Home Explore Help
Sign In
OWEALs
/
curl
mirror of https://github.com/curl/curl.git
2
0
Fork 0
Files Issues 8 Wiki
Tree: 8dc4493d54
Branches Tags
curl
/
tests
/
certs
/
scripts
/
genroot.sh

genroot.sh 2.5 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. #!/usr/bin/env bash
    2. 

  2. #***************************************************************************
    3. 

  3. #                                  _   _ ____  _
    4. 

  4. #  Project                     ___| | | |  _ \| |
    5. 

  5. #                             / __| | | | |_) | |
    6. 

  6. #                            | (__| |_| |  _ <| |___
    7. 

  7. #                             \___|\___/|_| \_\_____|
    8. 

  8. #
    9. 

  9. # Copyright (C) EdelWeb for EdelKey and OpenEvidence
    10. 

  10. #
    11. 

  11. # This software is licensed as described in the file COPYING, which
    12. 

  12. # you should have received as part of this distribution. The terms
    13. 

  13. # are also available at https://curl.se/docs/copyright.html.
    14. 

  14. #
    15. 

  15. # You may opt to use, copy, modify, merge, publish, distribute and/or sell
    16. 

  16. # copies of the Software, and permit persons to whom the Software is
    17. 

  17. # furnished to do so, under the terms of the COPYING file.
    18. 

  18. #
    19. 

  19. # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
    20. 

  20. # KIND, either express or implied.
    21. 

  21. #
    22. 

  22. # SPDX-License-Identifier: curl
    23. 

  23. #
    24. 

  24. ###########################################################################
    25. 

  25. 

  26. # exit on first fail
    27. 

  27. set -eu
    28. 

  28. 

  29. OPENSSL=openssl
    30. 

  30. if [ -f /usr/local/ssl/bin/openssl ]; then
    31. 

  31.   OPENSSL=/usr/local/ssl/bin/openssl
    32. 

  32. fi
    33. 

  33. 

  34. USAGE='echo Usage is genroot.sh <name>'
    35. 

  35. 

  36. HOME=$(pwd)
    37. 

  37. cd "$HOME"
    38. 

  38. 

  39. KEYSIZE=2048
    40. 

  40. DURATION=6000
    41. 

  41. # The -sha256 option was introduced in OpenSSL 1.0.1
    42. 

  42. DIGESTALGO=-sha256
    43. 

  43. 

  44. NOTOK=
    45. 

  45. 

  46. PREFIX="${1:-}"
    47. 

  47. if [ -z "$PREFIX" ]; then
    48. 

  48.   echo 'No configuration prefix'
    49. 

  49.   NOTOK=1
    50. 

  50. else
    51. 

  51.   if [ ! -f "$PREFIX-ca.prm" ]; then
    52. 

  52.     echo "No configuration file $PREFIX-ca.prm"
    53. 

  53.     NOTOK=1
    54. 

  54.   fi
    55. 

  55. fi
    56. 

  56. 

  57. if [ -n "$NOTOK" ]; then
    58. 

  58.   echo 'Sorry, I cannot do that for you.'
    59. 

  59.   $USAGE
    60. 

  60.   exit
    61. 

  61. fi
    62. 

  62. 

  63. SERIAL="$(date +'%s')${RANDOM:(-4)}"
    64. 

  64. 

  65. echo "SERIAL=$SERIAL PREFIX=$PREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE"
    66. 

  66. 

  67. set -x
    68. 

  68. 

  69. "$OPENSSL" genrsa -out "$PREFIX-ca.key" -passout fd:0 "$KEYSIZE" <<EOF
    70. 

  70. pass:secret
    71. 

  71. EOF
    72. 

  72. "$OPENSSL" req -config "$PREFIX-ca.prm" -new -key "$PREFIX-ca.key" -out "$PREFIX-ca.csr" -passin fd:0 <<EOF
    73. 

  73. pass:secret
    74. 

  74. EOF
    75. 

  75. "$OPENSSL" x509 -set_serial "$SERIAL" -extfile "$PREFIX-ca.prm" -days "$DURATION" -req -signkey "$PREFIX-ca.key" -in "$PREFIX-ca.csr" -out "$PREFIX-$SERIAL-ca.cacert" "$DIGESTALGO"
    76. 

  76. "$OPENSSL" x509 -text -in "$PREFIX-$SERIAL-ca.cacert" -nameopt multiline > "$PREFIX-ca.cacert"
    77. 

  77. "$OPENSSL" x509 -in "$PREFIX-ca.cacert" -outform der -out "$PREFIX-ca.der"
    78. 

  78. "$OPENSSL" x509 -in "$PREFIX-ca.cacert" -text -nameopt multiline > "$PREFIX-ca.crt"
    79. 

  79. "$OPENSSL" x509 -noout -text -in "$PREFIX-ca.cacert" -nameopt multiline
    80. 

  80. # "$OPENSSL" rsa -in "../keys/$PREFIX-ca.key" -text -noout -pubout
    81.