renametest.sh

renametest.sh

#!/bin/sh
#
# renametest.sh
#
# input  : none
# output : all files generated by this script go under $ssldir
#

openssl_bin=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
    openssl_bin=../apps/openssl.exe
fi

function start_message {
    echo ""
    echo "[TEST] $1"
}

function check_exit_status {
    status=$1
    if [ $status -ne 0 ] ; then
        echo ":-< error occurs, exit status = [ $status ]"
        exit $status
    else
        echo $2 ":-) success. "
    fi
}

#---------#---------#---------#---------#---------#---------#---------#---------

#
# create ssldir, and all files generated by this script goes under this dir.
#
ssldir="test"

if [ -d $ssldir ] ; then
    echo "directory [ $ssldir ] exists, this script deletes this directory ..."
    /bin/rm -rf $ssldir
fi

mkdir -p $ssldir

export OPENSSL_CONF=$ssldir/openssl.cnf
touch $OPENSSL_CONF

#---------#---------#---------#---------#---------#---------#---------#---------

#
# prepare test openssl.cnf
#

ca_dir=$ssldir/testCA
tsa_dir=$ssldir/testTSA
ocsp_dir=$ssldir/testOCSP
server_dir=$ssldir/server

cat << __EOF__ > $ssldir/openssl.cnf
oid_section             = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[ ca ]
default_ca    = CA_default
[ CA_default ]
dir           = ./$ca_dir
crl_dir       = \$dir/crl
database      = \$dir/index.txt
new_certs_dir = \$dir/newcerts
serial        = \$dir/serial
crlnumber     = \$dir/crlnumber
default_days  = 1
default_md    = default
policy        = policy_match
[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
[ req ]
distinguished_name      = req_distinguished_name 
[ req_distinguished_name ]
countryName                     = Country Name
countryName_default             = JP
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name
stateOrProvinceName_default     = Tokyo
organizationName                = Organization Name
organizationName_default        = TEST_DUMMY_COMPANY
commonName                      = Common Name
[ tsa ]
default_tsa   = tsa_config1 
[ tsa_config1 ]
dir           = ./$tsa_dir
serial        = \$dir/serial
crypto_device = builtin
digests       = sha1, sha256, sha384, sha512
default_policy = tsa_policy1
other_policies = tsa_policy2, tsa_policy3
[ tsa_ext ]
keyUsage = critical,nonRepudiation
extendedKeyUsage = critical,timeStamping
[ ocsp_ext ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
extendedKeyUsage = OCSPSigning
__EOF__

#---------#---------#---------#---------#---------#---------#---------#---------

#
# setup test CA
#

mkdir -p $ca_dir
mkdir -p $tsa_dir
mkdir -p $ocsp_dir
mkdir -p $server_dir

mkdir -p $ca_dir/certs
mkdir -p $ca_dir/private
mkdir -p $ca_dir/crl
mkdir -p $ca_dir/newcerts
chmod 700 $ca_dir/private
echo "01" > $ca_dir/serial
touch $ca_dir/index.txt 
touch $ca_dir/crlnumber
echo "01" > $ca_dir/crlnumber

# 
# setup test TSA 
#
mkdir -p $tsa_dir/private
chmod 700 $tsa_dir/private
echo "01" > $tsa_dir/serial
touch $tsa_dir/index.txt 

# 
# setup test OCSP 
#
mkdir -p $ocsp_dir/private
chmod 700 $ocsp_dir/private

#---------#---------#---------#---------#---------#---------#---------#--------- 

# --- CA initiate (generate CA key and cert) --- 

start_message "req ... generate CA key and self signed cert"

ca_cert=$ca_dir/ca_cert.pem 
ca_key=$ca_dir/private/ca_key.pem ca_pass=test-ca-pass 

$openssl_bin req -new -x509 -newkey rsa:2048 -out $ca_cert -keyout $ca_key \
    -days 1 -passout pass:$ca_pass -batch \
    -subj '//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testCA.test_dummy.com\'
check_exit_status $?

#---------#---------#---------#---------#---------#---------#---------#---------

# --- TSA initiate (generate TSA key and cert) ---

start_message "req ... generate TSA key and cert"

# generate CSR for TSA

tsa_csr=$tsa_dir/tsa_csr.pem
tsa_key=$tsa_dir/private/tsa_key.pem
tsa_pass=test-tsa-pass

$openssl_bin req -new -keyout $tsa_key -out $tsa_csr -passout pass:$tsa_pass \
    -subj '//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testTSA.test_dummy.com\'
check_exit_status $?

start_message "ca ... sign by CA with TSA extensions"

tsa_cert=$tsa_dir/tsa_cert.pem

$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
-in $tsa_csr -out $tsa_cert -extensions tsa_ext
check_exit_status $?

#---------#---------#---------#---------#---------#---------#---------#---------

# --- OCSP initiate (generate OCSP key and cert) ---

start_message "req ... generate OCSP key and cert"

# generate CSR for OCSP 

ocsp_csr=$ocsp_dir/ocsp_csr.pem
ocsp_key=$ocsp_dir/private/ocsp_key.pem

$openssl_bin req -new -keyout $ocsp_key -nodes -out $ocsp_csr \
    -subj '//C=JP\ST=Tokyo\O=TEST_DUMMY_COMPANY\CN=testOCSP.test_dummy.com\'
check_exit_status $?

start_message "ca ... sign by CA with OCSP extensions"

ocsp_cert=$ocsp_dir/ocsp_cert.pem

$openssl_bin ca -batch -cert $ca_cert -keyfile $ca_key -key $ca_pass \
-in $ocsp_csr -out $ocsp_cert -extensions ocsp_ext
check_exit_status $?