1*b7c941bbSAndroid Build Coastguard Worker#!/bin/bash 2*b7c941bbSAndroid Build Coastguard Worker 3*b7c941bbSAndroid Build Coastguard Worker# 4*b7c941bbSAndroid Build Coastguard Worker# Generates: 5*b7c941bbSAndroid Build Coastguard Worker# - user-cert-chain.crt 6*b7c941bbSAndroid Build Coastguard Worker# - user-cert-chain.key 7*b7c941bbSAndroid Build Coastguard Worker# 8*b7c941bbSAndroid Build Coastguard Worker 9*b7c941bbSAndroid Build Coastguard Workerset -e 10*b7c941bbSAndroid Build Coastguard Worker 11*b7c941bbSAndroid Build Coastguard WorkerWORKDIR='temp' 12*b7c941bbSAndroid Build Coastguard WorkerTARGETDIR='../assets/' 13*b7c941bbSAndroid Build Coastguard Worker 14*b7c941bbSAndroid Build Coastguard Workerrm -rf "$WORKDIR" 15*b7c941bbSAndroid Build Coastguard Workermkdir "$WORKDIR" 16*b7c941bbSAndroid Build Coastguard Workercp ca.conf "$WORKDIR/" 17*b7c941bbSAndroid Build Coastguard Workerpushd "$WORKDIR" 18*b7c941bbSAndroid Build Coastguard Worker 19*b7c941bbSAndroid Build Coastguard Worker## Generate root CA 20*b7c941bbSAndroid Build Coastguard Workermkdir -p rootca/{certs,crl,newcerts,private} 21*b7c941bbSAndroid Build Coastguard Workerpushd rootca 22*b7c941bbSAndroid Build Coastguard Workertouch index.txt 23*b7c941bbSAndroid Build Coastguard Workerecho '1000' > serial 24*b7c941bbSAndroid Build Coastguard Workeropenssl req \ 25*b7c941bbSAndroid Build Coastguard Worker -config ../ca.conf \ 26*b7c941bbSAndroid Build Coastguard Worker -new \ 27*b7c941bbSAndroid Build Coastguard Worker -x509 \ 28*b7c941bbSAndroid Build Coastguard Worker -days 7300 \ 29*b7c941bbSAndroid Build Coastguard Worker -sha256 \ 30*b7c941bbSAndroid Build Coastguard Worker -extensions v3_ca \ 31*b7c941bbSAndroid Build Coastguard Worker -nodes \ 32*b7c941bbSAndroid Build Coastguard Worker -keyout private/ca.key.pem \ 33*b7c941bbSAndroid Build Coastguard Worker -out certs/ca.cert.pem 34*b7c941bbSAndroid Build Coastguard Workerpopd 35*b7c941bbSAndroid Build Coastguard Worker 36*b7c941bbSAndroid Build Coastguard Worker## Generate Intermediate CA 37*b7c941bbSAndroid Build Coastguard Workermkdir intermediate intermediate/{certs,crl,csr,newcerts,private} 38*b7c941bbSAndroid Build Coastguard Workertouch intermediate/index.txt 39*b7c941bbSAndroid Build Coastguard Worker 40*b7c941bbSAndroid Build Coastguard Workerecho '1000' > intermediate/serial 41*b7c941bbSAndroid Build Coastguard Workerecho '1000' > intermediate/crlnumber 42*b7c941bbSAndroid Build Coastguard Worker 43*b7c941bbSAndroid Build Coastguard Workeropenssl req \ 44*b7c941bbSAndroid Build Coastguard Worker -config ca.conf \ 45*b7c941bbSAndroid Build Coastguard Worker -new \ 46*b7c941bbSAndroid Build Coastguard Worker -sha256 \ 47*b7c941bbSAndroid Build Coastguard Worker -nodes \ 48*b7c941bbSAndroid Build Coastguard Worker -keyout intermediate/private/intermediate.key.pem \ 49*b7c941bbSAndroid Build Coastguard Worker -out intermediate/csr/intermediate.csr.pem 50*b7c941bbSAndroid Build Coastguard Worker 51*b7c941bbSAndroid Build Coastguard Workeropenssl ca \ 52*b7c941bbSAndroid Build Coastguard Worker -config ca.conf \ 53*b7c941bbSAndroid Build Coastguard Worker -name RootCA \ 54*b7c941bbSAndroid Build Coastguard Worker -extensions v3_intermediate_ca \ 55*b7c941bbSAndroid Build Coastguard Worker -days 3650 \ 56*b7c941bbSAndroid Build Coastguard Worker -notext \ 57*b7c941bbSAndroid Build Coastguard Worker -md sha256 \ 58*b7c941bbSAndroid Build Coastguard Worker -in intermediate/csr/intermediate.csr.pem \ 59*b7c941bbSAndroid Build Coastguard Worker -out intermediate/certs/intermediate.cert.pem 60*b7c941bbSAndroid Build Coastguard Worker 61*b7c941bbSAndroid Build Coastguard Worker## Generate client cert 62*b7c941bbSAndroid Build Coastguard Workeropenssl req \ 63*b7c941bbSAndroid Build Coastguard Worker -config ca.conf \ 64*b7c941bbSAndroid Build Coastguard Worker -newkey rsa:1024 \ 65*b7c941bbSAndroid Build Coastguard Worker -keyout user.key.pem \ 66*b7c941bbSAndroid Build Coastguard Worker -nodes \ 67*b7c941bbSAndroid Build Coastguard Worker -days 3650 \ 68*b7c941bbSAndroid Build Coastguard Worker -out user.csr.pem 69*b7c941bbSAndroid Build Coastguard Worker 70*b7c941bbSAndroid Build Coastguard Workeropenssl ca \ 71*b7c941bbSAndroid Build Coastguard Worker -config ca.conf \ 72*b7c941bbSAndroid Build Coastguard Worker -name IntermediateCA \ 73*b7c941bbSAndroid Build Coastguard Worker -extensions usr_cert \ 74*b7c941bbSAndroid Build Coastguard Worker -days 365 \ 75*b7c941bbSAndroid Build Coastguard Worker -notext \ 76*b7c941bbSAndroid Build Coastguard Worker -md sha256 \ 77*b7c941bbSAndroid Build Coastguard Worker -in user.csr.pem \ 78*b7c941bbSAndroid Build Coastguard Worker -out user.cert.pem 79*b7c941bbSAndroid Build Coastguard Worker 80*b7c941bbSAndroid Build Coastguard Workerpopd # WORKDIR 81*b7c941bbSAndroid Build Coastguard Worker 82*b7c941bbSAndroid Build Coastguard Worker## Convert client cert to acceptable form 83*b7c941bbSAndroid Build Coastguard Workercat \ 84*b7c941bbSAndroid Build Coastguard Worker "$WORKDIR"/user.cert.pem \ 85*b7c941bbSAndroid Build Coastguard Worker "$WORKDIR"/intermediate/certs/intermediate.cert.pem \ 86*b7c941bbSAndroid Build Coastguard Worker "$WORKDIR"/rootca/certs/ca.cert.pem \ 87*b7c941bbSAndroid Build Coastguard Worker > "$TARGETDIR"/user-cert-chain.crt 88*b7c941bbSAndroid Build Coastguard Worker 89*b7c941bbSAndroid Build Coastguard Workeropenssl pkcs8 \ 90*b7c941bbSAndroid Build Coastguard Worker -topk8 \ 91*b7c941bbSAndroid Build Coastguard Worker -nocrypt \ 92*b7c941bbSAndroid Build Coastguard Worker -inform PEM \ 93*b7c941bbSAndroid Build Coastguard Worker -outform DER \ 94*b7c941bbSAndroid Build Coastguard Worker -in "$WORKDIR"/user.key.pem \ 95*b7c941bbSAndroid Build Coastguard Worker -out "$TARGETDIR"/user-cert-chain.key 96*b7c941bbSAndroid Build Coastguard Worker 97*b7c941bbSAndroid Build Coastguard Workerrm -r "$WORKDIR" 98