certs/gen-certs.sh

   1 #!/bin/sh
   2 #
   3 # Copying and distribution of this file, with or without modification,
   4 # are permitted in any medium without royalty provided the copyright
   5 # notice and this notice are preserved.  This file is offered as-is,
   6 # without any warranty.
   7
   8 ORG="/C=FR/ST=Brittany/L=Vannes/O=IoT.bzh"
   9
  10 cat > extensions << EOC
  11 [root]
  12 basicConstraints=CA:TRUE
  13 keyUsage=keyCertSign
  14 subjectKeyIdentifier=hash
  15 authorityKeyIdentifier=keyid
  16 [derivate]
  17 basicConstraints=CA:TRUE
  18 keyUsage=keyCertSign,digitalSignature
  19 subjectKeyIdentifier=hash
  20 authorityKeyIdentifier=keyid
  21 EOC
  22
  23 keyof() { echo -n "$1.key.pem"; }
  24 certof() { echo -n "$1.cert.pem"; }
  25
  26 generate() {
  27
  28 local s="$1" n="$2" cn="$3" sig="$4"
  29 local key="$(keyof "$n")" cert="$(certof "$n")"
  30
  31 if [ ! -f "$key" ]
  32 then
  33         echo
  34         echo "generation of the $n key"
  35         openssl genpkey \
  36                 -algorithm RSA -pkeyopt rsa_keygen_bits:4096 \
  37                 -outform PEM \
  38                 -out "$key"
  39 fi
  40
  41 if [ ! -f "$cert" -o "$key" -nt "$cert" ]
  42 then
  43         echo
  44         echo "generation of the $n certificate"
  45         openssl req -new \
  46                         -key "$key" \
  47                         -subj "$ORG/CN=$cn" |
  48         openssl x509 -req \
  49                         -days 3653 \
  50                         -sha256 \
  51                         -extfile extensions \
  52                         -trustout \
  53                         $sig \
  54                         -set_serial $s \
  55                         -setalias "$cn" \
  56                         -out "$cert"
  57 fi
  58
  59 }
  60
  61
  62 genroot() {
  63         local s="$1" n="$2" cn="$3"
  64         generate "$s" "$n" "$cn" "-signkey $(keyof "$n") -extensions root"
  65 }
  66
  67 derivate() {
  68         local s="$1" n="$2" cn="$3" i="$4"
  69         generate "$s" "$n" "$cn" "-CA $(certof "$i") -CAkey $(keyof "$i") -extensions derivate"
  70 }
  71
  72
  73 genroot 1 root "Root certificate"
  74 derivate 2 developer "Root developer" root
  75 derivate 3 platform "Root platform" root
  76 derivate 4 partner "Root partner" root
  77 derivate 5 public "Root public" root
  78
  79 rm extensions