190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)#!/bin/sh 290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Copyright 2013 The Chromium Authors. All rights reserved. 490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Use of this source code is governed by a BSD-style license that can be 590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# found in the LICENSE file. 690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# This script generates a set of test (end-entity, intermediate, root) 890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# certificates that can be used to test fetching of an intermediate via AIA. 990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 1090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try() { 1190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) echo "$@" 125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) "$@" || exit 1 1390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)} 1490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 1590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try rm -rf out 1690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try mkdir out 1790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 1890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Create the serial number files. 195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)try /bin/sh -c "echo 01 > out/aia-test-root-serial" 205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)try /bin/sh -c "echo 01 > out/aia-test-intermediate-serial" 2190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 2290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Create the signers' DB files. 2390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)touch out/aia-test-root-index.txt 2490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)touch out/aia-test-intermediate-index.txt 2590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 2690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Generate the keys 2790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try openssl genrsa -out out/aia-test-root.key 2048 2890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try openssl genrsa -out out/aia-test-intermediate.key 2048 2990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try openssl genrsa -out out/aia-test-cert.key 2048 3090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 3190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Generate the root certificate 3290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_COMMON_NAME="AIA Test Root CA" \ 3390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_DIR=out \ 3490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_NAME=aia-test-root \ 3590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) try openssl req \ 3690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -new \ 3790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -key out/aia-test-root.key \ 3890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -out out/aia-test-root.csr \ 3990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -config aia-test.cnf 4090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 4190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_COMMON_NAME="AIA Test Root CA" \ 4290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_DIR=out \ 4390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_NAME=aia-test-root \ 4490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) try openssl x509 \ 4590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -req -days 3650 \ 4690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -in out/aia-test-root.csr \ 4790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -out out/aia-test-root.pem \ 4890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -signkey out/aia-test-root.key \ 4990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -extfile aia-test.cnf \ 505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) -extensions ca_cert \ 515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) -text 5290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 5390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Generate the intermediate 5490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_COMMON_NAME="AIA Test Intermediate CA" \ 5590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_DIR=out \ 5690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_NAME=aia-test-root \ 5790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) try openssl req \ 5890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -new \ 5990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -key out/aia-test-intermediate.key \ 6090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -out out/aia-test-intermediate.csr \ 6190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -config aia-test.cnf 6290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 6390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_COMMON_NAME="AIA Test Intermediate CA" \ 6490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_DIR=out \ 6590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_NAME=aia-test-root \ 6690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) try openssl ca \ 6790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -batch \ 6890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -in out/aia-test-intermediate.csr \ 6990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -out out/aia-test-intermediate.pem \ 7090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -config aia-test.cnf \ 7190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -extensions ca_cert 7290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 7390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)# Generate the leaf 7490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_COMMON_NAME="aia-host.invalid" \ 7590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_DIR=out \ 7690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_NAME=aia-test-intermediate \ 7790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)try openssl req \ 7890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -new \ 7990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -key out/aia-test-cert.key \ 8090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -out out/aia-test-cert.csr \ 8190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -config aia-test.cnf 8290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) 8390dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles)CA_COMMON_NAME="AIA Test Intermediate CA" \ 8490dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_DIR=out \ 8590dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) CA_NAME=aia-test-intermediate \ 8690dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) AIA_URL=http://aia-test.invalid \ 8790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) try openssl ca \ 8890dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -batch \ 8990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -in out/aia-test-cert.csr \ 9090dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -out out/aia-test-cert.pem \ 9190dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -config aia-test.cnf \ 9290dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) -extensions user_cert 935d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 945d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)# Copy to the file names that are actually checked in. 955d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)try cp out/aia-test-cert.pem ../certificates/aia-cert.pem 965d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)try openssl x509 \ 975d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) -outform der \ 985d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) -in out/aia-test-intermediate.pem \ 995d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) -out ../certificates/aia-intermediate.der 1005d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)try cp out/aia-test-root.pem ../certificates/aia-root.pem 101