#!/bin/sh -e
echo "Create Certs"
OPENSSL=/usr/bin/openssl
GNUTLS_CERTTOOL=/opt/gnutls/bin/certtool
DIR=test-certs
mkdir -p $DIR
cd $DIR
gen_rsa_cert()
{
${OPENSSL} req -x509 -nodes -days 365 -subj "$2" -newkey rsa:1024 -keyout $1.Key.rsa.pem -out $1.Cert.rsa.pem
${OPENSSL} rsa -outform DER -in $1.Key.rsa.pem -out $1.Key.rsa.der
${OPENSSL} x509 -outform DER -in $1.Cert.rsa.pem -out $1.Cert.rsa.der
xxd -i $1.Key.rsa.der > $1_Key_rsa.h
xxd -i $1.Cert.rsa.der > $1_Cert_rsa.h
}
gen_rsa_req()
{
${OPENSSL} req -new -nodes -days 365 -subj "$2" -newkey rsa:1024 -keyout $1.Key.rsa.pem -out $1.Req.rsa.pem
${OPENSSL} rsa -outform DER -in $1.Key.rsa.pem -out $1.Key.rsa.der
xxd -i $1.Key.rsa.der > $1_Key_rsa.h
}
gen_ec_cert()
{
${OPENSSL} req -x509 -nodes -days 365 -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.ecc.pem -out $1.Cert.ecc.pem
${OPENSSL} ec -outform DER -in $1.Key.ecc.pem -out $1.Key.ecc.der
${OPENSSL} x509 -outform DER -in $1.Cert.ecc.pem -out $1.Cert.ecc.der
xxd -i $1.Key.ecc.der > $1_Key_ecc.h
xxd -i $1.Cert.ecc.der > $1_Cert_ecc.h
}
gen_ec_req()
{
${OPENSSL} req -new -nodes -days 365 -subj "$2" -newkey ec:ecparam.pem -keyout $1.Key.ecc.pem -out $1.Req.ecc.pem
${OPENSSL} ec -outform DER -in $1.Key.ecc.pem -out $1.Key.ecc.der
xxd -i $1.Key.ecc.der > $1_Key_ecc.h
}
sign_cert()
{
${OPENSSL} x509 -req -in $1.Req.$2.pem -CA CA.Cert.$3.pem -CAkey CA.Key.$3.pem -set_serial $4 -out $1.Cert.$2.$3.pem
${OPENSSL} x509 -outform DER -in $1.Cert.$2.$3.pem -out $1.Cert.$2.$3.der
xxd -i $1.Cert.$2.$3.der > $1_Cert_$2_$3.h
${OPENSSL} pkcs12 -export -passout pass:password -out $1.$2.$3.p12 -inkey $1.Key.$2.pem -in $1.Cert.$2.$3.pem
xxd -i $1.$2.$3.p12 > $1_$2_$3_p12.h
}
${OPENSSL} ecparam -name secp256k1 -out ecparam.pem
echo "**** Generating CA keys and certs..."
gen_rsa_cert CA '/CN=coreTLS CA Cert (RSA)'
gen_ec_cert CA '/CN=coreTLS CA Cert (ECC)'
echo "**** Generating Server keys and csr..."
gen_rsa_req Server1 '/CN=coreTLS Server1 Cert (RSA)'
gen_ec_req Server1 '/CN=coreTLS Server1 Cert (ECC)'
gen_rsa_req Server2 '/CN=coreTLS Server2 Cert (RSA)'
gen_ec_req Server2 '/CN=coreTLS Server2 Cert (ECC)'
echo "**** Generating Client keys and csr..."
echo "**** Signing Servers certs..."
sign_cert Server1 rsa rsa 1
sign_cert Server1 rsa ecc 2
sign_cert Server1 ecc rsa 3
sign_cert Server1 ecc ecc 4
sign_cert Server2 rsa rsa 5
sign_cert Server2 rsa ecc 6
sign_cert Server2 ecc rsa 7
sign_cert Server2 ecc ecc 8