]>
Commit | Line | Data |
---|---|---|
d02b48c6 RE |
1 | #!/bin/sh |
2 | ||
62d27939 AP |
3 | digest='-sha1' |
4 | reqcmd="../util/shlib_wrap.sh ../apps/openssl req" | |
5 | x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" | |
6 | verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" | |
56f74f2e | 7 | dummycnf="../apps/openssl.cnf" |
d02b48c6 RE |
8 | |
9 | CAkey="keyCA.ss" | |
10 | CAcert="certCA.ss" | |
11 | CAreq="reqCA.ss" | |
12 | CAconf="CAss.cnf" | |
13 | CAreq2="req2CA.ss" # temp | |
14 | ||
15 | Uconf="Uss.cnf" | |
16 | Ukey="keyU.ss" | |
17 | Ureq="reqU.ss" | |
18 | Ucert="certU.ss" | |
19 | ||
6951c23a RL |
20 | P1conf="P1ss.cnf" |
21 | P1key="keyP1.ss" | |
22 | P1req="reqP1.ss" | |
23 | P1cert="certP1.ss" | |
24 | P1intermediate="tmp_intP1.ss" | |
25 | ||
26 | P2conf="P2ss.cnf" | |
27 | P2key="keyP2.ss" | |
28 | P2req="reqP2.ss" | |
29 | P2cert="certP2.ss" | |
30 | P2intermediate="tmp_intP2.ss" | |
31 | ||
d02b48c6 RE |
32 | echo |
33 | echo "make a certificate request using 'req'" | |
65b002f3 | 34 | |
dbec1962 BM |
35 | echo "string to make the random number generator think it has entropy" >> ./.rnd |
36 | ||
62d27939 | 37 | if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then |
65b002f3 | 38 | req_new='-newkey dsa:../apps/dsa512.pem' |
46c4647e BM |
39 | else |
40 | req_new='-new' | |
65b002f3 BM |
41 | fi |
42 | ||
43 | $reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss | |
d02b48c6 RE |
44 | if [ $? != 0 ]; then |
45 | echo "error using 'req' to generate a certificate request" | |
46 | exit 1 | |
47 | fi | |
48 | echo | |
49 | echo "convert the certificate request into a self signed certificate using 'x509'" | |
6951c23a | 50 | $x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss |
d02b48c6 RE |
51 | if [ $? != 0 ]; then |
52 | echo "error using 'x509' to self sign a certificate request" | |
53 | exit 1 | |
54 | fi | |
55 | ||
56 | echo | |
57 | echo "convert a certificate into a certificate request using 'x509'" | |
58 | $x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss | |
59 | if [ $? != 0 ]; then | |
60 | echo "error using 'x509' convert a certificate to a certificate request" | |
61 | exit 1 | |
62 | fi | |
63 | ||
56f74f2e | 64 | $reqcmd -config $dummycnf -verify -in $CAreq -noout |
d02b48c6 RE |
65 | if [ $? != 0 ]; then |
66 | echo first generated request is invalid | |
67 | exit 1 | |
68 | fi | |
69 | ||
56f74f2e | 70 | $reqcmd -config $dummycnf -verify -in $CAreq2 -noout |
d02b48c6 RE |
71 | if [ $? != 0 ]; then |
72 | echo second generated request is invalid | |
73 | exit 1 | |
74 | fi | |
75 | ||
76 | $verifycmd -CAfile $CAcert $CAcert | |
77 | if [ $? != 0 ]; then | |
78 | echo first generated cert is invalid | |
79 | exit 1 | |
80 | fi | |
81 | ||
82 | echo | |
6951c23a | 83 | echo "make a user certificate request using 'req'" |
65b002f3 | 84 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss |
d02b48c6 | 85 | if [ $? != 0 ]; then |
6951c23a | 86 | echo "error using 'req' to generate a user certificate request" |
d02b48c6 RE |
87 | exit 1 |
88 | fi | |
89 | ||
90 | echo | |
6951c23a RL |
91 | echo "sign user certificate request with the just created CA via 'x509'" |
92 | $x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss | |
d02b48c6 | 93 | if [ $? != 0 ]; then |
6951c23a | 94 | echo "error using 'x509' to sign a user certificate request" |
d02b48c6 RE |
95 | exit 1 |
96 | fi | |
97 | ||
98 | $verifycmd -CAfile $CAcert $Ucert | |
99 | echo | |
100 | echo "Certificate details" | |
101 | $x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert | |
102 | ||
6951c23a RL |
103 | echo |
104 | echo "make a proxy certificate request using 'req'" | |
105 | $reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss | |
106 | if [ $? != 0 ]; then | |
107 | echo "error using 'req' to generate a proxy certificate request" | |
108 | exit 1 | |
109 | fi | |
110 | ||
111 | echo | |
112 | echo "sign proxy certificate request with the just created user certificate via 'x509'" | |
113 | $x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss | |
114 | if [ $? != 0 ]; then | |
115 | echo "error using 'x509' to sign a proxy certificate request" | |
116 | exit 1 | |
117 | fi | |
118 | ||
119 | cat $Ucert > $P1intermediate | |
120 | $verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert | |
121 | echo | |
122 | echo "Certificate details" | |
123 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert | |
124 | ||
125 | echo | |
126 | echo "make another proxy certificate request using 'req'" | |
127 | $reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss | |
128 | if [ $? != 0 ]; then | |
129 | echo "error using 'req' to generate another proxy certificate request" | |
130 | exit 1 | |
131 | fi | |
132 | ||
133 | echo | |
134 | echo "sign second proxy certificate request with the first proxy certificate via 'x509'" | |
135 | $x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss | |
136 | if [ $? != 0 ]; then | |
137 | echo "error using 'x509' to sign a second proxy certificate request" | |
138 | exit 1 | |
139 | fi | |
140 | ||
141 | cat $Ucert $P1cert > $P2intermediate | |
142 | $verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert | |
143 | echo | |
144 | echo "Certificate details" | |
145 | $x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert | |
146 | ||
d02b48c6 RE |
147 | echo |
148 | echo The generated CA certificate is $CAcert | |
149 | echo The generated CA private key is $CAkey | |
150 | ||
151 | echo The generated user certificate is $Ucert | |
152 | echo The generated user private key is $Ukey | |
153 | ||
6951c23a RL |
154 | echo The first generated proxy certificate is $P1cert |
155 | echo The first generated proxy private key is $P1key | |
156 | ||
157 | echo The second generated proxy certificate is $P2cert | |
158 | echo The second generated proxy private key is $P2key | |
159 | ||
d02b48c6 | 160 | /bin/rm err.ss |
6951c23a RL |
161 | #/bin/rm $P1intermediate |
162 | #/bin/rm $P2intermediate | |
d02b48c6 | 163 | exit 0 |