File: generate.sh

package info (click to toggle)

aws-crt-python 0.24.0%2Bdfsg-1

links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 75,932 kB
sloc: ansic: 418,984; python: 23,626; makefile: 6,035; sh: 4,075; ruby: 208; java: 82; perl: 73; cpp: 25; xml: 11

file content (106 lines) | stat: -rwxr-xr-x 3,028 bytes

#!/usr/bin/env bash

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0

# immediately bail if any command fails
set -e

echo "generating CA"
openssl req -new -noenc -x509 \
        -newkey ec \
        -pkeyopt ec_paramgen_curve:P-384 \
        -keyout  ca-key.pem \
        -out ca-cert.pem \
        -days 65536 \
        -SHA384 \
        -subj "/C=US/CN=root" \
        -addext "basicConstraints = critical,CA:true" \
        -addext "keyUsage = critical,keyCertSign"

echo "generating wombat private key and CSR"
openssl req  -new -noenc \
        -newkey ec \
        -pkeyopt ec_paramgen_curve:P-384 \
        -keyout wombat-key.pem \
        -out wombat.csr \
        -subj "/C=US/CN=wombat" \
        -addext "subjectAltName = DNS:www.wombat.com"

echo "generating kangaroo private key and CSR"
openssl req  -new -noenc \
        -newkey ec \
        -pkeyopt ec_paramgen_curve:P-384 \
        -keyout kangaroo-key.pem \
        -out kangaroo.csr \
        -subj "/C=US/CN=kangaroo" \
        -addext "subjectAltName = DNS:www.kangaroo.com"

echo "generating localhost private key and CSR"
openssl req -new -noenc \
        -newkey ec \
        -pkeyopt ec_paramgen_curve:P-384 \
        -keyout localhost-key.pem \
        -out localhost.csr \
        -subj "/C=US/CN=localhost" \
        -addext "subjectAltName = DNS:localhost"

echo "generating wombat server certificate and signing it"
openssl x509 -days 65536 \
        -req -in wombat.csr \
        -SHA384 \
        -CA ca-cert.pem \
        -CAkey ca-key.pem \
        -CAcreateserial \
        -out wombat-cert.pem \
        -copy_extensions=copyall

echo "generating kangaroo certificate and signing it"
openssl x509 -days 65536 \
        -req -in kangaroo.csr \
        -SHA384 \
        -CA ca-cert.pem \
        -CAkey ca-key.pem \
        -CAcreateserial \
        -out kangaroo-cert.pem \
        -copy_extensions=copyall

echo "generating localhost certificate and signing it"
openssl x509 -days 65536 \
        -req -in localhost.csr \
        -SHA384 \
        -CA ca-cert.pem \
        -CAkey ca-key.pem \
        -CAcreateserial \
        -out localhost-cert.pem \
        -copy_extensions=copyall

touch wombat-chain.pem
cat wombat-cert.pem >> wombat-chain.pem
cat ca-cert.pem >> wombat-chain.pem

touch kangaroo-chain.pem
cat kangaroo-cert.pem >> kangaroo-chain.pem
cat ca-cert.pem >> kangaroo-chain.pem

touch localhost-chain.pem
cat localhost-cert.pem >> localhost-chain.pem
cat ca-cert.pem >> localhost-chain.pem

echo "verifying server certificates"
openssl verify -CAfile ca-cert.pem wombat-cert.pem
openssl verify -CAfile ca-cert.pem kangaroo-cert.pem
openssl verify -CAfile ca-cert.pem localhost-cert.pem

# certificate signing requests are never used after the certs are generated
rm wombat.csr
rm kangaroo.csr
rm localhost.csr
rm ca-cert.srl

# the private keys of the CA are never needed after signing
rm ca-key.pem
rm wombat-cert.pem
rm kangaroo-cert.pem
rm localhost-cert.pem