Home | History | Annotate | Download | only in scripts 
      1 #!/bin/sh
      2 
      3 # Copyright 2013 The Chromium Authors. All rights reserved.
      4 # Use of this source code is governed by a BSD-style license that can be
      5 # found in the LICENSE file.
      6 
      7 # This script generates a set of test (end-entity, intermediate, root)
      8 # certificates that can be used to test fetching of an intermediate via AIA.
      9 
     10 try() {
     11   echo "$@"
     12   $@ || exit 1
     13 }
     14 
     15 try rm -rf out
     16 try mkdir out
     17 
     18 # Create the serial number files.
     19 try echo 1 > out/aia-test-root-serial
     20 try echo 1 > out/aia-test-intermediate-serial
     21 
     22 # Create the signers' DB files.
     23 touch out/aia-test-root-index.txt
     24 touch out/aia-test-intermediate-index.txt
     25 
     26 # Generate the keys
     27 try openssl genrsa -out out/aia-test-root.key 2048
     28 try openssl genrsa -out out/aia-test-intermediate.key 2048
     29 try openssl genrsa -out out/aia-test-cert.key 2048
     30 
     31 # Generate the root certificate
     32 CA_COMMON_NAME="AIA Test Root CA" \
     33   CA_DIR=out \
     34   CA_NAME=aia-test-root \
     35   try openssl req \
     36     -new \
     37     -key out/aia-test-root.key \
     38     -out out/aia-test-root.csr \
     39     -config aia-test.cnf
     40 
     41 CA_COMMON_NAME="AIA Test Root CA" \
     42   CA_DIR=out \
     43   CA_NAME=aia-test-root \
     44   try openssl x509 \
     45     -req -days 3650 \
     46     -in out/aia-test-root.csr \
     47     -out out/aia-test-root.pem \
     48     -signkey out/aia-test-root.key \
     49     -extfile aia-test.cnf \
     50     -extensions ca_cert
     51 
     52 # Generate the intermediate
     53 CA_COMMON_NAME="AIA Test Intermediate CA" \
     54   CA_DIR=out \
     55   CA_NAME=aia-test-root \
     56   try openssl req \
     57     -new \
     58     -key out/aia-test-intermediate.key \
     59     -out out/aia-test-intermediate.csr \
     60     -config aia-test.cnf
     61 
     62 CA_COMMON_NAME="AIA Test Intermediate CA" \
     63   CA_DIR=out \
     64   CA_NAME=aia-test-root \
     65   try openssl ca \
     66     -batch \
     67     -in out/aia-test-intermediate.csr \
     68     -out out/aia-test-intermediate.pem \
     69     -config aia-test.cnf \
     70     -extensions ca_cert
     71 
     72 # Generate the leaf
     73 CA_COMMON_NAME="aia-host.invalid" \
     74 CA_DIR=out \
     75 CA_NAME=aia-test-intermediate \
     76 try openssl req \
     77   -new \
     78   -key out/aia-test-cert.key \
     79   -out out/aia-test-cert.csr \
     80   -config aia-test.cnf
     81 
     82 CA_COMMON_NAME="AIA Test Intermediate CA" \
     83   CA_DIR=out \
     84   CA_NAME=aia-test-intermediate \
     85   AIA_URL=http://aia-test.invalid \
     86   try openssl ca \
     87     -batch \
     88     -in out/aia-test-cert.csr \
     89     -out out/aia-test-cert.pem \
     90     -config aia-test.cnf \
     91     -extensions user_cert
     92