155714Skris#!/bin/sh 255714Skris 3160814Ssimondigest='-sha1' 4160814Ssimonreqcmd="../util/shlib_wrap.sh ../apps/openssl req" 5160814Ssimonx509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" 6160814Ssimonverifycmd="../util/shlib_wrap.sh ../apps/openssl verify" 755714Skrisdummycnf="../apps/openssl.cnf" 855714Skris 955714SkrisCAkey="keyCA.ss" 1055714SkrisCAcert="certCA.ss" 1155714SkrisCAreq="reqCA.ss" 1255714SkrisCAconf="CAss.cnf" 1355714SkrisCAreq2="req2CA.ss" # temp 1455714Skris 1555714SkrisUconf="Uss.cnf" 1655714SkrisUkey="keyU.ss" 1755714SkrisUreq="reqU.ss" 1855714SkrisUcert="certU.ss" 1955714Skris 20160814SsimonP1conf="P1ss.cnf" 21160814SsimonP1key="keyP1.ss" 22160814SsimonP1req="reqP1.ss" 23160814SsimonP1cert="certP1.ss" 24160814SsimonP1intermediate="tmp_intP1.ss" 25160814Ssimon 26160814SsimonP2conf="P2ss.cnf" 27160814SsimonP2key="keyP2.ss" 28160814SsimonP2req="reqP2.ss" 29160814SsimonP2cert="certP2.ss" 30160814SsimonP2intermediate="tmp_intP2.ss" 31160814Ssimon 3255714Skrisecho 3355714Skrisecho "make a certificate request using 'req'" 3459191Skris 3589837Skrisecho "string to make the random number generator think it has entropy" >> ./.rnd 3689837Skris 37160814Ssimonif ../util/shlib_wrap.sh ../apps/openssl no-rsa; then 3859191Skris req_new='-newkey dsa:../apps/dsa512.pem' 3959191Skriselse 4059191Skris req_new='-new' 4159191Skrisfi 4259191Skris 4359191Skris$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss 4455714Skrisif [ $? != 0 ]; then 4555714Skris echo "error using 'req' to generate a certificate request" 4655714Skris exit 1 4755714Skrisfi 4855714Skrisecho 4955714Skrisecho "convert the certificate request into a self signed certificate using 'x509'" 50160814Ssimon$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss 5155714Skrisif [ $? != 0 ]; then 5255714Skris echo "error using 'x509' to self sign a certificate request" 5355714Skris exit 1 5455714Skrisfi 5555714Skris 5655714Skrisecho 5755714Skrisecho "convert a certificate into a certificate request using 'x509'" 5855714Skris$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss 5955714Skrisif [ $? != 0 ]; then 6055714Skris echo "error using 'x509' convert a certificate to a certificate request" 6155714Skris exit 1 6255714Skrisfi 6355714Skris 6455714Skris$reqcmd -config $dummycnf -verify -in $CAreq -noout 6555714Skrisif [ $? != 0 ]; then 6655714Skris echo first generated request is invalid 6755714Skris exit 1 6855714Skrisfi 6955714Skris 7055714Skris$reqcmd -config $dummycnf -verify -in $CAreq2 -noout 7155714Skrisif [ $? != 0 ]; then 7255714Skris echo second generated request is invalid 7355714Skris exit 1 7455714Skrisfi 7555714Skris 7655714Skris$verifycmd -CAfile $CAcert $CAcert 7755714Skrisif [ $? != 0 ]; then 7855714Skris echo first generated cert is invalid 7955714Skris exit 1 8055714Skrisfi 8155714Skris 8255714Skrisecho 83160814Ssimonecho "make a user certificate request using 'req'" 8459191Skris$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss 8555714Skrisif [ $? != 0 ]; then 86160814Ssimon echo "error using 'req' to generate a user certificate request" 8755714Skris exit 1 8855714Skrisfi 8955714Skris 9055714Skrisecho 91160814Ssimonecho "sign user certificate request with the just created CA via 'x509'" 92160814Ssimon$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss 9355714Skrisif [ $? != 0 ]; then 94160814Ssimon echo "error using 'x509' to sign a user certificate request" 9555714Skris exit 1 9655714Skrisfi 9755714Skris 9855714Skris$verifycmd -CAfile $CAcert $Ucert 9955714Skrisecho 10055714Skrisecho "Certificate details" 10155714Skris$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert 10255714Skris 10355714Skrisecho 104160814Ssimonecho "make a proxy certificate request using 'req'" 105160814Ssimon$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss 106160814Ssimonif [ $? != 0 ]; then 107160814Ssimon echo "error using 'req' to generate a proxy certificate request" 108160814Ssimon exit 1 109160814Ssimonfi 110160814Ssimon 111160814Ssimonecho 112160814Ssimonecho "sign proxy certificate request with the just created user certificate via 'x509'" 113160814Ssimon$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss 114160814Ssimonif [ $? != 0 ]; then 115160814Ssimon echo "error using 'x509' to sign a proxy certificate request" 116160814Ssimon exit 1 117160814Ssimonfi 118160814Ssimon 119160814Ssimoncat $Ucert > $P1intermediate 120160814Ssimon$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert 121160814Ssimonecho 122160814Ssimonecho "Certificate details" 123160814Ssimon$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert 124160814Ssimon 125160814Ssimonecho 126160814Ssimonecho "make another proxy certificate request using 'req'" 127160814Ssimon$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss 128160814Ssimonif [ $? != 0 ]; then 129160814Ssimon echo "error using 'req' to generate another proxy certificate request" 130160814Ssimon exit 1 131160814Ssimonfi 132160814Ssimon 133160814Ssimonecho 134160814Ssimonecho "sign second proxy certificate request with the first proxy certificate via 'x509'" 135160814Ssimon$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss 136160814Ssimonif [ $? != 0 ]; then 137160814Ssimon echo "error using 'x509' to sign a second proxy certificate request" 138160814Ssimon exit 1 139160814Ssimonfi 140160814Ssimon 141160814Ssimoncat $Ucert $P1cert > $P2intermediate 142160814Ssimon$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert 143160814Ssimonecho 144160814Ssimonecho "Certificate details" 145160814Ssimon$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert 146160814Ssimon 147160814Ssimonecho 14855714Skrisecho The generated CA certificate is $CAcert 14955714Skrisecho The generated CA private key is $CAkey 15055714Skris 15155714Skrisecho The generated user certificate is $Ucert 15255714Skrisecho The generated user private key is $Ukey 15355714Skris 154160814Ssimonecho The first generated proxy certificate is $P1cert 155160814Ssimonecho The first generated proxy private key is $P1key 156160814Ssimon 157160814Ssimonecho The second generated proxy certificate is $P2cert 158160814Ssimonecho The second generated proxy private key is $P2key 159160814Ssimon 16055714Skris/bin/rm err.ss 161160814Ssimon#/bin/rm $P1intermediate 162160814Ssimon#/bin/rm $P2intermediate 16355714Skrisexit 0 164