+++ /dev/null
-#!/bin/csh
-# generate keys, certs, and keychains via openssl
-#
-set ALG=none
-if( $#argv != 1 ) then
- echo Usage: makeOpensslCert rsa\|dsa
- exit(1)
-endif
-while ( $#argv > 0 )
- switch ( "$argv[1]" )
- case rsa:
- set ALG=rsa
- shift
- breaksw
- case dsa:
- set ALG=dsa
- shift
- breaksw
- default:
- echo Usage: makeOpensslCert rsa\|dsa
- exit(1)
- endsw
-end
-
-# file name arguments
-set CSR_FILE=os"$ALG"cert.csr
-set PRIV_KEY_ENCR=os"$ALG"privkey.pem
-set PRIV_RAW_KEY_PEM=os"$ALG"rawprivkey.pem
-set CERT_FILE_PEM=os"$ALG"cert.pem
-set CERT_FILE_DER=os"$ALG"cert.der
-set GEN_INPUT=opensslReqInput
-set KC_NAME=os"$ALG"cert
-
-set REQ_PASSWD=foobar
-set RSA_KEY_SIZE=1024
-set DSA_PARAMS=osdsaparam.der
-
-set KC_DIR=$HOME/Library/Keychains
-
-set ALL_FILES_TBD="$CSR_FILE $PRIV_KEY_ENCR $PRIV_RAW_KEY_PEM $CERT_FILE_PEM $CERT_FILE_DER"
-
-set ALL_FILES_TBD="$ALL_FILES_TBD"
-
-#
-# clean out and start from scratch
-#
-echo deleting $KC_NAME from Library/Keychains
-(cd $KC_DIR; rm -f $KC_NAME)
-set cmd="rm -f $ALL_FILES_TBD"
-echo $cmd
-$cmd || exit(1)
-
-echo "########################################"
-echo "# 1. Create private signing key and CSR."
-echo "########################################"
-if($ALG == dsa) then
- set KEY_ARGS="dsa:$DSA_PARAMS"
-else
- set KEY_ARGS="rsa:$RSA_KEY_SIZE"
-endif
-
-set cmd="openssl req -new -passin pass:$REQ_PASSWD -passout pass:$REQ_PASSWD -newkey $KEY_ARGS -keyform PEM -keyout $PRIV_KEY_ENCR"
-echo $cmd \> $CSR_FILE \< $GEN_INPUT
-$cmd > $CSR_FILE < $GEN_INPUT || exit(1)
-echo ...$PRIV_KEY_ENCR contains encrypted signing key in PEM format.
-
-echo "########################################"
-echo "# 2. Remove the passphrase from the key."
-echo "########################################"
-set cmd="openssl $ALG -in $PRIV_KEY_ENCR -out $PRIV_RAW_KEY_PEM -passin pass:$REQ_PASSWD"
-echo $cmd
-$cmd || exit(1)
-echo ...$PRIV_RAW_KEY_PEM contains raw signing key in PEM format.
-
-echo "########################################"
-echo "# 3. Convert request into signed cert."
-echo "########################################"
-set cmd="openssl x509 -in $CSR_FILE -out $CERT_FILE_PEM -req -signkey $PRIV_RAW_KEY_PEM -days 365"
-echo $cmd
-$cmd || exit(1)
-echo ...$CERT_FILE_PEM contains signing cert in PEM format.
-
-echo "##################################################"
-echo "# 4. convert cert to DER form for use by sslViewer"
-echo "##################################################"
-set cmd="openssl x509 -inform PEM -outform DER -in $CERT_FILE_PEM -out $CERT_FILE_DER"
-echo $cmd
-$cmd || exit(1)
-echo ...$CERT_FILE_DER contains cert in DER format.
-
-echo "##################################################"
-echo "# 4. Import cert and private key into keychain"
-echo "##################################################"
-set cmd="certtool i $CERT_FILE_PEM k=$KC_NAME c p=$KC_NAME r=$PRIV_RAW_KEY_PEM"
-echo $cmd
-$cmd || exit(1)
-
-echo "############"
-echo "# FINISHED #"
-echo "############"
-
projects / apple / security.git / blobdiff