#!/bin/bash
|
|
#
|
# Creates or overwrites 3 files in ./res/raw:
|
# - cacert.der
|
# - userkey.der
|
# - usercert.der
|
#
|
|
tmpdir=$(mktemp -d './XXXXXXXX')
|
trap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT
|
|
# CA_default defined in openssl.cnf
|
CA_DIR='demoCA'
|
|
SUBJECT=\
|
'/C=US'\
|
'/ST=CA'\
|
'/L=Mountain View'\
|
'/O=Android'\
|
'/CN=localhost'
|
PASSWORD='androidtest'
|
SAN=\
|
'DNS:localhost'
|
|
echo "Creating directory '$CA_DIR'..."
|
mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \
|
&& echo '01' > "$tmpdir"/"$CA_DIR"/serial \
|
&& touch "$tmpdir"/"$CA_DIR"/index.txt
|
cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \
|
> "$tmpdir"/openssl.conf
|
|
echo "Generating CA certificate..."
|
(cd "$tmpdir" \
|
&& openssl req \
|
-new \
|
-x509 \
|
-days 3650 \
|
-extensions v3_ca \
|
-keyout 'cakey.pem' \
|
-out 'cacert.pem' \
|
-subj "$SUBJECT" \
|
-passout 'pass:'"$PASSWORD" \
|
&& openssl x509 \
|
-outform DER \
|
-in 'cacert.pem' \
|
-out 'cacert.der')
|
|
echo "Generating user key..."
|
(cd "$tmpdir" \
|
&& openssl req \
|
-newkey rsa:2048 \
|
-sha256 \
|
-keyout 'userkey.pem' \
|
-nodes \
|
-days 3650 \
|
-out 'userkey.req' \
|
-subj "$SUBJECT" \
|
-extensions SAN \
|
-config openssl.conf \
|
&& openssl pkcs8 \
|
-topk8 \
|
-outform DER \
|
-in 'userkey.pem' \
|
-out 'userkey.der' \
|
-nocrypt)
|
|
echo "Generating user certificate..."
|
(cd "$tmpdir" \
|
&& openssl ca \
|
-out 'usercert.pem' \
|
-in 'userkey.req' \
|
-cert 'cacert.pem' \
|
-keyfile 'cakey.pem' \
|
-days 3650 \
|
-passin 'pass:'"$PASSWORD" \
|
-extensions SAN \
|
-config openssl.conf \
|
-batch \
|
&& openssl x509 \
|
-outform DER \
|
-in 'usercert.pem' \
|
-out 'usercert.der')
|
|
# Copy important files to raw resources directory
|
cp \
|
"$tmpdir"/cacert.der \
|
"$tmpdir"/userkey.der \
|
"$tmpdir"/usercert.der \
|
'res/raw/'
|
|
echo "Finished"
|
exit
|
