]>
git.saurik.com Git - apple/security.git/blob - SecurityTests/CreateCerts.sh
6 # Created by Fabrice Gautier on 6/7/11.
7 # Copyright 2011 Apple, Inc. All rights reserved.
12 #Overrride which openssl to use:
14 #OPENSSL=/usr/bin/openssl
16 #OPENSSL=/opt/local/bin/openssl
18 OPENSSL
=/usr
/local
/ssl
/bin
/openssl
20 #Override which gnutls-certtool to use:
22 #GNUTLS_CERTTOOL=/opt/local/gnutls-certtool
24 GNUTLS_CERTTOOL
=/usr
/local
/bin
/certtool
33 ${OPENSSL} ecparam
-name secp256k1
-out ecparam.pem
35 echo "**** Generating CA keys and certs..."
37 ${OPENSSL} req
-x509 -nodes -days 365 -subj '/CN=SecurityTest CA Cert (RSA)' -newkey rsa
:1024 -keyout CAKey.rsa.pem
-out CACert.rsa.pem
38 ${OPENSSL} req
-x509 -nodes -days 365 -subj '/CN=SecurityTest CA Cert (ECC)' -newkey ec
:ecparam.pem
-keyout CAKey.ecc.pem
-out CACert.ecc.pem
40 echo "**** Generating Server keys and csr..."
41 # generate Server EC key
42 ${GNUTLS_CERTTOOL} -p --ecc --sec-param high
--outfile ServerKey.ecc.pem
44 # generate Server certs
45 ${OPENSSL} req
-new -nodes -days 365 -subj '/CN=SecurityTests Server Cert (RSA)' -newkey rsa
:1024 -keyout ServerKey.rsa.pem
-out ServerReq.rsa.pem
46 ${OPENSSL} req
-new -nodes -days 365 -subj '/CN=SecurityTests Server Cert (ECC)' -key ServerKey.ecc.pem
-out ServerReq.ecc.pem
48 echo "**** Generating Client keys and csr..."
49 # generate Client EC key
50 ${GNUTLS_CERTTOOL} -p --ecc --sec-param high
--outfile ClientKey.ecc.pem
52 # generate client certs
53 ${OPENSSL} req
-new -nodes -days 365 -subj '/CN=SecurityTests Client Cert (RSA)' -newkey rsa
:1024 -keyout ClientKey.rsa.pem
-out ClientReq.rsa.pem
54 ${OPENSSL} req
-new -nodes -days 365 -subj '/CN=SecurityTests Client Cert (ECC)' -key ClientKey.ecc.pem
-out ClientReq.ecc.pem
56 echo "**** Signing Servers certs..."
58 ${OPENSSL} x509
-req -in ServerReq.rsa.pem
-CA CACert.rsa.pem
-CAkey CAKey.rsa.pem
-set_serial 1 -out ServerCert.rsa.rsa.pem
59 ${OPENSSL} x509
-req -in ServerReq.rsa.pem
-CA CACert.ecc.pem
-CAkey CAKey.ecc.pem
-set_serial 2 -out ServerCert.rsa.ecc.pem
60 ${OPENSSL} x509
-req -in ServerReq.ecc.pem
-CA CACert.rsa.pem
-CAkey CAKey.rsa.pem
-set_serial 3 -out ServerCert.ecc.rsa.pem
61 ${OPENSSL} x509
-req -in ServerReq.ecc.pem
-CA CACert.ecc.pem
-CAkey CAKey.ecc.pem
-set_serial 4 -out ServerCert.ecc.ecc.pem
63 echo "**** Signing Clients certs..."
64 ${OPENSSL} x509
-req -in ClientReq.rsa.pem
-CA CACert.rsa.pem
-CAkey CAKey.rsa.pem
-set_serial 1001 -out ClientCert.rsa.rsa.pem
65 ${OPENSSL} x509
-req -in ClientReq.rsa.pem
-CA CACert.ecc.pem
-CAkey CAKey.ecc.pem
-set_serial 1002 -out ClientCert.rsa.ecc.pem
66 ${OPENSSL} x509
-req -in ClientReq.ecc.pem
-CA CACert.rsa.pem
-CAkey CAKey.rsa.pem
-set_serial 1003 -out ClientCert.ecc.rsa.pem
67 ${OPENSSL} x509
-req -in ClientReq.ecc.pem
-CA CACert.ecc.pem
-CAkey CAKey.ecc.pem
-set_serial 1004 -out ClientCert.ecc.ecc.pem
70 #export client keys and cert into .h
72 ${OPENSSL} ec
-outform DER
-in ClientKey.ecc.pem
-out ClientKey.ecc.der
73 ${OPENSSL} rsa
-outform DER
-in ClientKey.rsa.pem
-out ClientKey.rsa.der
75 xxd
-i ClientKey.ecc.der
> ClientKey_ecc.h
76 xxd
-i ClientKey.rsa.der
> ClientKey_rsa.h
78 ${OPENSSL} x509
-outform DER
-in ClientCert.rsa.rsa.pem
-out ClientCert.rsa.rsa.der
79 ${OPENSSL} x509
-outform DER
-in ClientCert.rsa.ecc.pem
-out ClientCert.rsa.ecc.der
80 ${OPENSSL} x509
-outform DER
-in ClientCert.ecc.rsa.pem
-out ClientCert.ecc.rsa.der
81 ${OPENSSL} x509
-outform DER
-in ClientCert.ecc.ecc.pem
-out ClientCert.ecc.ecc.der
83 xxd
-i ClientCert.rsa.rsa.der
> ClientCert_rsa_rsa.h
84 xxd
-i ClientCert.rsa.ecc.der
> ClientCert_rsa_ecc.h
85 xxd
-i ClientCert.ecc.rsa.der
> ClientCert_ecc_rsa.h
86 xxd
-i ClientCert.ecc.ecc.der
> ClientCert_ecc_ecc.h
projects / apple / security.git / blob