1#!/bin/bash
2
3#
4# Creates or overwrites 3 files in ./res/raw:
5#   - cacert.der
6#   - userkey.der
7#   - usercert.der
8#
9
10tmpdir=$(mktemp -d './XXXXXXXX')
11trap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT
12
13# CA_default defined in openssl.cnf
14CA_DIR='demoCA'
15
16SUBJECT=\
17'/C=US'\
18'/ST=CA'\
19'/L=Mountain View'\
20'/O=Android'\
21'/CN=localhost'
22PASSWORD='androidtest'
23SAN=\
24'DNS:localhost'
25
26echo "Creating directory '$CA_DIR'..."
27mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \
28    && echo '01' > "$tmpdir"/"$CA_DIR"/serial \
29    && touch "$tmpdir"/"$CA_DIR"/index.txt
30cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \
31    > "$tmpdir"/openssl.conf
32
33echo "Generating CA certificate..."
34(cd "$tmpdir" \
35    && openssl req \
36        -new \
37        -x509 \
38        -days 3650 \
39        -extensions v3_ca \
40        -keyout 'cakey.pem' \
41        -out 'cacert.pem' \
42        -subj "$SUBJECT" \
43        -passout 'pass:'"$PASSWORD" \
44    && openssl x509 \
45        -outform DER \
46        -in 'cacert.pem' \
47        -out 'cacert.der')
48
49echo "Generating user key..."
50(cd "$tmpdir" \
51    && openssl req \
52        -newkey rsa:2048 \
53        -sha256 \
54        -keyout 'userkey.pem' \
55        -nodes \
56        -days 3650 \
57        -out 'userkey.req' \
58        -subj "$SUBJECT" \
59        -extensions SAN \
60        -config openssl.conf \
61    && openssl pkcs8 \
62        -topk8 \
63        -outform DER \
64        -in 'userkey.pem' \
65        -out 'userkey.der' \
66        -nocrypt)
67
68echo "Generating user certificate..."
69(cd "$tmpdir" \
70    && openssl ca \
71        -out 'usercert.pem' \
72        -in 'userkey.req' \
73        -cert 'cacert.pem' \
74        -keyfile 'cakey.pem' \
75        -days 3650 \
76        -passin 'pass:'"$PASSWORD" \
77        -extensions SAN \
78        -config openssl.conf \
79        -batch \
80    && openssl x509 \
81        -outform DER \
82        -in 'usercert.pem' \
83        -out 'usercert.der')
84
85# Copy important files to raw resources directory
86cp \
87    "$tmpdir"/cacert.der \
88    "$tmpdir"/userkey.der \
89    "$tmpdir"/usercert.der \
90    'res/raw/'
91
92echo "Finished"
93exit
94