diff options
Diffstat (limited to 'libs/nixio/axTLS/ssl/test/make_certs.sh')
| -rwxr-xr-x | libs/nixio/axTLS/ssl/test/make_certs.sh | 174 |
1 files changed, 0 insertions, 174 deletions
diff --git a/libs/nixio/axTLS/ssl/test/make_certs.sh b/libs/nixio/axTLS/ssl/test/make_certs.sh deleted file mode 100755 index dfc39d4f53..0000000000 --- a/libs/nixio/axTLS/ssl/test/make_certs.sh +++ /dev/null @@ -1,174 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2007, Cameron Rich -# -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# * Redistributions of source code must retain the above copyright notice, -# this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the axTLS project nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY -# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# -# Generate the certificates and keys for testing. -# - -PROJECT_NAME="axTLS Project" - -# Generate the openssl configuration files. -cat > ca_cert.conf << EOF -[ req ] -distinguished_name = req_distinguished_name -prompt = no - -[ req_distinguished_name ] - O = $PROJECT_NAME Dodgy Certificate Authority -EOF - -cat > certs.conf << EOF -[ req ] -distinguished_name = req_distinguished_name -prompt = no - -[ req_distinguished_name ] - O = $PROJECT_NAME - CN = 127.0.0.1 -EOF - -cat > device_cert.conf << EOF -[ req ] -distinguished_name = req_distinguished_name -prompt = no - -[ req_distinguished_name ] - O = $PROJECT_NAME Device Certificate -EOF - -# private key generation -openssl genrsa -out axTLS.ca_key.pem 1024 -openssl genrsa -out axTLS.key_512.pem 512 -openssl genrsa -out axTLS.key_1024.pem 1024 -openssl genrsa -out axTLS.key_2048.pem 2048 -openssl genrsa -out axTLS.key_4096.pem 4096 -openssl genrsa -out axTLS.device_key.pem 1024 -openssl genrsa -aes128 -passout pass:abcd -out axTLS.key_aes128.pem 512 -openssl genrsa -aes256 -passout pass:abcd -out axTLS.key_aes256.pem 512 - -# convert private keys into DER format -openssl rsa -in axTLS.key_512.pem -out axTLS.key_512 -outform DER -openssl rsa -in axTLS.key_1024.pem -out axTLS.key_1024 -outform DER -openssl rsa -in axTLS.key_2048.pem -out axTLS.key_2048 -outform DER -openssl rsa -in axTLS.key_4096.pem -out axTLS.key_4096 -outform DER -openssl rsa -in axTLS.device_key.pem -out axTLS.device_key -outform DER - -# cert requests -openssl req -out axTLS.ca_x509.req -key axTLS.ca_key.pem -new \ - -config ./ca_cert.conf -openssl req -out axTLS.x509_512.req -key axTLS.key_512.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_1024.req -key axTLS.key_1024.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_2048.req -key axTLS.key_2048.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_4096.req -key axTLS.key_4096.pem -new \ - -config ./certs.conf -openssl req -out axTLS.x509_device.req -key axTLS.device_key.pem -new \ - -config ./device_cert.conf -openssl req -out axTLS.x509_aes128.req -key axTLS.key_aes128.pem \ - -new -config ./certs.conf -passin pass:abcd -openssl req -out axTLS.x509_aes256.req -key axTLS.key_aes256.pem \ - -new -config ./certs.conf -passin pass:abcd - -# generate the actual certs. -openssl x509 -req -in axTLS.ca_x509.req -out axTLS.ca_x509.pem \ - -sha1 -days 10000 -signkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_512.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_1024.req -out axTLS.x509_1024.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_2048.req -out axTLS.x509_2048.pem \ - -md5 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_4096.req -out axTLS.x509_4096.pem \ - -md5 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_device.req -out axTLS.x509_device.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.x509_512.pem -CAkey axTLS.key_512.pem -openssl x509 -req -in axTLS.x509_aes128.req \ - -out axTLS.x509_aes128.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -openssl x509 -req -in axTLS.x509_aes256.req \ - -out axTLS.x509_aes256.pem \ - -sha1 -CAcreateserial -days 10000 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem - -# note: must be root to do this -DATE_NOW=`date` -if date -s "Jan 1 2025"; then -openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_before.pem \ - -sha1 -CAcreateserial -days 365 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -date -s "$DATE_NOW" -touch axTLS.x509_bad_before.pem -fi -openssl x509 -req -in axTLS.x509_512.req -out axTLS.x509_bad_after.pem \ - -sha1 -CAcreateserial -days -365 \ - -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem - -# some cleanup -rm axTLS*.req -rm axTLS.srl -rm *.conf - -# need this for the client tests -openssl x509 -in axTLS.ca_x509.pem -outform DER -out axTLS.ca_x509.cer -openssl x509 -in axTLS.x509_512.pem -outform DER -out axTLS.x509_512.cer -openssl x509 -in axTLS.x509_1024.pem -outform DER -out axTLS.x509_1024.cer -openssl x509 -in axTLS.x509_2048.pem -outform DER -out axTLS.x509_2048.cer -openssl x509 -in axTLS.x509_4096.pem -outform DER -out axTLS.x509_4096.cer -openssl x509 -in axTLS.x509_device.pem -outform DER -out axTLS.x509_device.cer - -# generate pkcs8 files (use RC4-128 for encryption) -openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted_pem.p8 -openssl pkcs8 -in axTLS.key_512.pem -passout pass:abcd -topk8 -outform DER -v1 PBE-SHA1-RC4-128 -out axTLS.encrypted.p8 -openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -out axTLS.unencrypted_pem.p8 -openssl pkcs8 -in axTLS.key_512.pem -nocrypt -topk8 -outform DER -out axTLS.unencrypted.p8 - -# generate pkcs12 files (use RC4-128 for encryption) -openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -certfile axTLS.ca_x509.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_with_CA" -out axTLS.withCA.p12 -password pass:abcd -openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -name "p12_without_CA" -out axTLS.withoutCA.p12 -password pass:abcd -openssl pkcs12 -export -in axTLS.x509_1024.pem -inkey axTLS.key_1024.pem -keypbe PBE-SHA1-RC4-128 -certpbe PBE-SHA1-RC4-128 -out axTLS.noname.p12 -password pass:abcd - -# PEM certificate chain -cat axTLS.ca_x509.pem >> axTLS.x509_device.pem - -# set default key/cert for use in the server -xxd -i axTLS.x509_1024.cer | sed -e \ - "s/axTLS_x509_1024_cer/default_certificate/" > ../../ssl/cert.h -xxd -i axTLS.key_1024 | sed -e \ - "s/axTLS_key_1024/default_private_key/" > ../../ssl/private_key.h |