1#!/bin/sh
2
3# Copyright 2013 The Chromium Authors. All rights reserved.
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6
7# This script generates a set of test (end-entity, intermediate, root)
8# certificates that can be used to test fetching of an intermediate via AIA.
9
10try() {
11  echo "$@"
12  $@ || exit 1
13}
14
15try rm -rf out
16try mkdir out
17
18# Create the serial number files.
19try echo 1 > out/aia-test-root-serial
20try echo 1 > out/aia-test-intermediate-serial
21
22# Create the signers' DB files.
23touch out/aia-test-root-index.txt
24touch out/aia-test-intermediate-index.txt
25
26# Generate the keys
27try openssl genrsa -out out/aia-test-root.key 2048
28try openssl genrsa -out out/aia-test-intermediate.key 2048
29try openssl genrsa -out out/aia-test-cert.key 2048
30
31# Generate the root certificate
32CA_COMMON_NAME="AIA Test Root CA" \
33  CA_DIR=out \
34  CA_NAME=aia-test-root \
35  try openssl req \
36    -new \
37    -key out/aia-test-root.key \
38    -out out/aia-test-root.csr \
39    -config aia-test.cnf
40
41CA_COMMON_NAME="AIA Test Root CA" \
42  CA_DIR=out \
43  CA_NAME=aia-test-root \
44  try openssl x509 \
45    -req -days 3650 \
46    -in out/aia-test-root.csr \
47    -out out/aia-test-root.pem \
48    -signkey out/aia-test-root.key \
49    -extfile aia-test.cnf \
50    -extensions ca_cert
51
52# Generate the intermediate
53CA_COMMON_NAME="AIA Test Intermediate CA" \
54  CA_DIR=out \
55  CA_NAME=aia-test-root \
56  try openssl req \
57    -new \
58    -key out/aia-test-intermediate.key \
59    -out out/aia-test-intermediate.csr \
60    -config aia-test.cnf
61
62CA_COMMON_NAME="AIA Test Intermediate CA" \
63  CA_DIR=out \
64  CA_NAME=aia-test-root \
65  try openssl ca \
66    -batch \
67    -in out/aia-test-intermediate.csr \
68    -out out/aia-test-intermediate.pem \
69    -config aia-test.cnf \
70    -extensions ca_cert
71
72# Generate the leaf
73CA_COMMON_NAME="aia-host.invalid" \
74CA_DIR=out \
75CA_NAME=aia-test-intermediate \
76try openssl req \
77  -new \
78  -key out/aia-test-cert.key \
79  -out out/aia-test-cert.csr \
80  -config aia-test.cnf
81
82CA_COMMON_NAME="AIA Test Intermediate CA" \
83  CA_DIR=out \
84  CA_NAME=aia-test-intermediate \
85  AIA_URL=http://aia-test.invalid \
86  try openssl ca \
87    -batch \
88    -in out/aia-test-cert.csr \
89    -out out/aia-test-cert.pem \
90    -config aia-test.cnf \
91    -extensions user_cert
92