diff options
| author |   Jose Bollo <jose.bollo@iot.bzh> | 2019-09-11 16:37:24 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2020-02-28 12:19:25 +0100 |
| commit | c5d922d7085c980edad3764687e2488a1b0907d0 (patch) | |
| tree | af1e8f833e9d0c68538dab9d0974a55293d84477 /certs/gen-certs.sh | |
| parent | 7ea1070ee471141f58e9e4c03df5c95bbcef907d (diff) | |
Refactor of sample keys and certificates
Avoid installing any certificate or key.
But if requested, install the certificates and the keys
that are given as example.
Bug-AGL: SPEC-2840
Change-Id: I26aebd63fad842bb9746c3a004956d9dbafc091f
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'certs/gen-certs.sh')
| -rwxr-xr-x | certs/gen-certs.sh | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/certs/gen-certs.sh b/certs/gen-certs.sh deleted file mode 100755 index b432ce6..0000000 --- a/certs/gen-certs.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/sh -# -# Copying and distribution of this file, with or without modification, -# are permitted in any medium without royalty provided the copyright -# notice and this notice are preserved. This file is offered as-is, -# without any warranty. - -ORG="/C=FR/ST=Brittany/L=Vannes/O=IoT.bzh" - -cat > extensions << EOC -[root] -basicConstraints=CA:TRUE -keyUsage=keyCertSign -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -[derivate] -basicConstraints=CA:TRUE -keyUsage=keyCertSign,digitalSignature -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -EOC - -keyof() { echo -n "$1.key.pem"; } -certof() { echo -n "$1.cert.pem"; } - -generate() { - -local s="$1" n="$2" cn="$3" sig="$4" -local key="$(keyof "$n")" cert="$(certof "$n")" - -if [ ! -f "$key" ] -then - echo - echo "generation of the $n key" - openssl genpkey \ - -algorithm RSA -pkeyopt rsa_keygen_bits:4096 \ - -outform PEM \ - -out "$key" -fi - -if [ ! -f "$cert" -o "$key" -nt "$cert" ] -then - echo - echo "generation of the $n certificate" - openssl req -new \ - -key "$key" \ - -subj "$ORG/CN=$cn" | - openssl x509 -req \ - -days 3653 \ - -sha256 \ - -extfile extensions \ - -trustout \ - $sig \ - -set_serial $s \ - -setalias "$cn" \ - -out "$cert" -fi - -} - - -genroot() { - local s="$1" n="$2" cn="$3" - generate "$s" "$n" "$cn" "-signkey $(keyof "$n") -extensions root" -} - -derivate() { - local s="$1" n="$2" cn="$3" i="$4" - generate "$s" "$n" "$cn" "-CA $(certof "$i") -CAkey $(keyof "$i") -extensions derivate" -} - - -genroot 1 root "Root certificate" -derivate 2 developer "Root developer" root -derivate 3 platform "Root platform" root -derivate 4 partner "Root partner" root -derivate 5 public "Root public" root - -rm extensions |