net/data/ssl/scripts/generate-policy-certs.sh

   1 #!/bin/sh
   2
   3 # Copyright 2013 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # This script generates a (end-entity, intermediate, root) certificate, where
   8 # the root has no explicit policies associated, the intermediate has multiple
   9 # policies, and the leaf has a single policy.
  10 #
  11 # When validating, supplying no policy OID should not result in an error.
  12
  13 try() {
  14   "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e)
  15 }
  16
  17 try rm -rf out
  18 try mkdir out
  19
  20 # Create the serial number files.
  21 try /bin/sh -c "echo 01 > out/policy-root-serial"
  22 try /bin/sh -c "echo 01 > out/policy-intermediate-serial"
  23
  24 # Create the signers' DB files.
  25 touch out/policy-root-index.txt
  26 touch out/policy-intermediate-index.txt
  27
  28 # Generate the keys
  29 try openssl genrsa -out out/policy-root.key 2048
  30 try openssl genrsa -out out/policy-intermediate.key 2048
  31 try openssl genrsa -out out/policy-cert.key 2048
  32
  33 # Generate the root certificate
  34 COMMON_NAME="Policy Test Root CA" \
  35   CA_DIR=out \
  36   CA_NAME=policy-root \
  37   try openssl req \
  38     -new \
  39     -key out/policy-root.key \
  40     -out out/policy-root.csr \
  41     -config policy.cnf
  42
  43 COMMON_NAME="Policy Test Root CA" \
  44   CA_DIR=out \
  45   CA_NAME=policy-root \
  46   try openssl x509 \
  47     -req -days 3650 \
  48     -in out/policy-root.csr \
  49     -out out/policy-root.pem \
  50     -signkey out/policy-root.key \
  51     -extfile policy.cnf \
  52     -extensions ca_cert \
  53     -text
  54
  55 # Generate the intermediate
  56 COMMON_NAME="Policy Test Intermediate CA" \
  57   CA_DIR=out \
  58   try openssl req \
  59     -new \
  60     -key out/policy-intermediate.key \
  61     -out out/policy-intermediate.csr \
  62     -config policy.cnf
  63
  64 COMMON_NAME="UNUSED" \
  65   CA_DIR=out \
  66   CA_NAME=policy-root \
  67   try openssl ca \
  68     -batch \
  69     -in out/policy-intermediate.csr \
  70     -out out/policy-intermediate.pem \
  71     -config policy.cnf \
  72     -extensions intermediate_cert
  73
  74 # Generate the leaf
  75 COMMON_NAME="policy_test.example" \
  76 CA_DIR=out \
  77 CA_NAME=policy-intermediate \
  78 try openssl req \
  79   -new \
  80   -key out/policy-cert.key \
  81   -out out/policy-cert.csr \
  82   -config policy.cnf
  83
  84 COMMON_NAME="Policy Test Intermediate CA" \
  85   CA_DIR=out \
  86   CA_NAME=policy-intermediate \
  87   try openssl ca \
  88     -batch \
  89     -in out/policy-cert.csr \
  90     -out out/policy-cert.pem \
  91     -config policy.cnf \
  92     -extensions user_cert
  93
  94 try /bin/sh -c "cat out/policy-cert.pem \
  95     out/policy-intermediate.pem \
  96     out/policy-root.pem >../certificates/explicit-policy-chain.pem"