Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/java/security/cert/CertPathValidator/indirectCRL/generate.sh
41161 views
1
#

2
# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.

3
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
#

5
# This code is free software; you can redistribute it and/or modify it

6
# under the terms of the GNU General Public License version 2 only, as

7
# published by the Free Software Foundation.

8
#

9
# This code is distributed in the hope that it will be useful, but WITHOUT

10
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
# version 2 for more details (a copy is included in the LICENSE file that

13
# accompanied this code).

14
#

15
# You should have received a copy of the GNU General Public License version

16
# 2 along with this work; if not, write to the Free Software Foundation,

17
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
#

19
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
# or visit www.oracle.com if you need additional information or have any

21
# questions.

22
#

23


24
#!/bin/ksh

25
#

26
# needs ksh to run the script.

27


28
# generate a self-signed root certificate

29
if [ ! -f root/root_cert.pem ]; then

30
    if [ ! -d root ]; then

31
        mkdir root

32
    fi

33


34
    openssl req -x509 -newkey rsa:1024 -keyout root/root_key.pem \

35
        -out root/root_cert.pem -subj "/C=US/O=Example" \

36
        -config openssl.cnf -reqexts cert_issuer -days 7650 \

37
        -passin pass:passphrase -passout pass:passphrase

38
fi

39


40
# generate a sele-issued root crl issuer certificate

41
if [ ! -f root/top_crlissuer_cert.pem ]; then

42
    if [ ! -d root ]; then

43
        mkdir root

44
    fi

45


46
    openssl req -newkey rsa:1024 -keyout root/top_crlissuer_key.pem \

47
        -out root/top_crlissuer_req.pem -subj "/C=US/O=Example" -days 7650 \

48
        -passin pass:passphrase -passout pass:passphrase

49


50
    openssl x509 -req -in root/top_crlissuer_req.pem -extfile openssl.cnf \

51
        -extensions crl_issuer -CA root/root_cert.pem \

52
        -CAkey root/root_key.pem -out root/top_crlissuer_cert.pem \

53
        -CAcreateserial -CAserial root/root_cert.srl -days 7200 \

54
        -passin pass:passphrase

55
fi

56


57
# generate subca cert issuer and crl iuuser certificates

58
if [ ! -f subca/subca_cert.pem ]; then

59
    if [ ! -d subca ]; then

60
        mkdir subca

61
    fi

62


63
    openssl req -newkey rsa:1024 -keyout subca/subca_key.pem \

64
        -out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \

65
        -days 7650 -passin pass:passphrase -passout pass:passphrase

66


67
    openssl x509 -req -in subca/subca_req.pem -extfile openssl.cnf \

68
        -extensions cert_issuer -CA root/root_cert.pem \

69
        -CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \

70
        -CAserial root/root_cert.srl -days 7200 -passin pass:passphrase

71


72
    openssl req -newkey rsa:1024 -keyout subca/subca_crlissuer_key.pem \

73
        -out subca/subca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-1" \

74
        -days 7650 -passin pass:passphrase -passout pass:passphrase

75


76
    openssl x509 -req -in subca/subca_crlissuer_req.pem -extfile openssl.cnf \

77
        -extensions crl_issuer -CA root/root_cert.pem \

78
        -CAkey root/root_key.pem -out subca/subca_crlissuer_cert.pem \

79
        -CAcreateserial -CAserial root/root_cert.srl -days 7200 \

80
        -passin pass:passphrase

81
fi

82


83
# generate dumca cert issuer and crl iuuser certificates

84
if [ ! -f dumca/dumca_cert.pem ]; then

85
    if [ ! -d sumca ]; then

86
        mkdir dumca

87
    fi

88


89
    openssl req -newkey rsa:1024 -keyout dumca/dumca_key.pem \

90
        -out dumca/dumca_req.pem -subj "/C=US/O=Example/OU=Class-D" \

91
        -days 7650 -passin pass:passphrase -passout pass:passphrase

92


93
    openssl x509 -req -in dumca/dumca_req.pem -extfile openssl.cnf \

94
        -extensions cert_issuer -CA root/root_cert.pem \

95
        -CAkey root/root_key.pem -out dumca/dumca_cert.pem \

96
        -CAcreateserial -CAserial root/root_cert.srl -days 7200 \

97
        -passin pass:passphrase

98


99
    openssl req -newkey rsa:1024 -keyout dumca/dumca_crlissuer_key.pem \

100
        -out dumca/dumca_crlissuer_req.pem -subj "/C=US/O=Example/OU=Class-D" \

101
        -days 7650 -passin pass:passphrase -passout pass:passphrase

102


103
    openssl x509 -req -in dumca/dumca_crlissuer_req.pem \

104
        -extfile openssl.cnf -extensions crl_issuer -CA root/root_cert.pem \

105
        -CAkey root/root_key.pem -out dumca/dumca_crlissuer_cert.pem \

106
        -CAcreateserial -CAserial root/root_cert.srl -days 7200 \

107
        -passin pass:passphrase

108
fi

109


110
# generate certifiacte for Alice

111
if [ ! -f subca/alice/alice_cert.pem ]; then

112
    if [ ! -d subca/alice ]; then

113
        mkdir -p subca/alice

114
    fi

115


116
    openssl req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \

117
        -out subca/alice/alice_req.pem \

118
        -subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \

119
        -passin pass:passphrase -passout pass:passphrase

120


121
    openssl x509 -req -in subca/alice/alice_req.pem \

122
        -extfile openssl.cnf -extensions ee_of_subca \

123
        -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \

124
        -out subca/alice/alice_cert.pem -CAcreateserial \

125
        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase

126
fi

127


128
# generate certifiacte for Bob

129
if [ ! -f subca/bob/bob_cert.pem ]; then

130
    if [ ! -d subca/bob ]; then

131
        mkdir -p subca/bob

132
    fi

133


134
    openssl req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \

135
        -out subca/bob/bob_req.pem \

136
        -subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \

137
        -passin pass:passphrase -passout pass:passphrase

138


139
    openssl x509 -req -in subca/bob/bob_req.pem \

140
        -extfile openssl.cnf -extensions ee_of_subca \

141
        -CA subca/subca_cert.pem -CAkey subca/subca_key.pem \

142
        -out subca/bob/bob_cert.pem -CAcreateserial \

143
        -CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase

144
fi

145


146
# generate certifiacte for Susan

147
if [ ! -f subca/susan/susan_cert.pem ]; then

148
    if [ ! -d subca/susan ]; then

149
        mkdir -p subca/susan

150
    fi

151


152
    openssl req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \

153
        -out subca/susan/susan_req.pem \

154
        -subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \

155
        -passin pass:passphrase -passout pass:passphrase

156


157
    openssl x509 -req -in subca/susan/susan_req.pem -extfile openssl.cnf \

158
        -extensions ee_of_subca -CA subca/subca_cert.pem \

159
        -CAkey subca/subca_key.pem -out subca/susan/susan_cert.pem \

160
        -CAcreateserial -CAserial subca/subca_cert.srl -days 7200 \

161
        -passin pass:passphrase

162
fi

163


164


165
# generate the top CRL

166
if [ ! -f root/top_crl.pem ]; then

167
    if [ ! -d root ]; then

168
        mkdir root

169
    fi

170


171
    if [ ! -f root/index.txt ]; then

172
        touch root/index.txt

173
        echo 00 > root/crlnumber

174
    fi

175


176
    openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 \

177
        -crl_reason superseded -keyfile root/top_crlissuer_key.pem \

178
        -cert root/top_crlissuer_cert.pem -out root/top_crl.pem \

179
        -passin pass:passphrase

180
fi

181


182
# revoke dumca

183
openssl ca -revoke dumca/dumca_cert.pem -config openssl.cnf \

184
        -name ca_top -crl_reason superseded \

185
        -keyfile root/top_crlissuer_key.pem -cert root/top_crlissuer_cert.pem \

186
        -passin pass:passphrase

187


188
openssl ca -gencrl -config openssl.cnf -name ca_top -crldays 7000 \

189
        -crl_reason superseded -keyfile root/top_crlissuer_key.pem \

190
        -cert root/top_crlissuer_cert.pem -out root/top_crl.pem \

191
        -passin pass:passphrase

192


193
# revoke for subca

194
if [ ! -f subca/subca_crl.pem ]; then

195
    if [ ! -d subca ]; then

196
        mkdir subca

197
    fi

198


199
    if [ ! -f subca/index.txt ]; then

200
        touch subca/index.txt

201
        echo 00 > subca/crlnumber

202
    fi

203


204
    openssl ca -gencrl -config openssl.cnf -name ca_subca -crldays 7000 \

205
        -crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \

206
        -cert subca/subca_crlissuer_cert.pem -out subca/subca_crl.pem \

207
        -passin pass:passphrase

208
fi

209


210
# revoke susan

211
openssl ca -revoke subca/susan/susan_cert.pem -config openssl.cnf \

212
        -name ca_subca -crl_reason superseded \

213
        -keyfile subca/subca_crlissuer_key.pem \

214
        -cert subca/subca_crlissuer_cert.pem -passin pass:passphrase

215


216
openssl ca -gencrl -config openssl.cnf -name ca_subca -crldays 7000 \

217
        -crl_reason superseded -keyfile subca/subca_crlissuer_key.pem \

218
        -cert subca/subca_crlissuer_cert.pem -out subca/subca_crl.pem \

219
        -passin pass:passphrase

220


221