capnproto

FORK: Cap'n Proto serialization/RPC system - core tools and C++ library
git clone https://git.neptards.moe/neptards/capnproto.git
Log | Files | Refs | README | LICENSE

make-test-certs.sh (4166B)

      1 #! /bin/bash
      2 # Copyright (c) 2016 Sandstorm Development Group, Inc. and contributors
      3 # Licensed under the MIT License:
      4 #
      5 # Permission is hereby granted, free of charge, to any person obtaining a copy
      6 # of this software and associated documentation files (the "Software"), to deal
      7 # in the Software without restriction, including without limitation the rights
      8 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
      9 # copies of the Software, and to permit persons to whom the Software is
     10 # furnished to do so, subject to the following conditions:
     11 #
     12 # The above copyright notice and this permission notice shall be included in
     13 # all copies or substantial portions of the Software.
     14 #
     15 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
     16 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     17 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
     18 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
     19 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     20 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
     21 # THE SOFTWARE.
     22 
     23 # This script generates the test keys and certificates used in tls-test.c++.
     24 
     25 set -euxo pipefail
     26 
     27 mkdir -p tmp/test-certs
     28 cd tmp/test-certs
     29 
     30 # Clean up from previous runs.
     31 rm -rf demoCA *.key *.csr *.crt
     32 
     33 # Function to fake out OpenSSL CA configuration. Pass base name of files as parameter.
     34 setup_ca_dir() {
     35   rm -rf demoCA
     36   mkdir -p demoCA/private demoCA/newcerts
     37   ln -s ../../$1.key demoCA/private/cakey.pem
     38   ln -s ../$1.crt demoCA/cacert.pem
     39   touch demoCA/index.txt
     40   echo 1000 > demoCA/serial
     41 }
     42 
     43 # Create CA key and root cert
     44 openssl genrsa -out ca.key 4096
     45 openssl req -key ca.key -new -x509 -days 36500 -sha256 -extensions v3_ca -out ca.crt << EOF
     46 US
     47 California
     48 Palo Alto
     49 Sandstorm.io
     50 Testing Department
     51 ca.example.com
     52 garply@sandstorm.io
     53 EOF
     54 echo
     55 
     56 # Create intermediate certificate and CSR.
     57 openssl genrsa -out int.key 4096
     58 openssl req -new -sha256 -key int.key -out int.csr << EOF
     59 US
     60 California
     61 Palo Alto
     62 Sandstorm.io
     63 Testing Department
     64 int-ca.example.com
     65 garply@sandstorm.io
     66 
     67 
     68 EOF
     69 echo
     70 
     71 # Sign the intermediate cert with the CA key.
     72 setup_ca_dir ca
     73 openssl ca -extensions v3_ca -days 36500 -notext -md sha256 -in int.csr -out int.crt << EOF
     74 y
     75 y
     76 EOF
     77 cat ca.crt int.crt > ca-chain.crt
     78 
     79 # Create host key and CSR
     80 openssl genrsa -out example.key 4096
     81 openssl req -new -sha256 -key example.key -out example.csr << EOF
     82 US
     83 California
     84 Palo Alto
     85 Sandstorm.io
     86 Testing Department
     87 example.com
     88 garply@sandstorm.io
     89 
     90 
     91 EOF
     92 echo
     93 
     94 # Sign valid host certificate with intermediate CA.
     95 setup_ca_dir int
     96 openssl ca -extensions v3_ca -days 36524 -notext -md sha256 -in example.csr -out valid.crt << EOF
     97 y
     98 y
     99 EOF
    100 
    101 # Sign expired host certificate with intermediate CA.
    102 setup_ca_dir int
    103 openssl ca -extensions v3_ca -startdate 160101000000Z -enddate 160101000000Z -notext -md sha256 -in example.csr -out expired.crt << EOF
    104 y
    105 y
    106 EOF
    107 
    108 # Create alternate host key and CSR
    109 openssl genrsa -out example2.key 4096
    110 openssl req -new -sha256 -key example2.key -out example2.csr << EOF
    111 US
    112 California
    113 Palo Alto
    114 Sandstorm.io
    115 Testing Department
    116 example.net
    117 garply@sandstorm.io
    118 
    119 
    120 EOF
    121 echo
    122 
    123 # Sign valid host certificate with intermediate CA.
    124 setup_ca_dir int
    125 openssl ca -extensions v3_ca -days 36524 -notext -md sha256 -in example2.csr -out valid2.crt << EOF
    126 y
    127 y
    128 EOF
    129 
    130 # Create self-signed host certificate.
    131 openssl req -key example.key -new -x509 -days 36524 -sha256 -out self.crt << EOF
    132 US
    133 California
    134 Palo Alto
    135 Sandstorm.io
    136 Testing Department
    137 example.com
    138 garply@sandstorm.io
    139 EOF
    140 echo
    141 
    142 # Cleanup
    143 rm -rf demoCA
    144 
    145 # Output code.
    146 write_constant() {
    147   echo "static constexpr char $1[] ="
    148   sed -e 's/^.*$/    "\0\\n"/g;s/--END .*$/\0;/g' $2
    149   echo
    150 }
    151 
    152 echo "Writing code to: tmp/test-certs/test-keys.h"
    153 
    154 exec 1> test-keys.h
    155 write_constant CA_CERT ca.crt
    156 write_constant INTERMEDIATE_CERT int.crt
    157 write_constant HOST_KEY example.key
    158 write_constant VALID_CERT valid.crt
    159 write_constant HOST_KEY2 example2.key
    160 write_constant VALID_CERT2 valid2.crt
    161 write_constant EXPIRED_CERT expired.crt
    162 write_constant SELF_SIGNED_CERT self.crt