1*6777b538SAndroid Build Coastguard Worker#!/bin/sh 2*6777b538SAndroid Build Coastguard Worker 3*6777b538SAndroid Build Coastguard Worker# Copyright 2015 The Chromium Authors 4*6777b538SAndroid Build Coastguard Worker# Use of this source code is governed by a BSD-style license that can be 5*6777b538SAndroid Build Coastguard Worker# found in the LICENSE file. 6*6777b538SAndroid Build Coastguard Worker 7*6777b538SAndroid Build Coastguard Worker# This script generates a CA and leaf cert which can be used for the 8*6777b538SAndroid Build Coastguard Worker# quic_server. 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Workertry() { 11*6777b538SAndroid Build Coastguard Worker "$@" || (e=$?; echo "$@" > /dev/stderr; exit $e) 12*6777b538SAndroid Build Coastguard Worker} 13*6777b538SAndroid Build Coastguard Worker 14*6777b538SAndroid Build Coastguard Workertry rm -rf out 15*6777b538SAndroid Build Coastguard Workertry mkdir out 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Workertry /bin/sh -c "echo 01 > out/2048-sha256-root-serial" 18*6777b538SAndroid Build Coastguard Workertouch out/2048-sha256-root-index.txt 19*6777b538SAndroid Build Coastguard Worker 20*6777b538SAndroid Build Coastguard Worker# Generate the key. 21*6777b538SAndroid Build Coastguard Workertry openssl genrsa -out out/2048-sha256-root.key 2048 22*6777b538SAndroid Build Coastguard Worker 23*6777b538SAndroid Build Coastguard Worker# Generate the root certificate. 24*6777b538SAndroid Build Coastguard Workertry openssl req \ 25*6777b538SAndroid Build Coastguard Worker -new \ 26*6777b538SAndroid Build Coastguard Worker -key out/2048-sha256-root.key \ 27*6777b538SAndroid Build Coastguard Worker -out out/2048-sha256-root.req \ 28*6777b538SAndroid Build Coastguard Worker -config ca.cnf 29*6777b538SAndroid Build Coastguard Worker 30*6777b538SAndroid Build Coastguard Workertry openssl x509 \ 31*6777b538SAndroid Build Coastguard Worker -req -days 3 \ 32*6777b538SAndroid Build Coastguard Worker -in out/2048-sha256-root.req \ 33*6777b538SAndroid Build Coastguard Worker -signkey out/2048-sha256-root.key \ 34*6777b538SAndroid Build Coastguard Worker -extfile ca.cnf \ 35*6777b538SAndroid Build Coastguard Worker -extensions ca_cert \ 36*6777b538SAndroid Build Coastguard Worker -text > out/2048-sha256-root.pem 37*6777b538SAndroid Build Coastguard Worker 38*6777b538SAndroid Build Coastguard Worker# Generate the leaf certificate request. 39*6777b538SAndroid Build Coastguard Workertry openssl req \ 40*6777b538SAndroid Build Coastguard Worker -new \ 41*6777b538SAndroid Build Coastguard Worker -keyout out/leaf_cert.key \ 42*6777b538SAndroid Build Coastguard Worker -out out/leaf_cert.req \ 43*6777b538SAndroid Build Coastguard Worker -config leaf.cnf 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker# Convert the key to pkcs8. 46*6777b538SAndroid Build Coastguard Workertry openssl pkcs8 \ 47*6777b538SAndroid Build Coastguard Worker -topk8 \ 48*6777b538SAndroid Build Coastguard Worker -outform DER \ 49*6777b538SAndroid Build Coastguard Worker -inform PEM \ 50*6777b538SAndroid Build Coastguard Worker -in out/leaf_cert.key \ 51*6777b538SAndroid Build Coastguard Worker -out out/leaf_cert.pkcs8 \ 52*6777b538SAndroid Build Coastguard Worker -nocrypt 53*6777b538SAndroid Build Coastguard Worker 54*6777b538SAndroid Build Coastguard Worker# Generate the leaf certificate to be valid for three days. 55*6777b538SAndroid Build Coastguard Workertry openssl ca \ 56*6777b538SAndroid Build Coastguard Worker -batch \ 57*6777b538SAndroid Build Coastguard Worker -days 3 \ 58*6777b538SAndroid Build Coastguard Worker -extensions user_cert \ 59*6777b538SAndroid Build Coastguard Worker -in out/leaf_cert.req \ 60*6777b538SAndroid Build Coastguard Worker -out out/leaf_cert.pem \ 61*6777b538SAndroid Build Coastguard Worker -config ca.cnf 62