mksmime-certs.sh 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
  1. #!/bin/sh
  2. # Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. # Utility to recreate S/MIME certificates in this directory.
  9. # Invoke when changes are need from within this directory.
  10. OPENSSL=../../apps/openssl
  11. CONF=ca.cnf
  12. export OPENSSL_CONF=./$CONF
  13. gen() {
  14. $OPENSSL x509 -CA smroot.pem -new -days 36524 -force_pubkey $1 -subj "$2" \
  15. -extfile $CONF -extensions $3
  16. }
  17. # Root CA: create certificate directly
  18. CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
  19. -keyout smroot.pem -out smroot.pem -key ../certs/ca-key.pem -days 36524
  20. # EE RSA certificates with respective extensions
  21. cp ../certs/ee-key.pem smrsa1.pem
  22. gen smrsa1.pem "/CN=Test SMIME EE RSA #1" usr_rsa_cert >>smrsa1.pem
  23. cp ../certs/ee-key-3072.pem smrsa2.pem
  24. gen smrsa2.pem "/CN=Test SMIME EE RSA #2" usr_rsa_cert >>smrsa2.pem
  25. cp ../certs/ee-key-4096.pem smrsa3.pem
  26. gen smrsa3.pem "/CN=Test SMIME EE RSA #3" usr_rsa_cert >>smrsa3.pem
  27. # Create DSA certificates with respective extensions
  28. cp ../certs/server-dsa-key.pem smdsa1.pem
  29. gen smdsa1.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa1.pem
  30. cp ../certs/server-dsa-key.pem smdsa2.pem
  31. gen smdsa2.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa2.pem
  32. cp ../certs/server-dsa-key.pem smdsa3.pem
  33. gen smdsa3.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa3.pem
  34. # Create EC certificates with respective extensions
  35. cp ../certs/ee-ecdsa-key.pem smec1.pem
  36. gen smec1.pem "/CN=Test SMIME EE EC #1" signer_cert >>smec1.pem
  37. cp ../certs/server-ecdsa-key.pem smec2.pem
  38. gen smec2.pem "/CN=Test SMIME EE EC #2" signer_cert >>smec2.pem
  39. # Do not renew this cert as it is used for legacy data decrypt test
  40. #$OPENSSL ecparam -out ecp.pem -name P-256
  41. #CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
  42. # -keyout smec3.pem -out req.pem -newkey ec:ecp.pem
  43. #$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36524 \
  44. # -extfile ca.cnf -extensions signer_cert -CAcreateserial >>smec3.pem
  45. #rm ecp.pem req.pem
  46. # Create X9.42 DH parameters and key.
  47. $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
  48. $OPENSSL genpkey -paramfile dhp.pem -out smdh.pem
  49. rm dhp.pem
  50. # Create X9.42 DH certificate with respective extensions
  51. gen smdh.pem "/CN=Test SMIME EE DH" dh_cert >>smdh.pem
  52. # EE RSA code signing end entity certificate with respective extensions
  53. cp ../certs/ee-key.pem csrsa1.pem
  54. gen csrsa1.pem "/CN=Test CodeSign EE RSA" codesign_cert >>csrsa1.pem