Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / test / data / extensions / api_test / certificate_provider / create_test_certs.sh
blobecd1772b225dc93b709fa4da557191d7fbedb68a
1 #!/bin/bash
3 # Copyright 2015 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file.
7 # Generates the following tree of certificates:
8 # root (self-signed root)
9 # \
10 # \--> l1_leaf (end-entity)
12 try() {
13 "$@" || {
14 e=$?
15 echo "*** ERROR $e *** $@ " > /dev/stderr
16 exit $e
20 # Create a self-signed CA cert with CommonName CN and store it at $1.pem .
21 root_cert() {
22 try /bin/sh -c "echo 01 > out/${1}-serial"
23 try touch out/${1}-index.txt
24 try openssl genrsa -out out/${1}.key 2048
26 CA_ID=$1 \
27 try openssl req \
28 -new \
29 -key out/${1}.key \
30 -out out/${1}.req \
31 -config ca.cnf
33 CA_ID=$1 \
34 try openssl x509 \
35 -req -days 3650 \
36 -in out/${1}.req \
37 -signkey out/${1}.key \
38 -extfile ca.cnf \
39 -extensions ca_cert > out/${1}.pem
41 try cp out/${1}.pem ${1}.pem
44 # Create a cert with CommonName CN signed by CA_ID and store it at $1.der .
45 # $2 must either be "leaf_cert" (for a server/user cert) or "ca_cert" (for a
46 # intermediate CA).
47 # Stores the private key at $1.pk8 .
48 issue_cert() {
49 if [[ "$2" == "ca_cert" ]]
50 then
51 try /bin/sh -c "echo 01 > out/${1}-serial"
52 try touch out/${1}-index.txt
54 try openssl req \
55 -new \
56 -keyout out/${1}.key \
57 -out out/${1}.req \
58 -config ca.cnf
60 try openssl ca \
61 -batch \
62 -extensions $2 \
63 -in out/${1}.req \
64 -out out/${1}.pem \
65 -config ca.cnf
67 try openssl pkcs8 -topk8 -in out/${1}.key -out ${1}.pk8 -outform DER -nocrypt
69 try openssl x509 -in out/${1}.pem -outform DER -out out/${1}.der
70 try cp out/${1}.der ${1}.der
73 try rm -rf out
74 try mkdir out
76 CN=root \
77 try root_cert root
79 CA_ID=root CN=l1_leaf \
80 try issue_cert l1_leaf leaf_cert