New test/java/security/cert/CertPathValidator/indirectCRL/generate.sh

   1 #
   2 # Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
   3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4 #
   5 # This code is free software; you can redistribute it and/or modify it
   6 # under the terms of the GNU General Public License version 2 only, as
   7 # published by the Free Software Foundation.
   8 #
   9 # This code is distributed in the hope that it will be useful, but WITHOUT
  10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12 # version 2 for more details (a copy is included in the LICENSE file that
  13 # accompanied this code).
  14 #
  15 # You should have received a copy of the GNU General Public License version
  16 # 2 along with this work; if not, write to the Free Software Foundation,
  17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18 #
  19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20 # or visit www.oracle.com if you need additional information or have any
  21 # questions.
  22 #
  23 
  24 #!/bin/ksh
  25 #
  26 # needs ksh to run the script.
  27 
  28 # generate a self-signed root certificate
  29 if [ ! -f root/root_cert.pem ]; then
  30     if [ ! -d root ]; then
  31         mkdir root
  32     fi
  33 
  34     openssl req -x509 -newkey rsa:1024 -keyout root/root_key.pem \
  35         -out root/root_cert.pem -subj "/C=US/O=Example" \
  36         -config openssl.cnf -reqexts cert_issuer -days 7650 \
  37         -passin pass:passphrase -passout pass:passphrase
  38 fi
  39 
  40 # generate a sele-issued root crl issuer certificate
  41 if [ ! -f root/top_crlissuer_cert.pem ]; then
  42     if [ ! -d root ]; then
  43         mkdir root
  44     fi
  45 
  46     openssl req -newkey rsa:1024 -keyout root/top_crlissuer_key.pem \
  47         -out root/top_crlissuer_req.pem -subj "/C=US/O=Example" -days 7650 \
  48         -passin pass:passphrase -passout pass:passphrase
  49 
  50     openssl x509 -req -in root/top_crlissuer_req.pem -extfile openssl.cnf \
  51         -extensions crl_issuer -CA root/root_cert.pem \
  52         -CAkey root/root_key.pem -out root/top_crlissuer_cert.pem \
  53         -CAcreateserial -CAserial root/root_cert.srl -days 7200 \
  54         -passin pass:passphrase
  55 fi
  56 
  57 # generate subca cert issuer and crl iuuser certificates
  58 if [ ! -f subca/subca_cert.pem ]; then
  59     if [ ! -d subca ]; then
  60         mkdir subca
  61     fi
  62 
  63     openssl req -newkey rsa:1024 -keyout subca/subca_key.pem \
  64         -out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \
  65         -days 7650 -passin pass:passphrase -passout pass:passphrase
  66 
  67     openssl x509 -req -in subca/subca_req.pem -extfile openssl.cnf \
  68         -extensions cert_issuer -CA root/root_cert.pem \
  69         -CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \
  70         -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase
  71 
  72     openssl req -newkey rsa:1024 -keyout subca/subca_crlissuer_key.pem \
  73         -out subca/subca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-1" \
  74         -days 7650 -passin pass:passphrase -passout pass:passphrase
  75 
  76     openssl x509 -req -in subca/subca_crlissuer_req.pem -extfile openssl.cnf \
  77         -extensions crl_issuer -CA root/root_cert.pem \
  78         -CAkey root/root_key.pem -out subca/subca_crlissuer_cert.pem \
  79         -CAcreateserial -CAserial root/root_cert.srl -days 7200 \
  80         -passin pass:passphrase
  81 fi
  82 
  83 # generate dumca cert issuer and crl iuuser certificates
  84 if [ ! -f dumca/dumca_cert.pem ]; then
  85     if [ ! -d sumca ]; then
  86         mkdir dumca
  87     fi
  88 
  89     openssl req -newkey rsa:1024 -keyout dumca/dumca_key.pem \
  90         -out dumca/dumca_req.pem -subj "/C=US/O=Example/OU=Class-D" \
  91         -days 7650 -passin pass:passphrase -passout pass:passphrase
  92 
  93     openssl x509 -req -in dumca/dumca_req.pem -extfile openssl.cnf \
  94         -extensions cert_issuer -CA root/root_cert.pem \
  95         -CAkey root/root_key.pem -out dumca/dumca_cert.pem \
  96         -CAcreateserial -CAserial root/root_cert.srl -days 7200 \
  97         -passin pass:passphrase
  98 
  99     openssl req -newkey rsa:1024 -keyout dumca/dumca_crlissuer_key.pem \
 100         -out dumca/dumca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-D" \
 101         -days 7650 -passin pass:passphrase -passout pass:passphrase
 102 
 103     openssl x509 -req -in dumca/dumca_crlissuer_req.pem \
 104         -extfile openssl.cnf -extensions crl_issuer -CA root/root_cert.pem \
 105         -CAkey root/root_key.pem -out dumca/dumca_crlissuer_cert.pem \
 106         -CAcreateserial -CAserial root/root_cert.srl -days 7200 \
 107         -passin pass:passphrase
 108 fi
 109 
 110 # generate certifiacte for Alice
 111 if [ ! -f subca/alice/alice_cert.pem ]; then
 112     if [ ! -d subca/alice ]; then
 113         mkdir -p subca/alice
 114     fi
 115 
 116     openssl req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \
 117         -out subca/alice/alice_req.pem \
 118         -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \
 119         -passin pass:passphrase -passout pass:passphrase
 120 
 121     openssl x509 -req -in subca/alice/alice_req.pem \
 122         -extfile openssl.cnf -extensions ee_of_subca \
 123         -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \
 124         -out subca/alice/alice_cert.pem -CAcreateserial \
 125         -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
 126 fi
 127 
 128 # generate certifiacte for Bob
 129 if [ ! -f subca/bob/bob_cert.pem ]; then
 130     if [ ! -d subca/bob ]; then
 131         mkdir -p subca/bob
 132     fi
 133 
 134     openssl req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \
 135         -out subca/bob/bob_req.pem \
 136         -subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \
 137         -passin pass:passphrase -passout pass:passphrase
 138 
 139     openssl x509 -req -in subca/bob/bob_req.pem \
 140         -extfile openssl.cnf -extensions ee_of_subca \
 141         -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \
 142         -out subca/bob/bob_cert.pem -CAcreateserial \
 143         -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase
 144 fi
 145 
 146 # generate certifiacte for Susan
 147 if [ ! -f subca/susan/susan_cert.pem ]; then
 148     if [ ! -d subca/susan ]; then
 149         mkdir -p subca/susan
 150     fi
 151 
 152     openssl req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \
 153         -out subca/susan/susan_req.pem \
 154         -subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \
 155         -passin pass:passphrase -passout pass:passphrase
 156 
 157     openssl x509 -req -in subca/susan/susan_req.pem -extfile openssl.cnf \
 158         -extensions ee_of_subca -CA subca/subca_cert.pem \
 159         -CAkey subca/subca_key.pem -out subca/susan/susan_cert.pem \
 160         -CAcreateserial -CAserial subca/subca_cert.srl -days 7200 \
 161         -passin pass:passphrase
 162 fi
 163 
 164 
 165 # generate the top CRL
 166 if [ ! -f root/top_crl.pem ]; then
 167     if [ ! -d root ]; then
 168         mkdir root
 169     fi
 170 
 171     if [ ! -f root/index.txt ]; then
 172         touch root/index.txt
 173         echo 00 > root/crlnumber
 174     fi
 175 
 176     openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 \
 177         -crl_reason superseded -keyfile root/top_crlissuer_key.pem \
 178         -cert root/top_crlissuer_cert.pem -out root/top_crl.pem \
 179         -passin pass:passphrase
 180 fi
 181 
 182 # revoke dumca
 183 openssl ca -revoke dumca/dumca_cert.pem -config openssl.cnf \
 184         -name ca_top -crl_reason superseded \
 185         -keyfile root/top_crlissuer_key.pem -cert root/top_crlissuer_cert.pem \
 186         -passin pass:passphrase
 187 
 188 openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 \
 189         -crl_reason superseded -keyfile root/top_crlissuer_key.pem \
 190         -cert root/top_crlissuer_cert.pem -out root/top_crl.pem \
 191         -passin pass:passphrase
 192 
 193 # revoke for subca
 194 if [ ! -f subca/subca_crl.pem ]; then
 195     if [ ! -d subca ]; then
 196         mkdir subca
 197     fi
 198 
 199     if [ ! -f subca/index.txt ]; then
 200         touch subca/index.txt
 201         echo 00 > subca/crlnumber
 202     fi
 203 
 204     openssl ca -gencrl -config openssl.cnf -name ca_subca -crldays 7000 \
 205         -crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \
 206         -cert subca/subca_crlissuer_cert.pem -out subca/subca_crl.pem \
 207         -passin pass:passphrase
 208 fi
 209 
 210 # revoke susan
 211 openssl ca -revoke subca/susan/susan_cert.pem -config openssl.cnf \
 212         -name ca_subca -crl_reason superseded \
 213         -keyfile subca/subca_crlissuer_key.pem \
 214         -cert subca/subca_crlissuer_cert.pem -passin pass:passphrase
 215 
 216 openssl ca -gencrl -config openssl.cnf -name ca_subca -crldays 7000 \
 217         -crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \
 218         -cert subca/subca_crlissuer_cert.pem -out subca/subca_crl.pem \
 219         -passin pass:passphrase