1#!/bin/sh 2 3# Copyright 2017 The Chromium Authors 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# This script generates a test chain of (end-entity, intermediate, root) 8# certificates used to run a test QUIC server. 9 10try() { 11 "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e) 12} 13 14try rm -rf out 15try mkdir out 16 17# Create the serial number files. 18try /bin/sh -c "echo 01 > out/quic-test-root-serial" 19try /bin/sh -c "echo 01 > out/quic-test-intermediate-serial" 20 21# Create the signers' DB files. 22touch out/quic-test-root-index.txt 23touch out/quic-test-intermediate-index.txt 24 25# Generate the keys 26try openssl genrsa -out out/quic-test-root.key 2048 27try openssl genrsa -out out/quic-test-intermediate.key 2048 28try openssl genrsa -out out/quic-test-cert.key 2048 29 30# Generate the root certificate 31CA_COMMON_NAME="Test Root CA" \ 32 CA_DIR=out \ 33 CA_NAME=test-root \ 34 try openssl req \ 35 -new \ 36 -key out/quic-test-root.key \ 37 -out out/quic-test-root.csr \ 38 -config quic-test.cnf 39 40CA_COMMON_NAME="Test Root CA" \ 41 CA_DIR=out \ 42 CA_NAME=quic-test-root \ 43 try openssl x509 \ 44 -req -days 3650 \ 45 -in out/quic-test-root.csr \ 46 -out out/quic-test-root.pem \ 47 -signkey out/quic-test-root.key \ 48 -extfile quic-test.cnf \ 49 -extensions ca_cert \ 50 -text 51 52# Generate the intermediate 53CA_COMMON_NAME="Test Intermediate CA" \ 54 CA_DIR=out \ 55 CA_NAME=quic-test-root \ 56 try openssl req \ 57 -new \ 58 -key out/quic-test-intermediate.key \ 59 -out out/quic-test-intermediate.csr \ 60 -config quic-test.cnf 61 62CA_COMMON_NAME="Test Intermediate CA" \ 63 CA_DIR=out \ 64 CA_NAME=quic-test-root \ 65 try openssl ca \ 66 -batch \ 67 -in out/quic-test-intermediate.csr \ 68 -out out/quic-test-intermediate.pem \ 69 -config quic-test.cnf \ 70 -extensions ca_cert 71 72# Generate the leaf 73CA_COMMON_NAME="test.example.com" \ 74CA_DIR=out \ 75CA_NAME=quic-test-intermediate \ 76try openssl req \ 77 -new \ 78 -key out/quic-test-cert.key \ 79 -out out/quic-test-cert.csr \ 80 -config quic-test.cnf 81 82CA_COMMON_NAME="Test Intermediate CA" \ 83 HOST_NAME="test.example.com" \ 84 CA_DIR=out \ 85 CA_NAME=quic-test-intermediate \ 86 try openssl ca \ 87 -batch \ 88 -in out/quic-test-cert.csr \ 89 -out out/quic-test-cert.pem \ 90 -config quic-test.cnf \ 91 -extensions user_cert 92 93# Copy to the file names that are actually checked in. 94try openssl pkcs8 -topk8 -inform pem -outform der -in out/quic-test-cert.key -out ../certificates/quic-leaf-cert.key -nocrypt 95try cat out/quic-test-cert.pem out/quic-test-intermediate.pem > ../certificates/quic-chain.pem 96try cp out/quic-test-root.pem ../certificates/quic-root.pem 97try openssl pkcs8 -nocrypt -inform der -outform pem -in ../certificates/quic-leaf-cert.key -out ../certificates/quic-leaf-cert.key.pkcs8.pem 98