1#!/bin/bash
2#
3#  Copyright (c) 2024, The OpenThread Authors.
4#  All rights reserved.
5#
6#  Redistribution and use in source and binary forms, with or without
7#  modification, are permitted provided that the following conditions are met:
8#  1. Redistributions of source code must retain the above copyright
9#     notice, this list of conditions and the following disclaimer.
10#  2. Redistributions in binary form must reproduce the above copyright
11#     notice, this list of conditions and the following disclaimer in the
12#     documentation and/or other materials provided with the distribution.
13#  3. Neither the name of the copyright holder nor the
14#     names of its contributors may be used to endorse or promote products
15#     derived from this software without specific prior written permission.
16#
17#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27#  POSSIBILITY OF SUCH DAMAGE.
28#
29
30# Script to generate a TCAT Commissioner X509v3 certificate.
31
32if [ $# -ne 2 ]; then
33    echo "Usage: ./create-cert-tcat-commissioner.sh <NameOfCommissioner> <NameOfCA>"
34    exit 1
35fi
36set -eu
37
38# number of days certificate is valid
39((VALIDITY = "14"))
40echo "create-cert-tcat-commissioner.sh - Using validity param -days ${VALIDITY}"
41
42NAME=${1}
43CANAME=${2}
44((ID = ${NAME:0-1}))
45CACERTFILE="ca/${CANAME}_cert.pem"
46
47echo "  TCAT commissioner name   : ${NAME}"
48echo "  TCAT commissioner CA name: ${CANAME}"
49echo "  Numeric serial ID        : ${ID}"
50
51# create csr for TCAT Commissioner
52openssl req -new -key "keys/${NAME}_key.pem" -out "${NAME}.csr" -subj \
53    "/CN=TCAT Example ${NAME}/serialNumber=3523-1543-000${ID}"
54
55# sign csr by CA
56mkdir -p "output/${NAME}"
57openssl x509 -set_serial "92429${ID}" -CAform PEM -CA "${CACERTFILE}" \
58    -CAkey "ca/${CANAME}_key.pem" -extfile "ext/${NAME}.ext" -extensions \
59    "${NAME}" -req -in "${NAME}.csr" -out "output/${NAME}/commissioner_cert.pem" \
60    -days "${VALIDITY}" -sha256
61
62# delete temp files
63rm -f "${NAME}.csr"
64
65# copy supporting files, for immediate use by TCAT Commissioner as 'cert_path'
66cp "${CACERTFILE}" "output/${NAME}/ca_cert.pem"
67cp "keys/${NAME}_key.pem" "output/${NAME}/commissioner_key.pem"
68