113498266Sopenharmony_ci#!/bin/bash
213498266Sopenharmony_ci#***************************************************************************
313498266Sopenharmony_ci#                                  _   _ ____  _
413498266Sopenharmony_ci#  Project                     ___| | | |  _ \| |
513498266Sopenharmony_ci#                             / __| | | | |_) | |
613498266Sopenharmony_ci#                            | (__| |_| |  _ <| |___
713498266Sopenharmony_ci#                             \___|\___/|_| \_\_____|
813498266Sopenharmony_ci#
913498266Sopenharmony_ci# Copyright (C) EdelWeb for EdelKey and OpenEvidence
1013498266Sopenharmony_ci#
1113498266Sopenharmony_ci# This software is licensed as described in the file COPYING, which
1213498266Sopenharmony_ci# you should have received as part of this distribution. The terms
1313498266Sopenharmony_ci# are also available at https://curl.se/docs/copyright.html.
1413498266Sopenharmony_ci#
1513498266Sopenharmony_ci# You may opt to use, copy, modify, merge, publish, distribute and/or sell
1613498266Sopenharmony_ci# copies of the Software, and permit persons to whom the Software is
1713498266Sopenharmony_ci# furnished to do so, under the terms of the COPYING file.
1813498266Sopenharmony_ci#
1913498266Sopenharmony_ci# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
2013498266Sopenharmony_ci# KIND, either express or implied.
2113498266Sopenharmony_ci#
2213498266Sopenharmony_ci# SPDX-License-Identifier: curl
2313498266Sopenharmony_ci#
2413498266Sopenharmony_ci###########################################################################
2513498266Sopenharmony_ci
2613498266Sopenharmony_ciOPENSSL=openssl
2713498266Sopenharmony_ciif [ -f /usr/local/ssl/bin/openssl ] ; then
2813498266Sopenharmony_ci   OPENSSL=/usr/local/ssl/bin/openssl
2913498266Sopenharmony_cifi
3013498266Sopenharmony_ci
3113498266Sopenharmony_ciUSAGE="echo Usage is genserv.sh <prefix> <caprefix>"
3213498266Sopenharmony_ci
3313498266Sopenharmony_ci# exit on first fail
3413498266Sopenharmony_ciset -e
3513498266Sopenharmony_ci
3613498266Sopenharmony_ciHOME=`pwd`
3713498266Sopenharmony_cicd $HOME
3813498266Sopenharmony_ci
3913498266Sopenharmony_ciKEYSIZE=2048
4013498266Sopenharmony_ciDURATION=3000
4113498266Sopenharmony_ci# The -sha256 option was introduced in OpenSSL 1.0.1
4213498266Sopenharmony_ciDIGESTALGO=-sha256
4313498266Sopenharmony_ci
4413498266Sopenharmony_ciREQ=YES
4513498266Sopenharmony_ciP12=NO
4613498266Sopenharmony_ciDHP=NO
4713498266Sopenharmony_ci
4813498266Sopenharmony_ciPREFIX=$1
4913498266Sopenharmony_ciif [ ".$PREFIX" = . ] ; then
5013498266Sopenharmony_ci   echo No configuration prefix
5113498266Sopenharmony_ci   NOTOK=1
5213498266Sopenharmony_cielse
5313498266Sopenharmony_ci   if [ ! -f $PREFIX-sv.prm ] ; then
5413498266Sopenharmony_ci      echo No configuration file $PREFIX-sv.prm
5513498266Sopenharmony_ci      NOTOK=1
5613498266Sopenharmony_ci   fi
5713498266Sopenharmony_cifi
5813498266Sopenharmony_ci
5913498266Sopenharmony_ciCAPREFIX=$2
6013498266Sopenharmony_ciif [ ".$CAPREFIX" = . ] ; then
6113498266Sopenharmony_ci   echo No CA prefix
6213498266Sopenharmony_ci   NOTOK=1
6313498266Sopenharmony_cielse
6413498266Sopenharmony_ci   if [ ! -f $CAPREFIX-ca.cacert ] ; then
6513498266Sopenharmony_ci      echo No CA certificate file $CAPREFIX-ca.caert
6613498266Sopenharmony_ci      NOTOK=1
6713498266Sopenharmony_ci   fi
6813498266Sopenharmony_ci   if [ ! -f $CAPREFIX-ca.key ] ; then
6913498266Sopenharmony_ci      echo No $CAPREFIX key
7013498266Sopenharmony_ci      NOTOK=1
7113498266Sopenharmony_ci   fi
7213498266Sopenharmony_cifi
7313498266Sopenharmony_ci
7413498266Sopenharmony_ciif [ ".$NOTOK" != . ] ; then
7513498266Sopenharmony_ci   echo "Sorry, I can't do that for you."
7613498266Sopenharmony_ci   $USAGE
7713498266Sopenharmony_ci   exit
7813498266Sopenharmony_cifi
7913498266Sopenharmony_ci
8013498266Sopenharmony_ciif [ ".$SERIAL" = . ] ; then
8113498266Sopenharmony_ci   GETSERIAL="\$t = time ;\$d =  \$t . substr(\$t+$$ ,-4,4)-1;print \$d"
8213498266Sopenharmony_ci   SERIAL=`/usr/bin/env perl -e "$GETSERIAL"`
8313498266Sopenharmony_cifi
8413498266Sopenharmony_ci
8513498266Sopenharmony_ciecho SERIAL=$SERIAL PREFIX=$PREFIX CAPREFIX=$CAPREFIX DURATION=$DURATION KEYSIZE=$KEYSIZE
8613498266Sopenharmony_ci
8713498266Sopenharmony_ciif [ "$DHP." = YES. ] ; then
8813498266Sopenharmony_ci   echo "openssl dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE"
8913498266Sopenharmony_ci   $OPENSSL dhparam -2 -out $PREFIX-sv.dhp $KEYSIZE
9013498266Sopenharmony_cifi
9113498266Sopenharmony_ci
9213498266Sopenharmony_ciif [ "$REQ." = YES. ] ; then
9313498266Sopenharmony_ci   echo "openssl req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout XXX"
9413498266Sopenharmony_ci   $OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key -out $PREFIX-sv.csr -passout pass:secret
9513498266Sopenharmony_cifi
9613498266Sopenharmony_ci
9713498266Sopenharmony_ciecho "openssl rsa -in $PREFIX-sv.key -out $PREFIX-sv.key"
9813498266Sopenharmony_ci$OPENSSL rsa -in $PREFIX-sv.key -out $PREFIX-sv.key -passin pass:secret
9913498266Sopenharmony_ciecho pseudo secrets generated
10013498266Sopenharmony_ci
10113498266Sopenharmony_ciecho "openssl rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der"
10213498266Sopenharmony_ci$OPENSSL rsa -in $PREFIX-sv.key -pubout -outform DER -out $PREFIX-sv.pub.der
10313498266Sopenharmony_ci
10413498266Sopenharmony_ciecho "openssl rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem"
10513498266Sopenharmony_ci$OPENSSL rsa -in $PREFIX-sv.key -pubout -outform PEM -out $PREFIX-sv.pub.pem
10613498266Sopenharmony_ci
10713498266Sopenharmony_ciecho "openssl x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION  -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt "
10813498266Sopenharmony_ci
10913498266Sopenharmony_ci$OPENSSL x509 -set_serial $SERIAL -extfile $PREFIX-sv.prm -days $DURATION  -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -in $PREFIX-sv.csr -req -text -nameopt multiline $DIGESTALGO > $PREFIX-sv.crt
11013498266Sopenharmony_ci
11113498266Sopenharmony_ciif [ "$P12." = YES. ] ; then
11213498266Sopenharmony_ci
11313498266Sopenharmony_ci   echo "$OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt "
11413498266Sopenharmony_ci
11513498266Sopenharmony_ci   $OPENSSL pkcs12 -export -des3 -out $PREFIX-sv.p12 -caname $CAPREFIX -name $PREFIX -inkey $PREFIX-sv.key -in $PREFIX-sv.crt -certfile $CAPREFIX-ca.crt
11613498266Sopenharmony_cifi
11713498266Sopenharmony_ci
11813498266Sopenharmony_ciecho "openssl x509 -noout -text -hash -in $PREFIX-sv.selfcert -nameopt multiline"
11913498266Sopenharmony_ci$OPENSSL x509 -noout -text -hash -in $PREFIX-sv.crt -nameopt multiline
12013498266Sopenharmony_ci
12113498266Sopenharmony_ci# revoke server cert
12213498266Sopenharmony_citouch $CAPREFIX-ca.db
12313498266Sopenharmony_ciecho 01 > $CAPREFIX-ca.cnt
12413498266Sopenharmony_ciecho "openssl ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt"
12513498266Sopenharmony_ci$OPENSSL ca -config $CAPREFIX-ca.cnf -revoke $PREFIX-sv.crt
12613498266Sopenharmony_ci
12713498266Sopenharmony_ci# issue CRL
12813498266Sopenharmony_ciecho "openssl ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl"
12913498266Sopenharmony_ci$OPENSSL ca -config $CAPREFIX-ca.cnf -gencrl -out $PREFIX-sv.crl
13013498266Sopenharmony_ci
13113498266Sopenharmony_ciecho "openssl x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der "
13213498266Sopenharmony_ci$OPENSSL x509 -in $PREFIX-sv.crt -outform der -out $PREFIX-sv.der
13313498266Sopenharmony_ci
13413498266Sopenharmony_ci# all together now
13513498266Sopenharmony_citouch $PREFIX-sv.dhp
13613498266Sopenharmony_cicat $PREFIX-sv.prm $PREFIX-sv.key  $PREFIX-sv.crt $PREFIX-sv.dhp >$PREFIX-sv.pem
13713498266Sopenharmony_cichmod o-r $PREFIX-sv.prm
13813498266Sopenharmony_ci
13913498266Sopenharmony_ci$OPENSSL x509 -in $PREFIX-sv.pem -pubkey -noout | \
14013498266Sopenharmony_ci$OPENSSL pkey -pubin -outform der | $OPENSSL dgst -sha256 -binary | \
14113498266Sopenharmony_ci$OPENSSL enc -base64 >$PREFIX-sv.pubkey-pinned
14213498266Sopenharmony_ci
14313498266Sopenharmony_ciecho "$PREFIX-sv.pem done"
144