]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/sslScripts/openssl/makeOpensslCert
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / sslScripts / openssl / makeOpensslCert
1 #!/bin/csh
2 # generate keys, certs, and keychains via openssl
3 #
4 set ALG=none
5 if( $#argv != 1 ) then
6 echo Usage: makeOpensslCert rsa\|dsa
7 exit(1)
8 endif
9 while ( $#argv > 0 )
10 switch ( "$argv[1]" )
11 case rsa:
12 set ALG=rsa
13 shift
14 breaksw
15 case dsa:
16 set ALG=dsa
17 shift
18 breaksw
19 default:
20 echo Usage: makeOpensslCert rsa\|dsa
21 exit(1)
22 endsw
23 end
24
25 # file name arguments
26 set CSR_FILE=os"$ALG"cert.csr
27 set PRIV_KEY_ENCR=os"$ALG"privkey.pem
28 set PRIV_RAW_KEY_PEM=os"$ALG"rawprivkey.pem
29 set CERT_FILE_PEM=os"$ALG"cert.pem
30 set CERT_FILE_DER=os"$ALG"cert.der
31 set GEN_INPUT=opensslReqInput
32 set KC_NAME=os"$ALG"cert
33
34 set REQ_PASSWD=foobar
35 set RSA_KEY_SIZE=1024
36 set DSA_PARAMS=osdsaparam.der
37
38 set KC_DIR=$HOME/Library/Keychains
39
40 set ALL_FILES_TBD="$CSR_FILE $PRIV_KEY_ENCR $PRIV_RAW_KEY_PEM $CERT_FILE_PEM $CERT_FILE_DER"
41
42 set ALL_FILES_TBD="$ALL_FILES_TBD"
43
44 #
45 # clean out and start from scratch
46 #
47 echo deleting $KC_NAME from Library/Keychains
48 (cd $KC_DIR; rm -f $KC_NAME)
49 set cmd="rm -f $ALL_FILES_TBD"
50 echo $cmd
51 $cmd || exit(1)
52
53 echo "########################################"
54 echo "# 1. Create private signing key and CSR."
55 echo "########################################"
56 if($ALG == dsa) then
57 set KEY_ARGS="dsa:$DSA_PARAMS"
58 else
59 set KEY_ARGS="rsa:$RSA_KEY_SIZE"
60 endif
61
62 set cmd="openssl req -new -passin pass:$REQ_PASSWD -passout pass:$REQ_PASSWD -newkey $KEY_ARGS -keyform PEM -keyout $PRIV_KEY_ENCR"
63 echo $cmd \> $CSR_FILE \< $GEN_INPUT
64 $cmd > $CSR_FILE < $GEN_INPUT || exit(1)
65 echo ...$PRIV_KEY_ENCR contains encrypted signing key in PEM format.
66
67 echo "########################################"
68 echo "# 2. Remove the passphrase from the key."
69 echo "########################################"
70 set cmd="openssl $ALG -in $PRIV_KEY_ENCR -out $PRIV_RAW_KEY_PEM -passin pass:$REQ_PASSWD"
71 echo $cmd
72 $cmd || exit(1)
73 echo ...$PRIV_RAW_KEY_PEM contains raw signing key in PEM format.
74
75 echo "########################################"
76 echo "# 3. Convert request into signed cert."
77 echo "########################################"
78 set cmd="openssl x509 -in $CSR_FILE -out $CERT_FILE_PEM -req -signkey $PRIV_RAW_KEY_PEM -days 365"
79 echo $cmd
80 $cmd || exit(1)
81 echo ...$CERT_FILE_PEM contains signing cert in PEM format.
82
83 echo "##################################################"
84 echo "# 4. convert cert to DER form for use by sslViewer"
85 echo "##################################################"
86 set cmd="openssl x509 -inform PEM -outform DER -in $CERT_FILE_PEM -out $CERT_FILE_DER"
87 echo $cmd
88 $cmd || exit(1)
89 echo ...$CERT_FILE_DER contains cert in DER format.
90
91 echo "##################################################"
92 echo "# 4. Import cert and private key into keychain"
93 echo "##################################################"
94 set cmd="certtool i $CERT_FILE_PEM k=$KC_NAME c p=$KC_NAME r=$PRIV_RAW_KEY_PEM"
95 echo $cmd
96 $cmd || exit(1)
97
98 echo "############"
99 echo "# FINISHED #"
100 echo "############"
101
mirror of Security