xref: /aosp_15_r20/external/cronet/net/data/ssl/scripts/generate-quic-chain.sh (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker#!/bin/sh
2*6777b538SAndroid Build Coastguard Worker
3*6777b538SAndroid Build Coastguard Worker# Copyright 2017 The Chromium Authors
4*6777b538SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be
5*6777b538SAndroid Build Coastguard Worker# found in the LICENSE file.
6*6777b538SAndroid Build Coastguard Worker
7*6777b538SAndroid Build Coastguard Worker# This script generates a test chain of (end-entity, intermediate, root)
8*6777b538SAndroid Build Coastguard Worker# certificates used to run a test QUIC server.
9*6777b538SAndroid Build Coastguard Worker
10*6777b538SAndroid Build Coastguard Workertry() {
11*6777b538SAndroid Build Coastguard Worker  "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e)
12*6777b538SAndroid Build Coastguard Worker}
13*6777b538SAndroid Build Coastguard Worker
14*6777b538SAndroid Build Coastguard Workertry rm -rf out
15*6777b538SAndroid Build Coastguard Workertry mkdir out
16*6777b538SAndroid Build Coastguard Worker
17*6777b538SAndroid Build Coastguard Worker# Create the serial number files.
18*6777b538SAndroid Build Coastguard Workertry /bin/sh -c "echo 01 > out/quic-test-root-serial"
19*6777b538SAndroid Build Coastguard Workertry /bin/sh -c "echo 01 > out/quic-test-intermediate-serial"
20*6777b538SAndroid Build Coastguard Worker
21*6777b538SAndroid Build Coastguard Worker# Create the signers' DB files.
22*6777b538SAndroid Build Coastguard Workertouch out/quic-test-root-index.txt
23*6777b538SAndroid Build Coastguard Workertouch out/quic-test-intermediate-index.txt
24*6777b538SAndroid Build Coastguard Worker
25*6777b538SAndroid Build Coastguard Worker# Generate the keys
26*6777b538SAndroid Build Coastguard Workertry openssl genrsa -out out/quic-test-root.key 2048
27*6777b538SAndroid Build Coastguard Workertry openssl genrsa -out out/quic-test-intermediate.key 2048
28*6777b538SAndroid Build Coastguard Workertry openssl genrsa -out out/quic-test-cert.key 2048
29*6777b538SAndroid Build Coastguard Worker
30*6777b538SAndroid Build Coastguard Worker# Generate the root certificate
31*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="Test Root CA" \
32*6777b538SAndroid Build Coastguard Worker  CA_DIR=out \
33*6777b538SAndroid Build Coastguard Worker  CA_NAME=test-root \
34*6777b538SAndroid Build Coastguard Worker  try openssl req \
35*6777b538SAndroid Build Coastguard Worker    -new \
36*6777b538SAndroid Build Coastguard Worker    -key out/quic-test-root.key \
37*6777b538SAndroid Build Coastguard Worker    -out out/quic-test-root.csr \
38*6777b538SAndroid Build Coastguard Worker    -config quic-test.cnf
39*6777b538SAndroid Build Coastguard Worker
40*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="Test Root CA" \
41*6777b538SAndroid Build Coastguard Worker  CA_DIR=out \
42*6777b538SAndroid Build Coastguard Worker  CA_NAME=quic-test-root \
43*6777b538SAndroid Build Coastguard Worker  try openssl x509 \
44*6777b538SAndroid Build Coastguard Worker    -req -days 3650 \
45*6777b538SAndroid Build Coastguard Worker    -in out/quic-test-root.csr \
46*6777b538SAndroid Build Coastguard Worker    -out out/quic-test-root.pem \
47*6777b538SAndroid Build Coastguard Worker    -signkey out/quic-test-root.key \
48*6777b538SAndroid Build Coastguard Worker    -extfile quic-test.cnf \
49*6777b538SAndroid Build Coastguard Worker    -extensions ca_cert \
50*6777b538SAndroid Build Coastguard Worker    -text
51*6777b538SAndroid Build Coastguard Worker
52*6777b538SAndroid Build Coastguard Worker# Generate the intermediate
53*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="Test Intermediate CA" \
54*6777b538SAndroid Build Coastguard Worker  CA_DIR=out \
55*6777b538SAndroid Build Coastguard Worker  CA_NAME=quic-test-root \
56*6777b538SAndroid Build Coastguard Worker  try openssl req \
57*6777b538SAndroid Build Coastguard Worker    -new \
58*6777b538SAndroid Build Coastguard Worker    -key out/quic-test-intermediate.key \
59*6777b538SAndroid Build Coastguard Worker    -out out/quic-test-intermediate.csr \
60*6777b538SAndroid Build Coastguard Worker    -config quic-test.cnf
61*6777b538SAndroid Build Coastguard Worker
62*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="Test Intermediate CA" \
63*6777b538SAndroid Build Coastguard Worker  CA_DIR=out \
64*6777b538SAndroid Build Coastguard Worker  CA_NAME=quic-test-root \
65*6777b538SAndroid Build Coastguard Worker  try openssl ca \
66*6777b538SAndroid Build Coastguard Worker    -batch \
67*6777b538SAndroid Build Coastguard Worker    -in out/quic-test-intermediate.csr \
68*6777b538SAndroid Build Coastguard Worker    -out out/quic-test-intermediate.pem \
69*6777b538SAndroid Build Coastguard Worker    -config quic-test.cnf \
70*6777b538SAndroid Build Coastguard Worker    -extensions ca_cert
71*6777b538SAndroid Build Coastguard Worker
72*6777b538SAndroid Build Coastguard Worker# Generate the leaf
73*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="test.example.com" \
74*6777b538SAndroid Build Coastguard WorkerCA_DIR=out \
75*6777b538SAndroid Build Coastguard WorkerCA_NAME=quic-test-intermediate \
76*6777b538SAndroid Build Coastguard Workertry openssl req \
77*6777b538SAndroid Build Coastguard Worker  -new \
78*6777b538SAndroid Build Coastguard Worker  -key out/quic-test-cert.key \
79*6777b538SAndroid Build Coastguard Worker  -out out/quic-test-cert.csr \
80*6777b538SAndroid Build Coastguard Worker  -config quic-test.cnf
81*6777b538SAndroid Build Coastguard Worker
82*6777b538SAndroid Build Coastguard WorkerCA_COMMON_NAME="Test Intermediate CA" \
83*6777b538SAndroid Build Coastguard Worker  HOST_NAME="test.example.com" \
84*6777b538SAndroid Build Coastguard Worker  CA_DIR=out \
85*6777b538SAndroid Build Coastguard Worker  CA_NAME=quic-test-intermediate \
86*6777b538SAndroid Build Coastguard Worker  try openssl ca \
87*6777b538SAndroid Build Coastguard Worker    -batch \
88*6777b538SAndroid Build Coastguard Worker    -in out/quic-test-cert.csr \
89*6777b538SAndroid Build Coastguard Worker    -out out/quic-test-cert.pem \
90*6777b538SAndroid Build Coastguard Worker    -config quic-test.cnf \
91*6777b538SAndroid Build Coastguard Worker    -extensions user_cert
92*6777b538SAndroid Build Coastguard Worker
93*6777b538SAndroid Build Coastguard Worker# Copy to the file names that are actually checked in.
94*6777b538SAndroid Build Coastguard Workertry openssl pkcs8 -topk8 -inform pem -outform der -in out/quic-test-cert.key -out ../certificates/quic-leaf-cert.key -nocrypt
95*6777b538SAndroid Build Coastguard Workertry cat out/quic-test-cert.pem out/quic-test-intermediate.pem > ../certificates/quic-chain.pem
96*6777b538SAndroid Build Coastguard Workertry cp out/quic-test-root.pem ../certificates/quic-root.pem
97*6777b538SAndroid Build Coastguard Workertry openssl pkcs8 -nocrypt -inform der -outform pem -in ../certificates/quic-leaf-cert.key -out ../certificates/quic-leaf-cert.key.pkcs8.pem
98