
  35 COMMON_NAME="Policy Test Root CA" \
  36   CA_DIR=out \
  37   CA_NAME=policy-root \
  38   try openssl req \
  39     -new \
  40     -key out/policy-root.key \
  41     -out out/policy-root.csr \
  42     -config policy.cnf
  43
  44 COMMON_NAME="Policy Test Root CA" \
  45   CA_DIR=out \
  46   CA_NAME=policy-root \
  47   try openssl x509 \
  48     -req -days 3650 \
  49     -in out/policy-root.csr \
  50     -out out/policy-root.pem \
  51     -signkey out/policy-root.key \
  52     -extfile policy.cnf \
  53     -extensions ca_cert \
  54     -text
  55
  56 # Generate the intermediate
  57 COMMON_NAME="Policy Test Intermediate CA" \
  58   CA_DIR=out \
  59   try openssl req \
  60     -new \
  61     -key out/policy-intermediate.key \
  62     -out out/policy-intermediate.csr \
  63     -config policy.cnf
  64
  65 COMMON_NAME="UNUSED" \
  66   CA_DIR=out \
  67   CA_NAME=policy-root \
  68   try openssl ca \
  69     -batch \
  70     -in out/policy-intermediate.csr \
  71     -out out/policy-intermediate.pem \
  72     -config policy.cnf \
  73     -extensions intermediate_cert
  74
  75 # Generate the leaf
  76 COMMON_NAME="policy_test.example" \
  77 CA_DIR=out \
  78 CA_NAME=policy-intermediate \
  79 try openssl req \
  80   -new \
  81   -key out/policy-cert.key \
  82   -out out/policy-cert.csr \
  83   -config policy.cnf
  84
  85 COMMON_NAME="Policy Test Intermediate CA" \
  86   CA_DIR=out \
  87   CA_NAME=policy-intermediate \
  88   try openssl ca \
  89     -batch \
  90     -in out/policy-cert.csr \
  91     -out out/policy-cert.pem \
  92     -config policy.cnf \
  93     -extensions user_cert
  94
  95 try /bin/sh -c "cat out/policy-cert.pem \
  96     out/policy-intermediate.pem \
  97     out/policy-root.pem >../certificates/explicit-policy-chain.pem"