diff options
| author |   Jose Bollo <jose.bollo@iot.bzh> | 2019-09-11 16:37:24 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2020-02-28 12:19:25 +0100 |
| commit | c5d922d7085c980edad3764687e2488a1b0907d0 (patch) | |
| tree | af1e8f833e9d0c68538dab9d0974a55293d84477 /certs/sample/gen-certs.sh | |
| parent | 7ea1070ee471141f58e9e4c03df5c95bbcef907d (diff) | |
Refactor of sample keys and certificates
Avoid installing any certificate or key.
But if requested, install the certificates and the keys
that are given as example.
Bug-AGL: SPEC-2840
Change-Id: I26aebd63fad842bb9746c3a004956d9dbafc091f
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'certs/sample/gen-certs.sh')
| -rwxr-xr-x | certs/sample/gen-certs.sh | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/certs/sample/gen-certs.sh b/certs/sample/gen-certs.sh new file mode 100755 index 0000000..f0aa135 --- /dev/null +++ b/certs/sample/gen-certs.sh @@ -0,0 +1,78 @@ +#!/bin/sh +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without any warranty. + +ORG="/C=FR/ST=Brittany/L=Lorient/O=IoT.bzh" + +cat > extensions << EOC +[root] +basicConstraints=CA:TRUE +keyUsage=keyCertSign +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +[derivate] +basicConstraints=CA:TRUE +keyUsage=keyCertSign,digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +EOC + +keyof() { echo -n "$1.key.pem"; } +certof() { echo -n "$1.cert.pem"; } + +generate() { + +local s="$1" n="$2" cn="$3" sig="$4" +local key="$(keyof "$n")" cert="$(certof "$n")" + +if [ ! -f "$key" ] +then + echo + echo "generation of the $n key" + openssl genpkey \ + -algorithm RSA -pkeyopt rsa_keygen_bits:4096 \ + -outform PEM \ + -out "$key" +fi + +if [ ! -f "$cert" -o "$key" -nt "$cert" ] +then + echo + echo "generation of the $n certificate" + openssl req -new \ + -key "$key" \ + -subj "$ORG/CN=$cn" | + openssl x509 -req \ + -days 3653 \ + -sha256 \ + -extfile extensions \ + -trustout \ + $sig \ + -set_serial $s \ + -setalias "$cn" \ + -out "$cert" +fi + +} + +genroot() { + local s="$1" n="$2" cn="$3" + generate "$s" "$n" "$cn" "-signkey $(keyof "$n") -extensions root" +} + +derivate() { + local s="$1" n="$2" cn="$3" i="$4" + generate "$s" "$n" "$cn" "-CA $(certof "$i") -CAkey $(keyof "$i") -extensions derivate" +} + + +genroot 1 root "Root certificate" +derivate 2 developer "Root developer" root +derivate 3 platform "Root platform" root +derivate 4 partner "Root partner" root +derivate 5 public "Root public" root + +rm extensions |