2019-09-12 10:56:54 +03:00
|
|
|
#!/bin/bash
|
2020-12-11 18:31:40 +02:00
|
|
|
|
|
|
|
|
# Generate some test certificates which are used by the regression test suite:
|
|
|
|
|
#
|
|
|
|
|
# tests/tls/ca.{crt,key} Self signed CA certificate.
|
2021-07-08 02:46:42 +00:00
|
|
|
# tests/tls/keydb.{crt,key} A certificate with no key usage/policy restrictions.
|
2020-12-11 18:31:40 +02:00
|
|
|
# tests/tls/client.{crt,key} A certificate restricted for SSL client usage.
|
|
|
|
|
# tests/tls/server.{crt,key} A certificate restricted fro SSL server usage.
|
2021-07-08 02:46:42 +00:00
|
|
|
# tests/tls/keydb.dh DH Params file.
|
2020-12-11 18:31:40 +02:00
|
|
|
|
|
|
|
|
generate_cert() {
|
|
|
|
|
local name=$1
|
|
|
|
|
local cn="$2"
|
|
|
|
|
local opts="$3"
|
|
|
|
|
|
|
|
|
|
local keyfile=tests/tls/${name}.key
|
|
|
|
|
local certfile=tests/tls/${name}.crt
|
|
|
|
|
|
2022-03-03 13:59:07 -05:00
|
|
|
[ -f $keyfile ] || openssl genrsa -out $keyfile 4096
|
2020-12-11 18:31:40 +02:00
|
|
|
openssl req \
|
|
|
|
|
-new -sha256 \
|
2021-07-08 02:46:42 +00:00
|
|
|
-subj "/O=KeyDB Test/CN=$cn" \
|
2022-03-03 13:59:07 -05:00
|
|
|
-config "tests/tls/openssl.cnf" \
|
2020-12-11 18:31:40 +02:00
|
|
|
-key $keyfile | \
|
|
|
|
|
openssl x509 \
|
|
|
|
|
-req -sha256 \
|
|
|
|
|
-CA tests/tls/ca.crt \
|
|
|
|
|
-CAkey tests/tls/ca.key \
|
|
|
|
|
-CAserial tests/tls/ca.txt \
|
|
|
|
|
-CAcreateserial \
|
|
|
|
|
-days 365 \
|
|
|
|
|
$opts \
|
|
|
|
|
-out $certfile
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-12 10:56:54 +03:00
|
|
|
mkdir -p tests/tls
|
2020-12-11 18:31:40 +02:00
|
|
|
[ -f tests/tls/ca.key ] || openssl genrsa -out tests/tls/ca.key 4096
|
2019-09-12 10:56:54 +03:00
|
|
|
openssl req \
|
|
|
|
|
-x509 -new -nodes -sha256 \
|
|
|
|
|
-key tests/tls/ca.key \
|
|
|
|
|
-days 3650 \
|
2021-07-08 02:46:42 +00:00
|
|
|
-subj '/O=KeyDB Test/CN=Certificate Authority' \
|
2019-09-12 10:56:54 +03:00
|
|
|
-out tests/tls/ca.crt
|
2020-12-11 18:31:40 +02:00
|
|
|
|
|
|
|
|
cat > tests/tls/openssl.cnf <<_END_
|
2022-03-03 13:59:07 -05:00
|
|
|
[ req ]
|
|
|
|
|
default_bits = 4096
|
|
|
|
|
distinguished_name = req_distinguished_name
|
|
|
|
|
req_extensions = req_ext
|
|
|
|
|
|
|
|
|
|
[req_distinguished_name]
|
|
|
|
|
|
|
|
|
|
[req_ext]
|
|
|
|
|
subjectAltName = @alt_names
|
|
|
|
|
|
|
|
|
|
[alt_names]
|
|
|
|
|
DNS.1=san1.keydb.dev
|
|
|
|
|
DNS.2=san2.keydb.dev
|
|
|
|
|
DNS.3=san3.keydb.dev
|
|
|
|
|
IP.1=192.168.0.1
|
|
|
|
|
IP.2=8.8.8.8
|
|
|
|
|
IP.3=2001:0db8:15::8a2e:0370:7334
|
|
|
|
|
email.1=someone@keydb.dev
|
|
|
|
|
email.2=someone_else@keydb.dev
|
|
|
|
|
URI.1=https://keydb.dev
|
|
|
|
|
URI.2=https://google.com
|
|
|
|
|
|
|
|
|
|
|
2020-12-11 18:31:40 +02:00
|
|
|
[ server_cert ]
|
|
|
|
|
keyUsage = digitalSignature, keyEncipherment
|
|
|
|
|
nsCertType = server
|
|
|
|
|
|
|
|
|
|
[ client_cert ]
|
|
|
|
|
keyUsage = digitalSignature, keyEncipherment
|
|
|
|
|
nsCertType = client
|
|
|
|
|
_END_
|
|
|
|
|
|
2022-03-03 13:59:07 -05:00
|
|
|
generate_cert server "server.keydb.dev" "-extfile tests/tls/openssl.cnf -extensions server_cert -extensions req_ext"
|
|
|
|
|
generate_cert client "client.keydb.dev" "-extfile tests/tls/openssl.cnf -extensions client_cert -extensions req_ext"
|
|
|
|
|
generate_cert client2 "client2.keydb.dev" "-extfile tests/tls/openssl.cnf -extensions client_cert -extensions req_ext"
|
|
|
|
|
generate_cert keydb "generic.keydb.dev" "-extfile tests/tls/openssl.cnf -extensions req_ext"
|
2020-12-11 18:31:40 +02:00
|
|
|
|
2021-07-08 02:46:42 +00:00
|
|
|
[ -f tests/tls/keydb.dh ] || openssl dhparam -out tests/tls/keydb.dh 2048
|
