net/data/ssl/scripts/generate-aia-certs.sh

   1 #!/bin/sh
   2
   3 # Copyright 2013 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # This script generates a set of test (end-entity, intermediate, root)
   8 # certificates that can be used to test fetching of an intermediate via AIA.
   9
  10 try() {
  11   echo "$@"
  12   $@ || exit 1
  13 }
  14
  15 try rm -rf out
  16 try mkdir out
  17
  18 # Create the serial number files.
  19 try echo 1 > out/aia-test-root-serial
  20 try echo 1 > out/aia-test-intermediate-serial
  21
  22 # Create the signers' DB files.
  23 touch out/aia-test-root-index.txt
  24 touch out/aia-test-intermediate-index.txt
  25
  26 # Generate the keys
  27 try openssl genrsa -out out/aia-test-root.key 2048
  28 try openssl genrsa -out out/aia-test-intermediate.key 2048
  29 try openssl genrsa -out out/aia-test-cert.key 2048
  30
  31 # Generate the root certificate
  32 CA_COMMON_NAME="AIA Test Root CA" \
  33   CA_DIR=out \
  34   CA_NAME=aia-test-root \
  35   try openssl req \
  36     -new \
  37     -key out/aia-test-root.key \
  38     -out out/aia-test-root.csr \
  39     -config aia-test.cnf
  40
  41 CA_COMMON_NAME="AIA Test Root CA" \
  42   CA_DIR=out \
  43   CA_NAME=aia-test-root \
  44   try openssl x509 \
  45     -req -days 3650 \
  46     -in out/aia-test-root.csr \
  47     -out out/aia-test-root.pem \
  48     -signkey out/aia-test-root.key \
  49     -extfile aia-test.cnf \
  50     -extensions ca_cert
  51
  52 # Generate the intermediate
  53 CA_COMMON_NAME="AIA Test Intermediate CA" \
  54   CA_DIR=out \
  55   CA_NAME=aia-test-root \
  56   try openssl req \
  57     -new \
  58     -key out/aia-test-intermediate.key \
  59     -out out/aia-test-intermediate.csr \
  60     -config aia-test.cnf
  61
  62 CA_COMMON_NAME="AIA Test Intermediate CA" \
  63   CA_DIR=out \
  64   CA_NAME=aia-test-root \
  65   try openssl ca \
  66     -batch \
  67     -in out/aia-test-intermediate.csr \
  68     -out out/aia-test-intermediate.pem \
  69     -config aia-test.cnf \
  70     -extensions ca_cert
  71
  72 # Generate the leaf
  73 CA_COMMON_NAME="aia-host.invalid" \
  74 CA_DIR=out \
  75 CA_NAME=aia-test-intermediate \
  76 try openssl req \
  77   -new \
  78   -key out/aia-test-cert.key \
  79   -out out/aia-test-cert.csr \
  80   -config aia-test.cnf
  81
  82 CA_COMMON_NAME="AIA Test Intermediate CA" \
  83   CA_DIR=out \
  84   CA_NAME=aia-test-intermediate \
  85   AIA_URL=http://aia-test.invalid \
  86   try openssl ca \
  87     -batch \
  88     -in out/aia-test-cert.csr \
  89     -out out/aia-test-cert.pem \
  90     -config aia-test.cnf \
  91     -extensions user_cert