summaryrefslogtreecommitdiff
path: root/tests/suite/certs/create-chain.sh
blob: 53f6087f37f8fcda1e37344233443bf8b74b5e0c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

#!/bin/sh

CERTTOOL="${CERTTOOL:-../../../src/certtool${EXEEXT}}"
OUTPUT=out
TEMPLATE=tmpl

NUM="$1"

if test "${NUM}" = "";then
  echo "usage: $0 number"
  exit 1
fi

LAST=`expr ${NUM} - 1`

rm -rf "${OUTPUT}"
mkdir -p "${OUTPUT}"

counter=0
while test ${counter} -lt ${NUM}; do
  if test ${counter} = ${LAST};then
    name="server-${counter}"
  else
    name="CA-${counter}"
  fi
  serial="${counter}"

  
  "${CERTTOOL}" --generate-privkey >"${OUTPUT}/${name}.key" 2>/dev/null
  if test ${counter} = 0;then
  # ROOT CA
    echo "cn = ${name}" >"${TEMPLATE}"
    echo "serial = ${serial}" >>"${TEMPLATE}"
    echo "ca" >>"${TEMPLATE}"
    echo "expiration_days = -1" >>"${TEMPLATE}"
    echo "cert_signing_key" >>"${TEMPLATE}"
    echo "ocsp_signing_key" >>"${TEMPLATE}"
    echo "crl_signing_key" >>"${TEMPLATE}"
    "${CERTTOOL}" --generate-self-signed --load-privkey "${OUTPUT}/${name}.key" --outfile \
      "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null

    echo "serial = ${serial}" >"${TEMPLATE}"
    echo "expiration_days = -1" >>"${TEMPLATE}"
    "${CERTTOOL}" --generate-crl --load-ca-privkey "${OUTPUT}/${name}.key" --load-ca-certificate "${OUTPUT}/${name}.crt" --outfile \
      "${OUTPUT}/${name}.crl" --template "${TEMPLATE}" 2>/dev/null
  else
    if test ${counter} = ${LAST};then
    # END certificate
      echo "cn = ${name}" >"${TEMPLATE}"
      echo "dns_name = localhost" >>"${TEMPLATE}"
      echo "expiration_days = -1" >>"${TEMPLATE}"
      echo "signing_key" >>"${TEMPLATE}"
      echo "encryption_key" >>"${TEMPLATE}"
      echo "ocsp_signing_key" >>"${TEMPLATE}"
      "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
        --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
        --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
        --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
    else
    # intermediate CA
      echo "cn = ${name}" >"${TEMPLATE}"
      echo "serial = ${serial}" >>"${TEMPLATE}"
      echo "ca" >>"${TEMPLATE}"
      echo "expiration_days = -1" >>"${TEMPLATE}"
      echo "ocsp_signing_key" >>"${TEMPLATE}"
      echo "cert_signing_key" >>"${TEMPLATE}"
      echo "signing_key" >>"${TEMPLATE}"
      "${CERTTOOL}" --generate-certificate --load-privkey "${OUTPUT}/${name}.key" \
        --load-ca-certificate "${OUTPUT}/${prev_name}.crt" \
        --load-ca-privkey "${OUTPUT}/${prev_name}.key" \
        --outfile "${OUTPUT}/${name}.crt" --template "${TEMPLATE}" 2>/dev/null
    fi
  fi


  counter=`expr ${counter} + 1`
  prev_name=${name}
done

counter=`expr ${NUM} - 1`
while test ${counter} -ge 0; do
  if test ${counter} = ${LAST};then
    name="server-${counter}"
  else
    name="CA-${counter}"
  fi

  cat "${OUTPUT}/${name}.crt" >> "${OUTPUT}/chain"
  
  counter=`expr ${counter} - 1`
done
View Lorry Controller Status