1*b7c941bbSAndroid Build Coastguard Worker#!/bin/bash 2*b7c941bbSAndroid Build Coastguard Worker 3*b7c941bbSAndroid Build Coastguard Worker# 4*b7c941bbSAndroid Build Coastguard Worker# Creates or overwrites 3 files in ./res/raw: 5*b7c941bbSAndroid Build Coastguard Worker# - cacert.der 6*b7c941bbSAndroid Build Coastguard Worker# - userkey.der 7*b7c941bbSAndroid Build Coastguard Worker# - usercert.der 8*b7c941bbSAndroid Build Coastguard Worker# 9*b7c941bbSAndroid Build Coastguard Worker 10*b7c941bbSAndroid Build Coastguard Workertmpdir=$(mktemp -d './XXXXXXXX') 11*b7c941bbSAndroid Build Coastguard Workertrap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT 12*b7c941bbSAndroid Build Coastguard Worker 13*b7c941bbSAndroid Build Coastguard Worker# CA_default defined in openssl.cnf 14*b7c941bbSAndroid Build Coastguard WorkerCA_DIR='demoCA' 15*b7c941bbSAndroid Build Coastguard Worker 16*b7c941bbSAndroid Build Coastguard WorkerSUBJECT=\ 17*b7c941bbSAndroid Build Coastguard Worker'/C=US'\ 18*b7c941bbSAndroid Build Coastguard Worker'/ST=CA'\ 19*b7c941bbSAndroid Build Coastguard Worker'/L=Mountain View'\ 20*b7c941bbSAndroid Build Coastguard Worker'/O=Android'\ 21*b7c941bbSAndroid Build Coastguard Worker'/CN=localhost' 22*b7c941bbSAndroid Build Coastguard WorkerPASSWORD='androidtest' 23*b7c941bbSAndroid Build Coastguard WorkerSAN=\ 24*b7c941bbSAndroid Build Coastguard Worker'DNS:localhost' 25*b7c941bbSAndroid Build Coastguard Worker 26*b7c941bbSAndroid Build Coastguard Workerecho "Creating directory '$CA_DIR'..." 27*b7c941bbSAndroid Build Coastguard Workermkdir -p "$tmpdir"/"$CA_DIR"/newcerts \ 28*b7c941bbSAndroid Build Coastguard Worker && echo '01' > "$tmpdir"/"$CA_DIR"/serial \ 29*b7c941bbSAndroid Build Coastguard Worker && touch "$tmpdir"/"$CA_DIR"/index.txt 30*b7c941bbSAndroid Build Coastguard Workercat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \ 31*b7c941bbSAndroid Build Coastguard Worker > "$tmpdir"/openssl.conf 32*b7c941bbSAndroid Build Coastguard Worker 33*b7c941bbSAndroid Build Coastguard Workerecho "Generating CA certificate..." 34*b7c941bbSAndroid Build Coastguard Worker(cd "$tmpdir" \ 35*b7c941bbSAndroid Build Coastguard Worker && openssl req \ 36*b7c941bbSAndroid Build Coastguard Worker -new \ 37*b7c941bbSAndroid Build Coastguard Worker -x509 \ 38*b7c941bbSAndroid Build Coastguard Worker -days 3650 \ 39*b7c941bbSAndroid Build Coastguard Worker -extensions v3_ca \ 40*b7c941bbSAndroid Build Coastguard Worker -keyout 'cakey.pem' \ 41*b7c941bbSAndroid Build Coastguard Worker -out 'cacert.pem' \ 42*b7c941bbSAndroid Build Coastguard Worker -subj "$SUBJECT" \ 43*b7c941bbSAndroid Build Coastguard Worker -passout 'pass:'"$PASSWORD" \ 44*b7c941bbSAndroid Build Coastguard Worker && openssl x509 \ 45*b7c941bbSAndroid Build Coastguard Worker -outform DER \ 46*b7c941bbSAndroid Build Coastguard Worker -in 'cacert.pem' \ 47*b7c941bbSAndroid Build Coastguard Worker -out 'cacert.der') 48*b7c941bbSAndroid Build Coastguard Worker 49*b7c941bbSAndroid Build Coastguard Workerecho "Generating user key..." 50*b7c941bbSAndroid Build Coastguard Worker(cd "$tmpdir" \ 51*b7c941bbSAndroid Build Coastguard Worker && openssl req \ 52*b7c941bbSAndroid Build Coastguard Worker -newkey rsa:2048 \ 53*b7c941bbSAndroid Build Coastguard Worker -sha256 \ 54*b7c941bbSAndroid Build Coastguard Worker -keyout 'userkey.pem' \ 55*b7c941bbSAndroid Build Coastguard Worker -nodes \ 56*b7c941bbSAndroid Build Coastguard Worker -days 3650 \ 57*b7c941bbSAndroid Build Coastguard Worker -out 'userkey.req' \ 58*b7c941bbSAndroid Build Coastguard Worker -subj "$SUBJECT" \ 59*b7c941bbSAndroid Build Coastguard Worker -extensions SAN \ 60*b7c941bbSAndroid Build Coastguard Worker -config openssl.conf \ 61*b7c941bbSAndroid Build Coastguard Worker && openssl pkcs8 \ 62*b7c941bbSAndroid Build Coastguard Worker -topk8 \ 63*b7c941bbSAndroid Build Coastguard Worker -outform DER \ 64*b7c941bbSAndroid Build Coastguard Worker -in 'userkey.pem' \ 65*b7c941bbSAndroid Build Coastguard Worker -out 'userkey.der' \ 66*b7c941bbSAndroid Build Coastguard Worker -nocrypt) 67*b7c941bbSAndroid Build Coastguard Worker 68*b7c941bbSAndroid Build Coastguard Workerecho "Generating user certificate..." 69*b7c941bbSAndroid Build Coastguard Worker(cd "$tmpdir" \ 70*b7c941bbSAndroid Build Coastguard Worker && openssl ca \ 71*b7c941bbSAndroid Build Coastguard Worker -out 'usercert.pem' \ 72*b7c941bbSAndroid Build Coastguard Worker -in 'userkey.req' \ 73*b7c941bbSAndroid Build Coastguard Worker -cert 'cacert.pem' \ 74*b7c941bbSAndroid Build Coastguard Worker -keyfile 'cakey.pem' \ 75*b7c941bbSAndroid Build Coastguard Worker -days 3650 \ 76*b7c941bbSAndroid Build Coastguard Worker -passin 'pass:'"$PASSWORD" \ 77*b7c941bbSAndroid Build Coastguard Worker -extensions SAN \ 78*b7c941bbSAndroid Build Coastguard Worker -config openssl.conf \ 79*b7c941bbSAndroid Build Coastguard Worker -batch \ 80*b7c941bbSAndroid Build Coastguard Worker && openssl x509 \ 81*b7c941bbSAndroid Build Coastguard Worker -outform DER \ 82*b7c941bbSAndroid Build Coastguard Worker -in 'usercert.pem' \ 83*b7c941bbSAndroid Build Coastguard Worker -out 'usercert.der') 84*b7c941bbSAndroid Build Coastguard Worker 85*b7c941bbSAndroid Build Coastguard Worker# Copy important files to raw resources directory 86*b7c941bbSAndroid Build Coastguard Workercp \ 87*b7c941bbSAndroid Build Coastguard Worker "$tmpdir"/cacert.der \ 88*b7c941bbSAndroid Build Coastguard Worker "$tmpdir"/userkey.der \ 89*b7c941bbSAndroid Build Coastguard Worker "$tmpdir"/usercert.der \ 90*b7c941bbSAndroid Build Coastguard Worker 'res/raw/' 91*b7c941bbSAndroid Build Coastguard Worker 92*b7c941bbSAndroid Build Coastguard Workerecho "Finished" 93*b7c941bbSAndroid Build Coastguard Workerexit 94