gssapi/mech: -Wcalloc-transposed args
[heimdal.git] / lib / hx509 / data / mkcert.sh
blobc06528dc82ae37590d0240e7310e5beba6f6a3db
1 #! /bin/bash
3 set -e
5 DAYS=182500
7 key() {
8 local key=$1; shift
10 if [ ! -f "${key}.pem" ]; then
11 openssl genpkey \
12 -paramfile <(openssl ecparam -name prime256v1) \
13 -out "${key}.pem"
17 req() {
18 local key=$1; shift
19 local dn=$1; shift
21 openssl req -new -sha256 -key "${key}.pem" \
22 -config <(printf "[req]\n%s\n%s\n[dn]\nCN_default=foo\n" \
23 "prompt = yes" "distinguished_name = dn") \
24 -subj "${dn}"
27 cert() {
28 local cert=$1; shift
29 local exts=$1; shift
31 openssl x509 -req -sha256 -out "${cert}.pem" \
32 -extfile <(printf "%s\n" "$exts") "$@"
35 genroot() {
36 local dn=$1; shift
37 local key=$1; shift
38 local cert=$1; shift
40 exts=$(printf "%s\n%s\n%s\n%s\n" \
41 "subjectKeyIdentifier = hash" \
42 "authorityKeyIdentifier = keyid" \
43 "basicConstraints = CA:true" \
44 "keyUsage = keyCertSign, cRLSign" )
45 key "$key"; req "$key" "$dn" |
46 cert "$cert" "$exts" -signkey "${key}.pem" \
47 -set_serial 1 -days "${DAYS}"
50 genee() {
51 local dn=$1; shift
52 local key=$1; shift
53 local cert=$1; shift
54 local cakey=$1; shift
55 local cacert=$1; shift
57 exts=$(printf "%s\n%s\n%s\n%s\n" \
58 "subjectKeyIdentifier = hash" \
59 "authorityKeyIdentifier = keyid, issuer" \
60 "basicConstraints = CA:false" \
61 "keyUsage = digitalSignature, keyEncipherment, dataEncipherment" \
63 key "$key"; req "$key" "$dn" |
64 cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \
65 -set_serial 2 -days "${DAYS}" "$@"
69 genroot "/C=SE/O=Heimdal/CN=CA secp256r1" \
70 secp256r1TestCA.key secp256r1TestCA.cert
71 genee "/C=SE/O=Heimdal/CN=Server" \
72 secp256r2TestServer.key secp256r2TestServer.cert \
73 secp256r1TestCA.key secp256r1TestCA.cert
74 genee "/C=SE/O=Heimdal/CN=Client" \
75 secp256r2TestClient.key secp256r2TestClient.cert \
76 secp256r1TestCA.key secp256r1TestCA.cert
78 cat secp256r1TestCA.key.pem secp256r1TestCA.cert.pem > \
79 secp256r1TestCA.pem
80 cat secp256r2TestClient.cert.pem secp256r2TestClient.key.pem > \
81 secp256r2TestClient.pem
82 cat secp256r2TestServer.cert.pem secp256r2TestServer.key.pem > \
83 secp256r2TestServer.pem