1#!/bin/bash 2# 3# assemble-chains.sh 4# Create certs and assemble all the certificate CA path test cert chains. 5 6check_result(){ 7 if [ $1 -ne 0 ]; then 8 echo "$2 Failed, Abort" 9 exit 1 10 else 11 echo "$2 Succeeded!" 12 fi 13} 14 15create_an_intermediate(){ 16 # $1 - chain ID 17 # $2 - ICA Number (Example entity signed by ICA1 signed by ICA2 and so on) 18 # $2 - pathLength to use 19 # $3 - Signer of this Intermediate 20 # $4 - The signers Key 21 # example: create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem" 22 chainID="$1" 23 icaNum="$2" 24 pathLen="$3" 25 signer="$4" 26 signerKey="$5" 27 echo "pathLen = $3, $pathLen" 28 echo "" 29 #pipe the following arguments to openssl req... 30 31 if [ "$pathLen" = "no_pathlen" ]; then 32 echo "Updating $chainID-$icaNum-$pathLen.pem" 33 34 echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-$icaNum-$pathLen\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-$icaNum-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem 35 check_result $? "Step 1" 36 37 openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts_ICA -days 1000 -CA $signer -CAkey $signerKey -set_serial 100 -sha256 > "$chainID-$icaNum-$pathLen.pem" 38 check_result $? "Step 2" 39 40 rm temp-req.pem 41 openssl x509 -in "$chainID-$icaNum-$pathLen.pem" -text > ca_tmp.pem 42 check_result $? "Step 3" 43 mv ca_tmp.pem "$chainID-$icaNum-$pathLen.pem" 44 else 45 echo "Updating $chainID-$icaNum-pathlen$pathLen.pem" 46 47 echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-$icaNum-pathlen$pathLen\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-$icaNum-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem 48 check_result $? "Step 1" 49 50 openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions "pathlen_$pathLen" -days 1000 -CA $signer -CAkey $signerKey -set_serial 100 -sha256 > "$chainID-$icaNum-pathlen$pathLen.pem" 51 check_result $? "Step 2" 52 53 rm temp-req.pem 54 openssl x509 -in "$chainID-$icaNum-pathlen$pathLen.pem" -text > ca_tmp.pem 55 check_result $? "Step 3" 56 mv ca_tmp.pem "$chainID-$icaNum-pathlen$pathLen.pem" 57 fi 58 echo "End of Section" 59 echo "-------------------------------------------------------------------------" 60} 61 62########################################################### 63########## update chainA-entity.pem ################ 64########################################################### 65create_an_entity(){ 66 # $1 - chain ID 67 # $2 - ICA Number (Example entity signed by ICA1 signed by ICA2 and so on) 68 # $2 - pathLength to use 69 # $3 - Signer of this Intermediate 70 # $4 - The signers Key 71 # example: create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem" 72 chainID="$1" 73 signer="$2" 74 signerKey="$3" 75 echo "Updating $chainID-entity.pem" 76 echo "" 77 #pipe the following arguments to openssl req... 78 echo -e "US\\nWashington\\nSeattle\\nwolfSSL Inc.\\nEngineering\\n$chainID-entity\\ninfo@wolfssl.com\\n.\\n.\\n" | openssl req -new -key "$chainID-entity-key.pem" -config ../renewcerts/wolfssl.cnf -nodes -sha256 > temp-req.pem 79 check_result $? "Step 1" 80 81 openssl x509 -req -in temp-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA "$signer" -CAkey "$signerKey" -set_serial 101 -sha256 > "$chainID"-entity.pem 82 check_result $? "Step 2" 83 84 rm temp-req.pem 85 openssl x509 -in "$chainID"-entity.pem -text > cert_tmp.pem 86 check_result $? "Step 3" 87 mv cert_tmp.pem "$chainID"-entity.pem 88 echo "End of Section" 89 echo "-------------------------------------------------------------------------" 90} 91 92########################################################### 93########## Create the certs ################ 94########################################################### 95create_an_intermediate "chainA" "ICA1" "0" "../ca-cert.pem" "../ca-key.pem" 96create_an_entity "chainA" "chainA-ICA1-pathlen0.pem" "chainA-ICA1-key.pem" 97 98create_an_intermediate "chainB" "ICA2" "1" "../ca-cert.pem" "../ca-key.pem" 99create_an_intermediate "chainB" "ICA1" "0" "chainB-ICA2-pathlen1.pem" "chainB-ICA2-key.pem" 100create_an_entity "chainB" "chainB-ICA1-pathlen0.pem" "chainB-ICA1-key.pem" 101 102create_an_intermediate "chainC" "ICA1" "1" "../ca-cert.pem" "../ca-key.pem" 103create_an_entity "chainC" "chainC-ICA1-pathlen1.pem" "chainC-ICA1-key.pem" 104 105create_an_intermediate "chainD" "ICA1" "127" "../ca-cert.pem" "../ca-key.pem" 106create_an_entity "chainD" "chainD-ICA1-pathlen127.pem" "chainD-ICA1-key.pem" 107 108create_an_intermediate "chainE" "ICA1" "128" "../ca-cert.pem" "../ca-key.pem" 109create_an_entity "chainE" "chainE-ICA1-pathlen128.pem" "chainE-ICA1-key.pem" 110 111create_an_intermediate "chainF" "ICA2" "0" "../ca-cert.pem" "../ca-key.pem" 112create_an_intermediate "chainF" "ICA1" "1" "chainF-ICA2-pathlen0.pem" "chainF-ICA2-key.pem" 113create_an_entity "chainF" "chainF-ICA1-pathlen1.pem" "chainF-ICA1-key.pem" 114 115create_an_intermediate "chainG" "ICA7" "100" "../ca-cert.pem" "../ca-key.pem" 116create_an_intermediate "chainG" "ICA6" "10" "chainG-ICA7-pathlen100.pem" "chainG-ICA7-key.pem" 117create_an_intermediate "chainG" "ICA5" "20" "chainG-ICA6-pathlen10.pem" "chainG-ICA6-key.pem" 118create_an_intermediate "chainG" "ICA4" "5" "chainG-ICA5-pathlen20.pem" "chainG-ICA5-key.pem" 119create_an_intermediate "chainG" "ICA3" "99" "chainG-ICA4-pathlen5.pem" "chainG-ICA4-key.pem" 120create_an_intermediate "chainG" "ICA2" "1" "chainG-ICA3-pathlen99.pem" "chainG-ICA3-key.pem" 121create_an_intermediate "chainG" "ICA1" "0" "chainG-ICA2-pathlen1.pem" "chainG-ICA2-key.pem" 122create_an_entity "chainG" "chainG-ICA1-pathlen0.pem" "chainG-ICA1-key.pem" 123 124# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0 125# max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert. 126create_an_intermediate "chainH" "ICA4" "2" "../ca-cert.pem" "../ca-key.pem" 127create_an_intermediate "chainH" "ICA3" "2" "chainH-ICA4-pathlen2.pem" "chainH-ICA4-key.pem" 128create_an_intermediate "chainH" "ICA2" "2" "chainH-ICA3-pathlen2.pem" "chainH-ICA3-key.pem" 129create_an_intermediate "chainH" "ICA1" "0" "chainH-ICA2-pathlen2.pem" "chainH-ICA2-key.pem" 130create_an_entity "chainH" "chainH-ICA1-pathlen0.pem" "chainH-ICA1-key.pem" 131 132# Success, PathLen of 2 followed by 2 Intermediates with no pathLen set 133create_an_intermediate "chainI" "ICA3" "2" "../ca-cert.pem" "../ca-key.pem" 134create_an_intermediate "chainI" "ICA2" "no_pathlen" "chainI-ICA3-pathlen2.pem" "chainI-ICA3-key.pem" 135create_an_intermediate "chainI" "ICA1" "no_pathlen" "chainI-ICA2-no_pathlen.pem" "chainI-ICA2-key.pem" 136create_an_entity "chainI" "chainI-ICA1-no_pathlen.pem" "chainI-ICA1-key.pem" 137 138# Fail: PathLen of 2 followed by 3 Intermediates with no pathLen set 139create_an_intermediate "chainJ" "ICA4" "2" "../ca-cert.pem" "../ca-key.pem" 140create_an_intermediate "chainJ" "ICA3" "no_pathlen" "chainJ-ICA4-pathlen2.pem" "chainJ-ICA4-key.pem" 141create_an_intermediate "chainJ" "ICA2" "no_pathlen" "chainJ-ICA3-no_pathlen.pem" "chainJ-ICA3-key.pem" 142create_an_intermediate "chainJ" "ICA1" "no_pathlen" "chainJ-ICA2-no_pathlen.pem" "chainJ-ICA2-key.pem" 143create_an_entity "chainJ" "chainJ-ICA1-no_pathlen.pem" "chainJ-ICA1-key.pem" 144 145########################################################### 146########## Assemble Chains ################ 147########################################################### 148# Success: PathLen of 0 149## chainA-ICA1-pathlen0.pem: signed by ca-cert.pem 150## chainA-entity.pem: signed by chainA-ICA1-pathlen0.pem 151cat chainA-entity.pem chainA-ICA1-pathlen0.pem > chainA-assembled.pem 152 153# Success: PathLen of 1 154## chainB-ICA2-pathlen1.pem: signed by ca-cert.pem 155## chainB-ICA1-pathlen0.pem: signed by chainB-ICA2-pathlen1.pem 156## chainB-entity.pem: signed by chainB-ICA1-pathlen0.pem 157cat chainB-entity.pem chainB-ICA1-pathlen0.pem chainB-ICA2-pathlen1.pem > chainB-assembled.pem 158## chainC-entity.pem: signed by chainC-ICA1-pathlen1.pem 159cat chainC-entity.pem chainC-ICA1-pathlen1.pem > chainC-assembled.pem 160 161# Success: PathLen of 127 162## chainD-ICA1-pathlen127.pem: signed by ca-cert.pem 163## chainD-entity.pem: signed by chainD-entity.pem 164cat chainD-entity.pem chainD-ICA1-pathlen127.pem > chainD-assembled.pem 165 166# Failure: PathLen of 128 167## chainE-ICA1-pathlen128.pem: signed by ca-cert.pem 168## chainE-entity.pem: signed by chainE-ICA1-pathlen128.pem 169cat chainE-entity.pem chainE-ICA1-pathlen128.pem > chainE-assembled.pem 170 171# Failure: PathLen of 0, signing PathLen of 1 172## chainF-ICA1-pathlen1.pem: signed by chainA-ICA1-pathlen0.pem 173## chainF-entity.pem: signed by chainF-ICA1-pathlen1.pem 174cat chainF-entity.pem chainF-ICA1-pathlen1.pem chainF-ICA2-pathlen0.pem > chainF-assembled.pem 175 176# Success: PathLen of 127, signing PathLen of 10, signing PathLen of 20, signing 177# PathLen of 5, signing PathLen of 99, signing PathLen of 1, signing 178# PathLen of 0 179cat chainG-entity.pem chainG-ICA1-pathlen0.pem > chainG-assembled.pem 180cat chainG-ICA2-pathlen1.pem chainG-ICA3-pathlen99.pem >> chainG-assembled.pem 181cat chainG-ICA4-pathlen5.pem chainG-ICA5-pathlen20.pem >> chainG-assembled.pem 182cat chainG-ICA6-pathlen10.pem chainG-ICA7-pathlen100.pem >> chainG-assembled.pem 183 184# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0 185# max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert. 186cat chainH-entity.pem chainH-ICA1-pathlen0.pem > chainH-assembled.pem 187cat chainH-ICA2-pathlen2.pem chainH-ICA3-pathlen2.pem >> chainH-assembled.pem 188cat chainH-ICA4-pathlen2.pem >> chainH-assembled.pem 189 190# Fail: 191cat chainI-entity.pem chainI-ICA1-no_pathlen.pem > chainI-assembled.pem 192cat chainI-ICA2-no_pathlen.pem chainI-ICA3-pathlen2.pem >> chainI-assembled.pem 193 194# Fail: PathLen of 2, signing PathLen of 2, signing Pathlen of 2, signing PathLen 0 195# max_path_len = 2, max_path_len -= 1 (1), max_path_len -= 1 (0), max-path_len 0, non-entity cert. 196cat chainJ-entity.pem chainJ-ICA1-no_pathlen.pem > chainJ-assembled.pem 197cat chainJ-ICA2-no_pathlen.pem chainJ-ICA3-no_pathlen.pem >> chainJ-assembled.pem 198cat chainJ-ICA4-pathlen2.pem >> chainJ-assembled.pem 199 200