xref: /aosp_15_r20/external/openthread/tools/tcat_ble_client/auth-generate/create-cert-ca.sh (revision cfb92d1480a9e65faed56933e9c12405f45898b4) 
1#!/bin/bash
2#
3#  Copyright (c) 2024, The OpenThread Authors.
4#  All rights reserved.
5#
6#  Redistribution and use in source and binary forms, with or without
7#  modification, are permitted provided that the following conditions are met:
8#  1. Redistributions of source code must retain the above copyright
9#     notice, this list of conditions and the following disclaimer.
10#  2. Redistributions in binary form must reproduce the above copyright
11#     notice, this list of conditions and the following disclaimer in the
12#     documentation and/or other materials provided with the distribution.
13#  3. Neither the name of the copyright holder nor the
14#     names of its contributors may be used to endorse or promote products
15#     derived from this software without specific prior written permission.
16#
17#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27#  POSSIBILITY OF SUCH DAMAGE.
28#
29
30# Create the certificate of an example CA for TCAT. This single CA creates both the
31# TCAT Device certificates, as well as the TCAT Commissioner certificates that
32# work for those TCAT Devices.
33
34if [ $# -ne 1 ]; then
35    echo "Usage: ./create-cert-ca.sh <NameOfCA>"
36    exit 1
37fi
38set -eu
39
40# days certificate is valid
41((VALIDITY = 20 * 365))
42
43NAME=${1}
44
45# create csr
46openssl req -new -key "ca/${NAME}_key.pem" -out "${NAME}.csr" \
47    -subj "/CN=TCAT Example CA '${NAME}'/O=Example Inc/L=Example City/ST=CA/C=US"
48
49# self-sign csr
50mkdir -p output
51openssl x509 -set_serial 0x01 -extfile "ext/${NAME}.ext" \
52    -extensions "${NAME}" -req -in "${NAME}.csr" \
53    -signkey "ca/${NAME}_key.pem" -out "ca/${NAME}_cert.pem" \
54    -days "${VALIDITY}" -sha256
55
56# delete temp files
57rm -f "${NAME}.csr"
58
59# show result
60openssl x509 -text -in "ca/${NAME}_cert.pem"
61