net/data/ssl/scripts/generate-aia-certs.sh

   1 #!/bin/sh
   2
   3 # Copyright 2013 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # This script generates a set of test (end-entity, intermediate, root)
   8 # certificates that can be used to test fetching of an intermediate via AIA.
   9
  10 try() {
  11   "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e)
  12 }
  13
  14 try rm -rf out
  15 try mkdir out
  16
  17 # Create the serial number files.
  18 try /bin/sh -c "echo 01 > out/aia-test-root-serial"
  19 try /bin/sh -c "echo 01 > out/aia-test-intermediate-serial"
  20
  21 # Create the signers' DB files.
  22 touch out/aia-test-root-index.txt
  23 touch out/aia-test-intermediate-index.txt
  24
  25 # Generate the keys
  26 try openssl genrsa -out out/aia-test-root.key 2048
  27 try openssl genrsa -out out/aia-test-intermediate.key 2048
  28 try openssl genrsa -out out/aia-test-cert.key 2048
  29
  30 # Generate the root certificate
  31 CA_COMMON_NAME="AIA Test Root CA" \
  32   CA_DIR=out \
  33   CA_NAME=aia-test-root \
  34   try openssl req \
  35     -new \
  36     -key out/aia-test-root.key \
  37     -out out/aia-test-root.csr \
  38     -config aia-test.cnf
  39
  40 CA_COMMON_NAME="AIA Test Root CA" \
  41   CA_DIR=out \
  42   CA_NAME=aia-test-root \
  43   try openssl x509 \
  44     -req -days 3650 \
  45     -in out/aia-test-root.csr \
  46     -out out/aia-test-root.pem \
  47     -signkey out/aia-test-root.key \
  48     -extfile aia-test.cnf \
  49     -extensions ca_cert \
  50     -text
  51
  52 # Generate the intermediate
  53 CA_COMMON_NAME="AIA Test Intermediate CA" \
  54   CA_DIR=out \
  55   CA_NAME=aia-test-root \
  56   try openssl req \
  57     -new \
  58     -key out/aia-test-intermediate.key \
  59     -out out/aia-test-intermediate.csr \
  60     -config aia-test.cnf
  61
  62 CA_COMMON_NAME="AIA Test Intermediate CA" \
  63   CA_DIR=out \
  64   CA_NAME=aia-test-root \
  65   try openssl ca \
  66     -batch \
  67     -in out/aia-test-intermediate.csr \
  68     -out out/aia-test-intermediate.pem \
  69     -config aia-test.cnf \
  70     -extensions ca_cert
  71
  72 # Generate the leaf
  73 CA_COMMON_NAME="aia-host.invalid" \
  74 CA_DIR=out \
  75 CA_NAME=aia-test-intermediate \
  76 try openssl req \
  77   -new \
  78   -key out/aia-test-cert.key \
  79   -out out/aia-test-cert.csr \
  80   -config aia-test.cnf
  81
  82 CA_COMMON_NAME="AIA Test Intermediate CA" \
  83   CA_DIR=out \
  84   CA_NAME=aia-test-intermediate \
  85   AIA_URL=http://aia-test.invalid \
  86   try openssl ca \
  87     -batch \
  88     -in out/aia-test-cert.csr \
  89     -out out/aia-test-cert.pem \
  90     -config aia-test.cnf \
  91     -extensions user_cert
  92
  93 # Copy to the file names that are actually checked in.
  94 try cp out/aia-test-cert.pem ../certificates/aia-cert.pem
  95 try openssl x509 \
  96   -outform der \
  97   -in out/aia-test-intermediate.pem \
  98   -out ../certificates/aia-intermediate.der
  99 try cp out/aia-test-root.pem ../certificates/aia-root.pem