summaryrefslogtreecommitdiff
path: root/tests/suite/certs/create-chain.sh
blob: ce95282c9bd64345348b4e106929062d0037eeb0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#!/bin/bash

srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../../src/certtool$EXEEXT}
OUTPUT=out
TEMPLATE=tmpl

NUM=$1

if test "$NUM" = "";then
	echo "usage: $0 number"
	exit 1
fi

let LAST=`expr $NUM - 1`

rm -rf $OUTPUT
mkdir -p $OUTPUT

counter=0
while test $counter -lt $NUM; do
	if test $counter = $LAST;then
		name="server-$counter"
	else
		name="CA-$counter"
	fi
	serial=$counter

	
	$CERTTOOL --generate-privkey >$OUTPUT/$name.key 2>/dev/null
	if test $counter = 0;then
	# ROOT CA
		echo "cn = $name" >$TEMPLATE
		echo "serial = $serial" >>$TEMPLATE
		echo "ca" >>$TEMPLATE
		echo "expiration_days = -1" >>$TEMPLATE
		echo "cert_signing_key" >>$TEMPLATE
		echo "crl_signing_key" >>$TEMPLATE
		$CERTTOOL --generate-self-signed --load-privkey $OUTPUT/$name.key --outfile \
			$OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null

		echo "serial = $serial" >$TEMPLATE
		echo "expiration_days = -1" >>$TEMPLATE
		$CERTTOOL --generate-crl --load-ca-privkey $OUTPUT/$name.key --load-ca-certificate $OUTPUT/$name.crt --outfile \
			$OUTPUT/$name.crl --template $TEMPLATE 2>/dev/null
	else
		if test $counter = $LAST;then
		# END certificate
			echo "cn = $name" >$TEMPLATE
			echo "dns_name = localhost" >>$TEMPLATE
			echo "expiration_days = -1" >>$TEMPLATE
			echo "signing_key" >>$TEMPLATE
			echo "encryption_key" >>$TEMPLATE
			echo "tls_www_server" >>$TEMPLATE
			$CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
				--load-ca-certificate $OUTPUT/$prev_name.crt \
				--load-ca-privkey $OUTPUT/$prev_name.key \
				--outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
		else
		# intermediate CA
			echo "cn = $name" >$TEMPLATE
			echo "serial = $serial" >>$TEMPLATE
			echo "ca" >>$TEMPLATE
			echo "expiration_days = -1" >>$TEMPLATE
			echo "cert_signing_key" >>$TEMPLATE
			echo "signing_key" >>$TEMPLATE
			$CERTTOOL --generate-certificate --load-privkey $OUTPUT/$name.key \
				--load-ca-certificate $OUTPUT/$prev_name.crt \
				--load-ca-privkey $OUTPUT/$prev_name.key \
				--outfile $OUTPUT/$name.crt --template $TEMPLATE 2>/dev/null
		fi
	fi


	let counter=`expr $counter+1`
	prev_name=$name
done

let counter=`expr $NUM - 1`
while test $counter -ge 0; do
	if test $counter = $LAST;then
		name="server-$counter"
	else
		name="CA-$counter"
	fi

	cat $OUTPUT/$name.crt >> $OUTPUT/chain
	
	let counter=`expr $counter-1`
done
View Lorry Controller Status