Path: blob/master/test/jdk/java/security/cert/CertPathValidator/nameConstraints/generate.sh
41161 views
#1# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.2# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3#4# This code is free software; you can redistribute it and/or modify it5# under the terms of the GNU General Public License version 2 only, as6# published by the Free Software Foundation.7#8# This code is distributed in the hope that it will be useful, but WITHOUT9# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11# version 2 for more details (a copy is included in the LICENSE file that12# accompanied this code).13#14# You should have received a copy of the GNU General Public License version15# 2 along with this work; if not, write to the Free Software Foundation,16# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17#18# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19# or visit www.oracle.com if you need additional information or have any20# questions.21#2223#!/bin/ksh24#25# needs ksh to run the script.26OPENSSL=openssl2728# generate a self-signed root certificate29if [ ! -f root/root_cert.pem ]; then30if [ ! -d root ]; then31mkdir root32fi3334${OPENSSL} req -x509 -newkey rsa:1024 -keyout root/root_key.pem \35-out root/root_cert.pem -subj "/C=US/O=Example" \36-config openssl.cnf -reqexts cert_issuer -days 7650 \37-passin pass:passphrase -passout pass:passphrase38fi3940# generate subca cert issuer41if [ ! -f subca/subca_cert.pem ]; then42if [ ! -d subca ]; then43mkdir subca44fi4546${OPENSSL} req -newkey rsa:1024 -keyout subca/subca_key.pem \47-out subca/subca_req.pem -subj "/C=US/O=Example/OU=Class-1" \48-days 7650 -passin pass:passphrase -passout pass:passphrase4950${OPENSSL} x509 -req -in subca/subca_req.pem -extfile openssl.cnf \51-extensions cert_issuer -CA root/root_cert.pem \52-CAkey root/root_key.pem -out subca/subca_cert.pem -CAcreateserial \53-CAserial root/root_cert.srl -days 7200 -passin pass:passphrase54fi5556# generate certifiacte for Alice57if [ ! -f subca/alice/alice_cert.pem ]; then58if [ ! -d subca/alice ]; then59mkdir -p subca/alice60fi6162${OPENSSL} req -newkey rsa:1024 -keyout subca/alice/alice_key.pem \63-out subca/alice/alice_req.pem \64-subj "/C=US/O=Example/OU=Class-1/CN=Alice" -days 7650 \65-passin pass:passphrase -passout pass:passphrase6667${OPENSSL} x509 -req -in subca/alice/alice_req.pem \68-extfile openssl.cnf -extensions alice_of_subca \69-CA subca/subca_cert.pem -CAkey subca/subca_key.pem \70-out subca/alice/alice_cert.pem -CAcreateserial \71-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase72fi7374# generate certifiacte for Bob75if [ ! -f subca/bob/bob.pem ]; then76if [ ! -d subca/bob ]; then77mkdir -p subca/bob78fi7980${OPENSSL} req -newkey rsa:1024 -keyout subca/bob/bob_key.pem \81-out subca/bob/bob_req.pem \82-subj "/C=US/O=Example/OU=Class-1/CN=Bob" -days 7650 \83-passin pass:passphrase -passout pass:passphrase8485${OPENSSL} x509 -req -in subca/bob/bob_req.pem \86-extfile openssl.cnf -extensions ee_of_subca \87-CA subca/subca_cert.pem -CAkey subca/subca_key.pem \88-out subca/bob/bob_cert.pem -CAcreateserial \89-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase90fi9192# generate certifiacte for Susan93if [ ! -f subca/susan/susan_cert.pem ]; then94if [ ! -d subca/susan ]; then95mkdir -p subca/susan96fi9798${OPENSSL} req -newkey rsa:1024 -keyout subca/susan/susan_key.pem \99-out subca/susan/susan_req.pem \100-subj "/C=US/O=Example/OU=Class-1/CN=Susan" -days 7650 \101-passin pass:passphrase -passout pass:passphrase102103${OPENSSL} x509 -req -in subca/susan/susan_req.pem \104-extfile openssl.cnf -extensions susan_of_subca \105-CA subca/subca_cert.pem -CAkey subca/subca_key.pem \106-out subca/susan/susan_cert.pem -CAcreateserial \107-CAserial subca/subca_cert.srl -days 7200 -passin pass:passphrase108fi109110111112