xref: /curl/tests/certs/scripts/genroot.sh (revision fa69b41c) 
1#!/usr/bin/env bash
2#***************************************************************************
3#                                  _   _ ____  _
4#  Project                     ___| | | |  _ \| |
5#                             / __| | | | |_) | |
6#                            | (__| |_| |  _ <| |___
7#                             \___|\___/|_| \_\_____|
8#
9# Copyright (C) EdelWeb for EdelKey and OpenEvidence
10#
11# This software is licensed as described in the file COPYING, which
12# you should have received as part of this distribution. The terms
13# are also available at https://curl.se/docs/copyright.html.
14#
15# You may opt to use, copy, modify, merge, publish, distribute and/or sell
16# copies of the Software, and permit persons to whom the Software is
17# furnished to do so, under the terms of the COPYING file.
18#
19# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20# KIND, either express or implied.
21#
22# SPDX-License-Identifier: curl
23#
24###########################################################################
25
26# exit on first fail
27set -eu
28
29OPENSSL=openssl
30if [ -f /usr/local/ssl/bin/openssl ]; then
31  OPENSSL=/usr/local/ssl/bin/openssl
32fi
33
34USAGE='echo Usage is genroot.sh <name>'
35
36HOME=$(pwd)
37cd "$HOME"
38
39KEYSIZE=2048
40DURATION=6000
41# The -sha256 option was introduced in OpenSSL 1.0.1
42DIGESTALGO=-sha256
43
44NOTOK=
45
46PREFIX="${1:-}"
47if [ -z "$PREFIX" ]; then
48  echo 'No configuration prefix'
49  NOTOK=1
50else
51  if [ ! -f "$PREFIX-ca.prm" ]; then
52    echo "No configuration file $PREFIX-ca.prm"
53    NOTOK=1
54  fi
55fi
56
57if [ -n "$NOTOK" ]; then
58  echo 'Sorry, I cannot do that for you.'
59  $USAGE
60  exit
61fi
62
63SERIAL="$(date +'%s')${RANDOM:(-4)}"
64
65echo "SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE"
66
67set -x
68
69"$OPENSSL" genrsa -out "$PREFIX-ca.key" -passout fd:0 "$KEYSIZE" <<EOF
70pass:secret
71EOF
72"$OPENSSL" req -config "$PREFIX-ca.prm" -new -key "$PREFIX-ca.key" -out "$PREFIX-ca.csr" -passin fd:0 <<EOF
73pass:secret
74EOF
75"$OPENSSL" x509 -set_serial "$SERIAL" -extfile "$PREFIX-ca.prm" -days "$DURATION" -req -signkey "$PREFIX-ca.key" -in "$PREFIX-ca.csr" -out "$PREFIX-$SERIAL-ca.cacert" "$DIGESTALGO"
76"$OPENSSL" x509 -text -in "$PREFIX-$SERIAL-ca.cacert" -nameopt multiline > "$PREFIX-ca.cacert"
77"$OPENSSL" x509 -in "$PREFIX-ca.cacert" -outform der -out "$PREFIX-ca.der"
78"$OPENSSL" x509 -in "$PREFIX-ca.cacert" -text -nameopt multiline > "$PREFIX-ca.crt"
79"$OPENSSL" x509 -noout -text -in "$PREFIX-ca.cacert" -nameopt multiline
80# "$OPENSSL" rsa -in "../keys/$PREFIX-ca.key" -text -noout -pubout
81