net/data/ssl/scripts/generate-test-certs.sh

   1 #!/bin/sh
   2
   3 # Copyright 2013 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # This script generates a set of test (end-entity, intermediate, root)
   8 # certificates that can be used to test fetching of an intermediate via AIA.
   9
  10 try() {
  11   echo "$@"
  12   "$@" || exit 1
  13 }
  14
  15 try rm -rf out
  16 try mkdir out
  17
  18 try /bin/sh -c "echo 01 > out/2048-sha1-root-serial"
  19 touch out/2048-sha1-root-index.txt
  20
  21 # Generate the key
  22 try openssl genrsa -out out/2048-sha1-root.key 2048
  23
  24 # Generate the root certificate
  25 CA_COMMON_NAME="Test Root CA" \
  26   try openssl req \
  27     -new \
  28     -key out/2048-sha1-root.key \
  29     -out out/2048-sha1-root.req \
  30     -config ca.cnf
  31
  32 CA_COMMON_NAME="Test Root CA" \
  33   try openssl x509 \
  34     -req -days 3650 \
  35     -in out/2048-sha1-root.req \
  36     -out out/2048-sha1-root.pem \
  37     -signkey out/2048-sha1-root.key \
  38     -extfile ca.cnf \
  39     -extensions ca_cert \
  40     -text
  41
  42 # Generate the leaf certificate requests
  43 try openssl req \
  44   -new \
  45   -keyout out/expired_cert.key \
  46   -out out/expired_cert.req \
  47   -config ee.cnf
  48
  49 try openssl req \
  50   -new \
  51   -keyout out/ok_cert.key \
  52   -out out/ok_cert.req \
  53   -config ee.cnf
  54
  55 # Generate the leaf certificates
  56 CA_COMMON_NAME="Test Root CA" \
  57   try openssl ca \
  58     -batch \
  59     -extensions user_cert \
  60     -startdate 060101000000Z \
  61     -enddate 070101000000Z \
  62     -in out/expired_cert.req \
  63     -out out/expired_cert.pem \
  64     -config ca.cnf
  65
  66 CA_COMMON_NAME="Test Root CA" \
  67   try openssl ca \
  68     -batch \
  69     -extensions user_cert \
  70     -days 3650 \
  71     -in out/ok_cert.req \
  72     -out out/ok_cert.pem \
  73     -config ca.cnf
  74
  75 try /bin/sh -c "cat out/ok_cert.key out/ok_cert.pem \
  76     > ../certificates/ok_cert.pem"
  77 try /bin/sh -c "cat out/expired_cert.key out/expired_cert.pem \
  78     > ../certificates/expired_cert.pem"
  79 try /bin/sh -c "cat out/2048-sha1-root.key out/2048-sha1-root.pem \
  80     > ../certificates/root_ca_cert.pem"
  81