1 #!/bin/sh 2 3 # Copyright 2013 The Chromium Authors. All rights reserved. 4 # Use of this source code is governed by a BSD-style license that can be 5 # found in the LICENSE file. 6 7 # This script generates a (end-entity, intermediate, root) certificate, where 8 # the root has no explicit policies associated, the intermediate has multiple 9 # policies, and the leaf has a single policy. 10 # 11 # When validating, supplying no policy OID should not result in an error. 12 13 try() { 14 echo "$@" 15 "$@" || exit 1 16 } 17 18 try rm -rf out 19 try mkdir out 20 21 # Create the serial number files. 22 try /bin/sh -c "echo 01 > out/policy-root-serial" 23 try /bin/sh -c "echo 01 > out/policy-intermediate-serial" 24 25 # Create the signers' DB files. 26 touch out/policy-root-index.txt 27 touch out/policy-intermediate-index.txt 28 29 # Generate the keys 30 try openssl genrsa -out out/policy-root.key 2048 31 try openssl genrsa -out out/policy-intermediate.key 2048 32 try openssl genrsa -out out/policy-cert.key 2048 33 34 # Generate the root certificate 35 COMMON_NAME="Policy Test Root CA" \ 36 CA_DIR=out \ 37 CA_NAME=policy-root \ 38 try openssl req \ 39 -new \ 40 -key out/policy-root.key \ 41 -out out/policy-root.csr \ 42 -config policy.cnf 43 44 COMMON_NAME="Policy Test Root CA" \ 45 CA_DIR=out \ 46 CA_NAME=policy-root \ 47 try openssl x509 \ 48 -req -days 3650 \ 49 -in out/policy-root.csr \ 50 -out out/policy-root.pem \ 51 -signkey out/policy-root.key \ 52 -extfile policy.cnf \ 53 -extensions ca_cert \ 54 -text 55 56 # Generate the intermediate 57 COMMON_NAME="Policy Test Intermediate CA" \ 58 CA_DIR=out \ 59 try openssl req \ 60 -new \ 61 -key out/policy-intermediate.key \ 62 -out out/policy-intermediate.csr \ 63 -config policy.cnf 64 65 COMMON_NAME="UNUSED" \ 66 CA_DIR=out \ 67 CA_NAME=policy-root \ 68 try openssl ca \ 69 -batch \ 70 -in out/policy-intermediate.csr \ 71 -out out/policy-intermediate.pem \ 72 -config policy.cnf \ 73 -extensions intermediate_cert 74 75 # Generate the leaf 76 COMMON_NAME="policy_test.example" \ 77 CA_DIR=out \ 78 CA_NAME=policy-intermediate \ 79 try openssl req \ 80 -new \ 81 -key out/policy-cert.key \ 82 -out out/policy-cert.csr \ 83 -config policy.cnf 84 85 COMMON_NAME="Policy Test Intermediate CA" \ 86 CA_DIR=out \ 87 CA_NAME=policy-intermediate \ 88 try openssl ca \ 89 -batch \ 90 -in out/policy-cert.csr \ 91 -out out/policy-cert.pem \ 92 -config policy.cnf \ 93 -extensions user_cert 94 95 try /bin/sh -c "cat out/policy-cert.pem \ 96 out/policy-intermediate.pem \ 97 out/policy-root.pem >../certificates/explicit-policy-chain.pem" 98
