]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_ssl/regressions/CreateCerts.sh
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_ssl / regressions / CreateCerts.sh
1 #!/bin/sh -e
2
3 # CreateCerts.sh
4 # Security
5 #
6 # Copyright 2011,2015 Apple, Inc. All rights reserved.
7
8 # This script may require modern version of openssl
9
10 echo "Create Certs"
11
12 #Overrride which openssl to use:
13 #OPENSSL=/opt/openssl/bin/openssl
14 OPENSSL=openssl
15
16 DIR=test-certs
17
18
19 mkdir -p $DIR
20 cd $DIR
21
22 gen_config()
23 {
24 cat >ext.conf << _EOF_
25 basicConstraints = CA:FALSE
26 _EOF_
27 }
28
29 gen_rsa_cert()
30 {
31 ${OPENSSL} req -x509 -days 14600 -nodes -subj "$2" -newkey rsa:2048 -keyout $1.Key.pem -out $1.Cert.pem
32 ${OPENSSL} rsa -outform DER -in $1.Key.pem -out $1.Key.der
33 ${OPENSSL} x509 -outform DER -in $1.Cert.pem -out $1.Cert.der
34 xxd -i $1.Key.der > $1_Key.h
35 xxd -i $1.Cert.der > $1_Cert.h
36 }
37
38 gen_ec_cert()
39 {
40 ${OPENSSL} req -x509 -days 14600 -nodes -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.pem -out $1.Cert.pem
41 ${OPENSSL} ec -outform DER -in $1.Key.pem -out $1.Key.der
42 ${OPENSSL} x509 -outform DER -in $1.Cert.pem -out $1.Cert.der
43 xxd -i $1.Key.der > $1_Key.h
44 xxd -i $1.Cert.der > $1_Cert.h
45 }
46
47
48 create_rsa_key()
49 {
50 ${OPENSSL} req -new -nodes -subj "$2" -newkey rsa:1024 -keyout $1.Key.pem -out $1.Req.pem
51 ${OPENSSL} rsa -outform DER -in $1.Key.pem -out $1.Key.der
52 xxd -i $1.Key.der > $1_Key.h
53 }
54
55 create_ec_key()
56 {
57 ${OPENSSL} req -new -nodes -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.pem -out $1.Req.pem
58 ${OPENSSL} ec -outform DER -in $1.Key.pem -out $1.Key.der
59 xxd -i $1.Key.der > $1_Key.h
60 }
61
62 sign_cert()
63 {
64 ${OPENSSL} x509 -days 14600 -req -in $1.Req.pem -CA $2.Cert.pem -CAkey $2.Key.pem -set_serial $3 -out $1.Cert.$2.pem -extfile ext.conf
65 ${OPENSSL} x509 -outform DER -in $1.Cert.$2.pem -out $1.Cert.$2.der
66 xxd -i $1.Cert.$2.der > $1_Cert_$2.h
67 }
68
69 #generate openssl config file
70 gen_config
71
72 #generate EC params
73 ${OPENSSL} ecparam -name prime256v1 -out ecparam.pem
74
75 echo "**** Generating CA keys and certs..."
76 # generate CA certs
77 gen_rsa_cert CA-RSA '/CN=SecurityTest CA Cert (RSA)'
78 gen_rsa_cert Untrusted-CA-RSA '/CN=SecurityTest CA Cert (RSA)'
79 gen_ec_cert CA-ECC '/CN=SecurityTest CA Cert (ECC)'
80
81 echo "**** Generating Server keys and csr..."
82 # generate Server keys and CSR
83 create_rsa_key ServerRSA '/OU=SecurityTests Server Cert (RSA)/CN=localhost'
84 create_ec_key ServerECC '/OU=SecurityTests Server Cert (ECC)/CN=localhost'
85
86 echo "**** Generating Client keys and csr..."
87 # generate client certs
88 create_rsa_key ClientRSA '/OU=SecurityTests Client Cert (RSA)/CN=localhost'
89 create_ec_key ClientECC '/OU=SecurityTests Client Cert (ECC)/CN=localhost'
90 create_rsa_key UntrustedClientRSA '/OU=SecurityTests Client Cert (RSA)(Untrusted)/CN=localhost'
91
92 echo "**** Signing Servers certs..."
93 sign_cert ServerRSA CA-RSA 1
94 sign_cert ServerRSA CA-ECC 2
95 sign_cert ServerECC CA-RSA 3
96 sign_cert ServerECC CA-ECC 4
97
98 echo "**** Signing Clients certs..."
99 sign_cert ClientRSA CA-RSA 1001
100 sign_cert ClientRSA CA-ECC 1002
101 sign_cert ClientECC CA-RSA 1003
102 sign_cert ClientECC CA-ECC 1004
103
104 sign_cert UntrustedClientRSA Untrusted-CA-RSA 9999
105