1#!/bin/bash 2 3# 4# Creates or overwrites 3 files in ./res/raw: 5# - cacert.der 6# - userkey.der 7# - usercert.der 8# 9 10tmpdir=$(mktemp -d './XXXXXXXX') 11trap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT 12 13# CA_default defined in openssl.cnf 14CA_DIR='demoCA' 15 16SUBJECT=\ 17'/C=US'\ 18'/ST=CA'\ 19'/L=Mountain View'\ 20'/O=Android'\ 21'/CN=localhost' 22PASSWORD='androidtest' 23SAN=\ 24'DNS:localhost' 25 26echo "Creating directory '$CA_DIR'..." 27mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \ 28 && echo '01' > "$tmpdir"/"$CA_DIR"/serial \ 29 && touch "$tmpdir"/"$CA_DIR"/index.txt 30cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \ 31 > "$tmpdir"/openssl.conf 32 33echo "Generating CA certificate..." 34(cd "$tmpdir" \ 35 && openssl req \ 36 -new \ 37 -x509 \ 38 -days 3650 \ 39 -extensions v3_ca \ 40 -keyout 'cakey.pem' \ 41 -out 'cacert.pem' \ 42 -subj "$SUBJECT" \ 43 -passout 'pass:'"$PASSWORD" \ 44 && openssl x509 \ 45 -outform DER \ 46 -in 'cacert.pem' \ 47 -out 'cacert.der') 48 49echo "Generating user key..." 50(cd "$tmpdir" \ 51 && openssl req \ 52 -newkey rsa:2048 \ 53 -sha256 \ 54 -keyout 'userkey.pem' \ 55 -nodes \ 56 -days 3650 \ 57 -out 'userkey.req' \ 58 -subj "$SUBJECT" \ 59 -extensions SAN \ 60 -config openssl.conf \ 61 && openssl pkcs8 \ 62 -topk8 \ 63 -outform DER \ 64 -in 'userkey.pem' \ 65 -out 'userkey.der' \ 66 -nocrypt) 67 68echo "Generating user certificate..." 69(cd "$tmpdir" \ 70 && openssl ca \ 71 -out 'usercert.pem' \ 72 -in 'userkey.req' \ 73 -cert 'cacert.pem' \ 74 -keyfile 'cakey.pem' \ 75 -days 3650 \ 76 -passin 'pass:'"$PASSWORD" \ 77 -extensions SAN \ 78 -config openssl.conf \ 79 -batch \ 80 && openssl x509 \ 81 -outform DER \ 82 -in 'usercert.pem' \ 83 -out 'usercert.der') 84 85# Copy important files to raw resources directory 86cp \ 87 "$tmpdir"/cacert.der \ 88 "$tmpdir"/userkey.der \ 89 "$tmpdir"/usercert.der \ 90 'res/raw/' 91 92echo "Finished" 93exit 94