projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| d8f41ccd A |
1 | #!/bin/csh |
| 2 | # generate keys, certs, and keychains via openssl | |
| 3 | # | |
| 4 | set ALG=none | |
| 5 | if( $#argv != 1 ) then | |
| 6 | echo Usage: makeOpensslCert rsa\|dsa | |
| 7 | exit(1) | |
| 8 | endif | |
| 9 | while ( $#argv > 0 ) | |
| 10 | switch ( "$argv[1]" ) | |
| 11 | case rsa: | |
| 12 | set ALG=rsa | |
| 13 | shift | |
| 14 | breaksw | |
| 15 | case dsa: | |
| 16 | set ALG=dsa | |
| 17 | shift | |
| 18 | breaksw | |
| 19 | default: | |
| 20 | echo Usage: makeOpensslCert rsa\|dsa | |
| 21 | exit(1) | |
| 22 | endsw | |
| 23 | end | |
| 24 | ||
| 25 | # file name arguments | |
| 26 | set CSR_FILE=os"$ALG"cert.csr | |
| 27 | set PRIV_KEY_ENCR=os"$ALG"privkey.pem | |
| 28 | set PRIV_RAW_KEY_PEM=os"$ALG"rawprivkey.pem | |
| 29 | set CERT_FILE_PEM=os"$ALG"cert.pem | |
| 30 | set CERT_FILE_DER=os"$ALG"cert.der | |
| 31 | set GEN_INPUT=opensslReqInput | |
| 32 | set KC_NAME=os"$ALG"cert | |
| 33 | ||
| 34 | set REQ_PASSWD=foobar | |
| 35 | set RSA_KEY_SIZE=1024 | |
| 36 | set DSA_PARAMS=osdsaparam.der | |
| 37 | ||
| 38 | set KC_DIR=$HOME/Library/Keychains | |
| 39 | ||
| 40 | set ALL_FILES_TBD="$CSR_FILE $PRIV_KEY_ENCR $PRIV_RAW_KEY_PEM $CERT_FILE_PEM $CERT_FILE_DER" | |
| 41 | ||
| 42 | set ALL_FILES_TBD="$ALL_FILES_TBD" | |
| 43 | ||
| 44 | # | |
| 45 | # clean out and start from scratch | |
| 46 | # | |
| 47 | echo deleting $KC_NAME from Library/Keychains | |
| 48 | (cd $KC_DIR; rm -f $KC_NAME) | |
| 49 | set cmd="rm -f $ALL_FILES_TBD" | |
| 50 | echo $cmd | |
| 51 | $cmd || exit(1) | |
| 52 | ||
| 53 | echo "########################################" | |
| 54 | echo "# 1. Create private signing key and CSR." | |
| 55 | echo "########################################" | |
| 56 | if($ALG == dsa) then | |
| 57 | set KEY_ARGS="dsa:$DSA_PARAMS" | |
| 58 | else | |
| 59 | set KEY_ARGS="rsa:$RSA_KEY_SIZE" | |
| 60 | endif | |
| 61 | ||
| 62 | set cmd="openssl req -new -passin pass:$REQ_PASSWD -passout pass:$REQ_PASSWD -newkey $KEY_ARGS -keyform PEM -keyout $PRIV_KEY_ENCR" | |
| 63 | echo $cmd \> $CSR_FILE \< $GEN_INPUT | |
| 64 | $cmd > $CSR_FILE < $GEN_INPUT || exit(1) | |
| 65 | echo ...$PRIV_KEY_ENCR contains encrypted signing key in PEM format. | |
| 66 | ||
| 67 | echo "########################################" | |
| 68 | echo "# 2. Remove the passphrase from the key." | |
| 69 | echo "########################################" | |
| 70 | set cmd="openssl $ALG -in $PRIV_KEY_ENCR -out $PRIV_RAW_KEY_PEM -passin pass:$REQ_PASSWD" | |
| 71 | echo $cmd | |
| 72 | $cmd || exit(1) | |
| 73 | echo ...$PRIV_RAW_KEY_PEM contains raw signing key in PEM format. | |
| 74 | ||
| 75 | echo "########################################" | |
| 76 | echo "# 3. Convert request into signed cert." | |
| 77 | echo "########################################" | |
| 78 | set cmd="openssl x509 -in $CSR_FILE -out $CERT_FILE_PEM -req -signkey $PRIV_RAW_KEY_PEM -days 365" | |
| 79 | echo $cmd | |
| 80 | $cmd || exit(1) | |
| 81 | echo ...$CERT_FILE_PEM contains signing cert in PEM format. | |
| 82 | ||
| 83 | echo "##################################################" | |
| 84 | echo "# 4. convert cert to DER form for use by sslViewer" | |
| 85 | echo "##################################################" | |
| 86 | set cmd="openssl x509 -inform PEM -outform DER -in $CERT_FILE_PEM -out $CERT_FILE_DER" | |
| 87 | echo $cmd | |
| 88 | $cmd || exit(1) | |
| 89 | echo ...$CERT_FILE_DER contains cert in DER format. | |
| 90 | ||
| 91 | echo "##################################################" | |
| 92 | echo "# 4. Import cert and private key into keychain" | |
| 93 | echo "##################################################" | |
| 94 | set cmd="certtool i $CERT_FILE_PEM k=$KC_NAME c p=$KC_NAME r=$PRIV_RAW_KEY_PEM" | |
| 95 | echo $cmd | |
| 96 | $cmd || exit(1) | |
| 97 | ||
| 98 | echo "############" | |
| 99 | echo "# FINISHED #" | |
| 100 | echo "############" | |
| 101 |