[apple/security.git] / OSX / libsecurity_ssl / regressions / CreateCerts.sh

#!/bin/sh -e

#  CreateCerts.sh
#  Security
#
#  Copyright 2011,2015 Apple, Inc. All rights reserved.

# This script may require modern version of openssl 

echo "Create Certs"

#Overrride which openssl to use:
#OPENSSL=/opt/openssl/bin/openssl
OPENSSL=openssl

DIR=test-certs


mkdir -p $DIR
cd $DIR

gen_config()
{
    cat >ext.conf << _EOF_
  basicConstraints            = CA:FALSE
_EOF_
}

gen_rsa_cert()
{
    ${OPENSSL} req -x509 -days 14600 -nodes -subj "$2"  -newkey rsa:2048 -keyout $1.Key.pem -out $1.Cert.pem
    ${OPENSSL} rsa -outform DER -in $1.Key.pem -out $1.Key.der
    ${OPENSSL} x509 -outform DER -in $1.Cert.pem -out $1.Cert.der
    xxd -i $1.Key.der > $1_Key.h
    xxd -i $1.Cert.der > $1_Cert.h
}

gen_ec_cert()
{
    ${OPENSSL} req -x509 -days 14600 -nodes -subj "$2"  -newkey ec:ecparam.pem -keyout $1.Key.pem -out $1.Cert.pem
    ${OPENSSL} ec -outform DER -in $1.Key.pem -out $1.Key.der
    ${OPENSSL} x509 -outform DER -in $1.Cert.pem -out $1.Cert.der
    xxd -i $1.Key.der > $1_Key.h
    xxd -i $1.Cert.der > $1_Cert.h
}


create_rsa_key()
{
    ${OPENSSL} req -new -nodes -subj "$2" -newkey rsa:1024 -keyout $1.Key.pem -out $1.Req.pem
    ${OPENSSL} rsa -outform DER -in $1.Key.pem -out $1.Key.der
    xxd -i $1.Key.der > $1_Key.h
}

create_ec_key()
{
    ${OPENSSL} req -new -nodes -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.pem -out $1.Req.pem
    ${OPENSSL} ec -outform DER -in $1.Key.pem -out $1.Key.der
    xxd -i $1.Key.der > $1_Key.h
}

sign_cert()
{
    ${OPENSSL} x509 -days 14600 -req -in $1.Req.pem -CA $2.Cert.pem -CAkey $2.Key.pem -set_serial $3 -out $1.Cert.$2.pem -extfile ext.conf
    ${OPENSSL} x509 -outform DER -in $1.Cert.$2.pem -out $1.Cert.$2.der
    xxd -i $1.Cert.$2.der > $1_Cert_$2.h
}

#generate openssl config file
gen_config

#generate EC params
${OPENSSL} ecparam -name prime256v1 -out ecparam.pem

echo "**** Generating CA keys and certs..."
# generate CA certs
gen_rsa_cert CA-RSA '/CN=SecurityTest CA Cert (RSA)'
gen_rsa_cert Untrusted-CA-RSA '/CN=SecurityTest CA Cert (RSA)'
gen_ec_cert CA-ECC '/CN=SecurityTest CA Cert (ECC)'

echo "**** Generating Server keys and csr..."
# generate Server keys and CSR
create_rsa_key ServerRSA '/OU=SecurityTests Server Cert (RSA)/CN=localhost'
create_ec_key ServerECC '/OU=SecurityTests Server Cert (ECC)/CN=localhost'

echo "**** Generating Client keys and csr..."
# generate client certs
create_rsa_key ClientRSA '/OU=SecurityTests Client Cert (RSA)/CN=localhost'
create_ec_key ClientECC '/OU=SecurityTests Client Cert (ECC)/CN=localhost'
create_rsa_key UntrustedClientRSA '/OU=SecurityTests Client Cert (RSA)(Untrusted)/CN=localhost'

echo "**** Signing Servers certs..."
sign_cert ServerRSA CA-RSA 1
sign_cert ServerRSA CA-ECC 2
sign_cert ServerECC CA-RSA 3
sign_cert ServerECC CA-ECC 4

echo "**** Signing Clients certs..."
sign_cert ClientRSA CA-RSA 1001
sign_cert ClientRSA CA-ECC 1002
sign_cert ClientECC CA-RSA 1003
sign_cert ClientECC CA-ECC 1004

sign_cert UntrustedClientRSA Untrusted-CA-RSA 9999
Commit	Line	Data
5c19dc3a A	1	#!/bin/sh -e
	2
	3	# CreateCerts.sh
	4	# Security
	5	#
	6	# Copyright 2011,2015 Apple, Inc. All rights reserved.
	7
	8	# This script may require modern version of openssl
	9
	10	echo "Create Certs"
	11
	12	#Overrride which openssl to use:
	13	#OPENSSL=/opt/openssl/bin/openssl
	14	OPENSSL=openssl
	15
	16	DIR=test-certs
	17
	18
	19	mkdir -p $DIR
	20	cd $DIR
	21
	22	gen_config()
	23	{
	24	cat >ext.conf << _EOF_
	25	basicConstraints = CA:FALSE
	26	_EOF_
	27	}
	28
	29	gen_rsa_cert()
	30	{
	31	${OPENSSL} req -x509 -days 14600 -nodes -subj "$2" -newkey rsa:2048 -keyout $1.Key.pem -out $1.Cert.pem
	32	${OPENSSL} rsa -outform DER -in $1.Key.pem -out $1.Key.der
	33	${OPENSSL} x509 -outform DER -in $1.Cert.pem -out $1.Cert.der
	34	xxd -i $1.Key.der > $1_Key.h
	35	xxd -i $1.Cert.der > $1_Cert.h
	36	}
	37
	38	gen_ec_cert()
	39	{
	40	${OPENSSL} req -x509 -days 14600 -nodes -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.pem -out $1.Cert.pem
	41	${OPENSSL} ec -outform DER -in $1.Key.pem -out $1.Key.der
	42	${OPENSSL} x509 -outform DER -in $1.Cert.pem -out $1.Cert.der
	43	xxd -i $1.Key.der > $1_Key.h
	44	xxd -i $1.Cert.der > $1_Cert.h
	45	}
	46
	47
	48	create_rsa_key()
	49	{
	50	${OPENSSL} req -new -nodes -subj "$2" -newkey rsa:1024 -keyout $1.Key.pem -out $1.Req.pem
	51	${OPENSSL} rsa -outform DER -in $1.Key.pem -out $1.Key.der
	52	xxd -i $1.Key.der > $1_Key.h
	53	}
	54
	55	create_ec_key()
	56	{
	57	${OPENSSL} req -new -nodes -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.pem -out $1.Req.pem
	58	${OPENSSL} ec -outform DER -in $1.Key.pem -out $1.Key.der
	59	xxd -i $1.Key.der > $1_Key.h
	60	}
	61
	62	sign_cert()
	63	{
	64	${OPENSSL} x509 -days 14600 -req -in $1.Req.pem -CA $2.Cert.pem -CAkey $2.Key.pem -set_serial $3 -out $1.Cert.$2.pem -extfile ext.conf
65	${OPENSSL} x509 -outform DER -in $1.Cert.$2.pem -out $1.Cert.$2.der
66	xxd -i $1.Cert.$2.der > $1_Cert_$2.h
67	}
68
69	#generate openssl config file
70	gen_config
71
72	#generate EC params
73	${OPENSSL} ecparam -name prime256v1 -out ecparam.pem
74
75	echo "**** Generating CA keys and certs..."
76	# generate CA certs
77	gen_rsa_cert CA-RSA '/CN=SecurityTest CA Cert (RSA)'
78	gen_rsa_cert Untrusted-CA-RSA '/CN=SecurityTest CA Cert (RSA)'
79	gen_ec_cert CA-ECC '/CN=SecurityTest CA Cert (ECC)'
80
81	echo "**** Generating Server keys and csr..."
82	# generate Server keys and CSR
83	create_rsa_key ServerRSA '/OU=SecurityTests Server Cert (RSA)/CN=localhost'
84	create_ec_key ServerECC '/OU=SecurityTests Server Cert (ECC)/CN=localhost'
85
86	echo "**** Generating Client keys and csr..."
87	# generate client certs
88	create_rsa_key ClientRSA '/OU=SecurityTests Client Cert (RSA)/CN=localhost'
89	create_ec_key ClientECC '/OU=SecurityTests Client Cert (ECC)/CN=localhost'
90	create_rsa_key UntrustedClientRSA '/OU=SecurityTests Client Cert (RSA)(Untrusted)/CN=localhost'
91
92	echo "**** Signing Servers certs..."
93	sign_cert ServerRSA CA-RSA 1
94	sign_cert ServerRSA CA-ECC 2
95	sign_cert ServerECC CA-RSA 3
96	sign_cert ServerECC CA-ECC 4
97
98	echo "**** Signing Clients certs..."
99	sign_cert ClientRSA CA-RSA 1001
100	sign_cert ClientRSA CA-ECC 1002
101	sign_cert ClientECC CA-RSA 1003
102	sign_cert ClientECC CA-ECC 1004
103
104	sign_cert UntrustedClientRSA Untrusted-CA-RSA 9999
105