1 #!/bin/bash 2 3 # 4 # Creates or overwrites 3 files in ./res/raw: 5 # - cacert.der 6 # - userkey.der 7 # - usercert.der 8 # 9 10 tmpdir=$(mktemp -d './XXXXXXXX') 11 trap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT 12 13 # CA_default defined in openssl.cnf 14 CA_DIR='demoCA' 15 16 SUBJECT=\ 17 '/C=US'\ 18 '/ST=CA'\ 19 '/L=Mountain View'\ 20 '/O=Android'\ 21 '/CN=localhost' 22 PASSWORD='androidtest' 23 SAN=\ 24 'DNS:localhost' 25 26 echo "Creating directory '$CA_DIR'..." 27 mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \ 28 && echo '01' > "$tmpdir"/"$CA_DIR"/serial \ 29 && touch "$tmpdir"/"$CA_DIR"/index.txt 30 cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \ 31 > "$tmpdir"/openssl.conf 32 33 echo "Generating CA certificate..." 34 (cd "$tmpdir" \ 35 && openssl req \ 36 -new \ 37 -x509 \ 38 -days 3650 \ 39 -extensions v3_ca \ 40 -keyout 'cakey.pem' \ 41 -out 'cacert.pem' \ 42 -subj "$SUBJECT" \ 43 -passout 'pass:'"$PASSWORD" \ 44 && openssl x509 \ 45 -outform DER \ 46 -in 'cacert.pem' \ 47 -out 'cacert.der') 48 49 echo "Generating user key..." 50 (cd "$tmpdir" \ 51 && openssl req \ 52 -newkey rsa:2048 \ 53 -sha256 \ 54 -keyout 'userkey.pem' \ 55 -nodes \ 56 -days 3650 \ 57 -out 'userkey.req' \ 58 -subj "$SUBJECT" \ 59 -extensions SAN \ 60 -config openssl.conf \ 61 && openssl pkcs8 \ 62 -topk8 \ 63 -outform DER \ 64 -in 'userkey.pem' \ 65 -out 'userkey.der' \ 66 -nocrypt) 67 68 echo "Generating user certificate..." 69 (cd "$tmpdir" \ 70 && openssl ca \ 71 -out 'usercert.pem' \ 72 -in 'userkey.req' \ 73 -cert 'cacert.pem' \ 74 -keyfile 'cakey.pem' \ 75 -days 3650 \ 76 -passin 'pass:'"$PASSWORD" \ 77 -extensions SAN \ 78 -config openssl.conf \ 79 -batch \ 80 && openssl x509 \ 81 -outform DER \ 82 -in 'usercert.pem' \ 83 -out 'usercert.der') 84 85 # Copy important files to raw resources directory 86 cp \ 87 "$tmpdir"/cacert.der \ 88 "$tmpdir"/userkey.der \ 89 "$tmpdir"/usercert.der \ 90 'res/raw/' 91 92 echo "Finished" 93 exit 94
