1#!/bin/bash
2#
3# assemble-chains.sh
4# Create certs and assemble all the certificate CA path test cert chains.
5
6check_result(){
7    if [ $1 -ne 0 ]; then
8        echo "$2 Failed, Abort"
9        exit 1
10    else
11        echo "$2 Succeeded!"
12    fi
13}
14
15create_an_intermediate(){
16    # $1 - chain ID
17    # $2 - ICA Number (Example entity signed by ICA1 signed by ICA2 and so on)
18    # $2 - pathLength to use
19    # $3 - Signer of this Intermediate
20    # $4 - The signers Key
21    # example: create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem"
22    chainID="$1"
23    icaNum="$2"
24    pathLen="$3"
25    signer="$4"
26    signerKey="$5"
27    echo "pathLen = $3, $pathLen"
28    echo ""
29    #pipe the following arguments to openssl req...
30
31    if [ "$pathLen" = "no_pathlen" ]; then
32        echo "Updating $chainID-$icaNum-$pathLen.pem"
33
34        echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-$icaNum-$pathLen\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-$icaNum-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem
35        check_result $? "Step 1"
36
37        openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts_ICA -days 1000 -CA $signer -CAkey $signerKey -set_serial 100 -sha256 > "$chainID-$icaNum-$pathLen.pem"
38        check_result $? "Step 2"
39
40        rm temp-req.pem
41        openssl x509 -in "$chainID-$icaNum-$pathLen.pem" -text > ca_tmp.pem
42        check_result $? "Step 3"
43        mv ca_tmp.pem "$chainID-$icaNum-$pathLen.pem"
44    else
45        echo "Updating $chainID-$icaNum-pathlen$pathLen.pem"
46
47        echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-$icaNum-pathlen$pathLen\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-$icaNum-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem
48        check_result $? "Step 1"
49
50        openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions "pathlen_$pathLen" -days 1000 -CA $signer -CAkey $signerKey -set_serial 100 -sha256 > "$chainID-$icaNum-pathlen$pathLen.pem"
51        check_result $? "Step 2"
52
53        rm temp-req.pem
54        openssl x509 -in "$chainID-$icaNum-pathlen$pathLen.pem" -text > ca_tmp.pem
55        check_result $? "Step 3"
56        mv ca_tmp.pem "$chainID-$icaNum-pathlen$pathLen.pem"
57    fi
58    echo "End of Section"
59    echo "-------------------------------------------------------------------------"
60}
61
62###########################################################
63########## update chainA-entity.pem        ################
64###########################################################
65create_an_entity(){
66    # $1 - chain ID
67    # $2 - ICA Number (Example entity signed by ICA1 signed by ICA2 and so on)
68    # $2 - pathLength to use
69    # $3 - Signer of this Intermediate
70    # $4 - The signers Key
71    # example: create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem"
72    chainID="$1"
73    signer="$2"
74    signerKey="$3"
75    echo "Updating $chainID-entity.pem"
76    echo ""
77    #pipe the following arguments to openssl req...
78    echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-entity\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-entity-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem
79    check_result $? "Step 1"
80
81    openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA "$signer" -CAkey "$signerKey" -set_serial 101 -sha256 > "$chainID"-entity.pem
82    check_result $? "Step 2"
83
84    rm temp-req.pem
85    openssl x509 -in "$chainID"-entity.pem -text > cert_tmp.pem
86    check_result $? "Step 3"
87    mv cert_tmp.pem "$chainID"-entity.pem
88    echo "End of Section"
89    echo "-------------------------------------------------------------------------"
90}
91
92###########################################################
93########## Create the certs                ################
94###########################################################
95create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem"
96create_an_entity "chainA" "chainA-ICA1-pathlen0.pem" "chainA-ICA1-key.pem"
97
98create_an_intermediate "chainB" "ICA2" "1" "../ca-cert.pem" "../ca-key.pem"
99create_an_intermediate "chainB" "ICA1" "0" "chainB-ICA2-pathlen1.pem" "chainB-ICA2-key.pem"
100create_an_entity "chainB" "chainB-ICA1-pathlen0.pem" "chainB-ICA1-key.pem"
101
102create_an_intermediate "chainC" "ICA1" "1" "../ca-cert.pem" "../ca-key.pem"
103create_an_entity "chainC" "chainC-ICA1-pathlen1.pem" "chainC-ICA1-key.pem"
104
105create_an_intermediate "chainD" "ICA1" "127" "../ca-cert.pem" "../ca-key.pem"
106create_an_entity "chainD" "chainD-ICA1-pathlen127.pem" "chainD-ICA1-key.pem"
107
108create_an_intermediate "chainE" "ICA1" "128" "../ca-cert.pem" "../ca-key.pem"
109create_an_entity "chainE" "chainE-ICA1-pathlen128.pem" "chainE-ICA1-key.pem"
110
111create_an_intermediate "chainF" "ICA2" "0" "../ca-cert.pem" "../ca-key.pem"
112create_an_intermediate "chainF" "ICA1" "1" "chainF-ICA2-pathlen0.pem" "chainF-ICA2-key.pem"
113create_an_entity "chainF" "chainF-ICA1-pathlen1.pem" "chainF-ICA1-key.pem"
114
115create_an_intermediate "chainG" "ICA7" "100" "../ca-cert.pem" "../ca-key.pem"
116create_an_intermediate "chainG" "ICA6" "10" "chainG-ICA7-pathlen100.pem" "chainG-ICA7-key.pem"
117create_an_intermediate "chainG" "ICA5" "20" "chainG-ICA6-pathlen10.pem" "chainG-ICA6-key.pem"
118create_an_intermediate "chainG" "ICA4" "5" "chainG-ICA5-pathlen20.pem" "chainG-ICA5-key.pem"
119create_an_intermediate "chainG" "ICA3" "99" "chainG-ICA4-pathlen5.pem" "chainG-ICA4-key.pem"
120create_an_intermediate "chainG" "ICA2" "1" "chainG-ICA3-pathlen99.pem" "chainG-ICA3-key.pem"
121create_an_intermediate "chainG" "ICA1" "0" "chainG-ICA2-pathlen1.pem" "chainG-ICA2-key.pem"
122create_an_entity "chainG" "chainG-ICA1-pathlen0.pem" "chainG-ICA1-key.pem"
123
124# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0
125#       max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert.
126create_an_intermediate "chainH" "ICA4" "2" "../ca-cert.pem" "../ca-key.pem"
127create_an_intermediate "chainH" "ICA3" "2" "chainH-ICA4-pathlen2.pem" "chainH-ICA4-key.pem"
128create_an_intermediate "chainH" "ICA2" "2" "chainH-ICA3-pathlen2.pem" "chainH-ICA3-key.pem"
129create_an_intermediate "chainH" "ICA1" "0" "chainH-ICA2-pathlen2.pem" "chainH-ICA2-key.pem"
130create_an_entity "chainH" "chainH-ICA1-pathlen0.pem" "chainH-ICA1-key.pem"
131
132# Success, PathLen of 2 followed by 2 Intermediates with no pathLen set
133create_an_intermediate "chainI" "ICA3" "2" "../ca-cert.pem" "../ca-key.pem"
134create_an_intermediate "chainI" "ICA2" "no_pathlen" "chainI-ICA3-pathlen2.pem" "chainI-ICA3-key.pem"
135create_an_intermediate "chainI" "ICA1" "no_pathlen" "chainI-ICA2-no_pathlen.pem" "chainI-ICA2-key.pem"
136create_an_entity "chainI" "chainI-ICA1-no_pathlen.pem" "chainI-ICA1-key.pem"
137
138# Fail: PathLen of 2 followed by 3 Intermediates with no pathLen set
139create_an_intermediate "chainJ" "ICA4" "2" "../ca-cert.pem" "../ca-key.pem"
140create_an_intermediate "chainJ" "ICA3" "no_pathlen" "chainJ-ICA4-pathlen2.pem" "chainJ-ICA4-key.pem"
141create_an_intermediate "chainJ" "ICA2" "no_pathlen" "chainJ-ICA3-no_pathlen.pem" "chainJ-ICA3-key.pem"
142create_an_intermediate "chainJ" "ICA1" "no_pathlen" "chainJ-ICA2-no_pathlen.pem" "chainJ-ICA2-key.pem"
143create_an_entity "chainJ" "chainJ-ICA1-no_pathlen.pem" "chainJ-ICA1-key.pem"
144
145###########################################################
146########## Assemble Chains                 ################
147###########################################################
148# Success: PathLen of 0
149## chainA-ICA1-pathlen0.pem: signed by ca-cert.pem
150## chainA-entity.pem: signed by chainA-ICA1-pathlen0.pem
151cat chainA-entity.pem chainA-ICA1-pathlen0.pem > chainA-assembled.pem
152
153# Success: PathLen of 1
154## chainB-ICA2-pathlen1.pem: signed by ca-cert.pem
155## chainB-ICA1-pathlen0.pem: signed by chainB-ICA2-pathlen1.pem
156## chainB-entity.pem: signed by chainB-ICA1-pathlen0.pem
157cat chainB-entity.pem chainB-ICA1-pathlen0.pem chainB-ICA2-pathlen1.pem > chainB-assembled.pem
158## chainC-entity.pem: signed by chainC-ICA1-pathlen1.pem
159cat chainC-entity.pem chainC-ICA1-pathlen1.pem > chainC-assembled.pem
160
161# Success: PathLen of 127
162## chainD-ICA1-pathlen127.pem: signed by ca-cert.pem
163## chainD-entity.pem: signed by chainD-entity.pem
164cat chainD-entity.pem chainD-ICA1-pathlen127.pem > chainD-assembled.pem
165
166# Failure: PathLen of 128
167## chainE-ICA1-pathlen128.pem: signed by ca-cert.pem
168## chainE-entity.pem: signed by chainE-ICA1-pathlen128.pem
169cat chainE-entity.pem chainE-ICA1-pathlen128.pem > chainE-assembled.pem
170
171# Failure: PathLen of 0, signing PathLen of 1
172## chainF-ICA1-pathlen1.pem: signed by chainA-ICA1-pathlen0.pem
173## chainF-entity.pem: signed by chainF-ICA1-pathlen1.pem
174cat chainF-entity.pem chainF-ICA1-pathlen1.pem chainF-ICA2-pathlen0.pem > chainF-assembled.pem
175
176# Success: PathLen of 127, signing PathLen of 10, signing PathLen of 20, signing
177#          PathLen of 5, signing PathLen of 99, signing PathLen of 1, signing
178#          PathLen of 0
179cat chainG-entity.pem chainG-ICA1-pathlen0.pem > chainG-assembled.pem
180cat chainG-ICA2-pathlen1.pem chainG-ICA3-pathlen99.pem >> chainG-assembled.pem
181cat chainG-ICA4-pathlen5.pem chainG-ICA5-pathlen20.pem >> chainG-assembled.pem
182cat chainG-ICA6-pathlen10.pem chainG-ICA7-pathlen100.pem >> chainG-assembled.pem
183
184# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0
185#       max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert.
186cat chainH-entity.pem chainH-ICA1-pathlen0.pem > chainH-assembled.pem
187cat chainH-ICA2-pathlen2.pem chainH-ICA3-pathlen2.pem >> chainH-assembled.pem
188cat chainH-ICA4-pathlen2.pem >> chainH-assembled.pem
189
190# Fail:
191cat chainI-entity.pem chainI-ICA1-no_pathlen.pem > chainI-assembled.pem
192cat chainI-ICA2-no_pathlen.pem chainI-ICA3-pathlen2.pem >> chainI-assembled.pem
193
194# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0
195#       max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert.
196cat chainJ-entity.pem chainJ-ICA1-no_pathlen.pem > chainJ-assembled.pem
197cat chainJ-ICA2-no_pathlen.pem chainJ-ICA3-no_pathlen.pem >> chainJ-assembled.pem
198cat chainJ-ICA4-pathlen2.pem >> chainJ-assembled.pem
199
200