generate-policy-certs.sh revision 558790d6acca3451cf3a6b497803a5f07d0bec58 
1#!/bin/sh
2
3# Copyright 2013 The Chromium Authors. All rights reserved.
4# Use of this source code is governed by a BSD-style license that can be
5# found in the LICENSE file.
6
7# This script generates a (end-entity, intermediate, root) certificate, where
8# the root has no explicit policies associated, the intermediate has multiple
9# policies, and the leaf has a single policy.
10#
11# When validating, supplying no policy OID should not result in an error.
12
13try() {
14  echo "$@"
15  $@ || exit 1
16}
17
18try rm -rf out
19try mkdir out
20
21# Create the serial number files.
22try echo 1 > out/policy-root-serial
23try echo 1 > out/policy-intermediate-serial
24
25# Create the signers' DB files.
26touch out/policy-root-index.txt
27touch out/policy-intermediate-index.txt
28
29# Generate the keys
30try openssl genrsa -out out/policy-root.key 2048
31try openssl genrsa -out out/policy-intermediate.key 2048
32try openssl genrsa -out out/policy-cert.key 2048
33
34# Generate the root certificate
35COMMON_NAME="Policy Test Root CA" \
36  CA_DIR=out \
37  CA_NAME=policy-root \
38  try openssl req \
39    -new \
40    -key out/policy-root.key \
41    -out out/policy-root.csr \
42    -config policy.cnf
43
44COMMON_NAME="Policy Test Root CA" \
45  CA_DIR=out \
46  CA_NAME=policy-root \
47  try openssl x509 \
48    -req -days 3650 \
49    -in out/policy-root.csr \
50    -out out/policy-root.pem \
51    -signkey out/policy-root.key \
52    -extfile policy.cnf \
53    -extensions ca_cert
54
55# Generate the intermediate
56COMMON_NAME="Policy Test Intermediate CA" \
57  CA_DIR=out \
58  try openssl req \
59    -new \
60    -key out/policy-intermediate.key \
61    -out out/policy-intermediate.csr \
62    -config policy.cnf
63
64COMMON_NAME="UNUSED" \
65  CA_DIR=out \
66  CA_NAME=policy-root \
67  try openssl ca \
68    -batch \
69    -in out/policy-intermediate.csr \
70    -out out/policy-intermediate.pem \
71    -config policy.cnf \
72    -extensions intermediate_cert
73
74# Generate the leaf
75COMMON_NAME="policy_test.example" \
76CA_DIR=out \
77CA_NAME=policy-intermediate \
78try openssl req \
79  -new \
80  -key out/policy-cert.key \
81  -out out/policy-cert.csr \
82  -config policy.cnf
83
84COMMON_NAME="Policy Test Intermediate CA" \
85  CA_DIR=out \
86  CA_NAME=policy-intermediate \
87  try openssl ca \
88    -batch \
89    -in out/policy-cert.csr \
90    -out out/policy-cert.pem \
91    -config policy.cnf \
92    -extensions user_cert
93
94cat out/policy-cert.pem \
95    out/policy-intermediate.pem \
96    out/policy-root.pem >../certificates/explicit-policy-chain.pem
97