Home | History | Annotate | Line # | Download | only in smime-certs 
      1  1.1  christos #!/bin/sh
      2  1.1  christos # Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
      3  1.1  christos #
      4  1.1  christos # Licensed under the Apache License 2.0 (the "License").  You may not use
      5  1.1  christos # this file except in compliance with the License.  You can obtain a copy
      6  1.1  christos # in the file LICENSE in the source distribution or at
      7  1.1  christos # https://www.openssl.org/source/license.html
      8  1.1  christos 
      9  1.1  christos # Utility to recreate S/MIME certificates in this directory.
     10  1.1  christos # Invoke when changes are need from within this directory.
     11  1.1  christos 
     12  1.1  christos OPENSSL=../../apps/openssl
     13  1.1  christos CONF=ca.cnf
     14  1.1  christos export OPENSSL_CONF=./$CONF
     15  1.1  christos 
     16  1.1  christos gen() {
     17  1.1  christos     $OPENSSL x509 -CA smroot.pem -new -days 36524 -force_pubkey $1 -subj "$2" \
     18  1.1  christos              -extfile $CONF -extensions $3
     19  1.1  christos }
     20  1.1  christos 
     21  1.1  christos # Root CA: create certificate directly
     22  1.1  christos CN="Test S/MIME RSA Root" $OPENSSL req -config ca.cnf -x509 -noenc \
     23  1.1  christos 	-keyout smroot.pem -out smroot.pem -key ../certs/ca-key.pem -days 36524
     24  1.1  christos 
     25  1.1  christos # EE RSA certificates with respective extensions
     26  1.1  christos cp ../certs/ee-key.pem smrsa1.pem
     27  1.1  christos gen smrsa1.pem "/CN=Test SMIME EE RSA #1" usr_rsa_cert >>smrsa1.pem
     28  1.1  christos cp ../certs/ee-key-3072.pem smrsa2.pem
     29  1.1  christos gen smrsa2.pem "/CN=Test SMIME EE RSA #2" usr_rsa_cert >>smrsa2.pem
     30  1.1  christos cp ../certs/ee-key-4096.pem smrsa3.pem
     31  1.1  christos gen smrsa3.pem "/CN=Test SMIME EE RSA #3" usr_rsa_cert >>smrsa3.pem
     32  1.1  christos 
     33  1.1  christos $OPENSSL x509 -in smrsa3.pem > smrsa3-cert.pem
     34  1.1  christos $OPENSSL pkey -in smrsa3.pem > smrsa3-key.pem
     35  1.1  christos 
     36  1.1  christos # Create DSA certificates with respective extensions
     37  1.1  christos 
     38  1.1  christos cp ../certs/server-dsa-key.pem smdsa1.pem
     39  1.1  christos gen smdsa1.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa1.pem
     40  1.1  christos cp ../certs/server-dsa-key.pem smdsa2.pem
     41  1.1  christos gen smdsa2.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa2.pem
     42  1.1  christos cp ../certs/server-dsa-key.pem smdsa3.pem
     43  1.1  christos gen smdsa3.pem "/CN=Test SMIME EE DSA #1" signer_cert >>smdsa3.pem
     44  1.1  christos 
     45  1.1  christos # Create EC certificates with respective extensions
     46  1.1  christos 
     47  1.1  christos cp ../certs/ee-ecdsa-key.pem smec1.pem
     48  1.1  christos gen smec1.pem "/CN=Test SMIME EE EC #1" signer_cert >>smec1.pem
     49  1.1  christos cp ../certs/server-ecdsa-key.pem smec2.pem
     50  1.1  christos gen smec2.pem "/CN=Test SMIME EE EC #2" signer_cert >>smec2.pem
     51  1.1  christos 
     52  1.1  christos # Do not renew this cert as it is used for legacy data decrypt test
     53  1.1  christos #$OPENSSL ecparam -out ecp.pem -name P-256
     54  1.1  christos #CN="Test S/MIME EE EC #3" $OPENSSL req -config ca.cnf -noenc \
     55  1.1  christos #	-keyout smec3.pem -out req.pem -newkey ec:ecp.pem
     56  1.1  christos #$OPENSSL x509 -req -in req.pem -CA smroot.pem -days 36524 \
     57  1.1  christos #	-extfile ca.cnf -extensions signer_cert -CAcreateserial >>smec3.pem
     58  1.1  christos #rm ecp.pem req.pem
     59  1.1  christos 
     60  1.1  christos # Create X9.42 DH parameters and key.
     61  1.1  christos $OPENSSL genpkey -genparam -algorithm DHX -out dhp.pem
     62  1.1  christos $OPENSSL genpkey -paramfile dhp.pem -out smdh.pem
     63  1.1  christos rm dhp.pem
     64  1.1  christos # Create X9.42 DH certificate with respective extensions
     65  1.1  christos gen smdh.pem "/CN=Test SMIME EE DH" dh_cert >>smdh.pem
     66  1.1  christos 
     67  1.1  christos # EE RSA code signing end entity certificate with respective extensions
     68  1.1  christos cp ../certs/ee-key.pem csrsa1.pem
     69  1.1  christos gen csrsa1.pem "/CN=Test CodeSign EE RSA" codesign_cert >>csrsa1.pem
     70  1.1  christos 
     71  1.1  christos # Create PQ certificates with respective extensions
     72  1.1  christos $OPENSSL genpkey -algorithm ML-DSA-44 -out sm_mldsa44.pem
     73  1.1  christos gen sm_mldsa44.pem "/CN=Test SMIME EE ML-DSA-44" signer_cert >>sm_mldsa44.pem
     74  1.1  christos $OPENSSL genpkey -algorithm SLH-DSA-SHA2-128s -out sm_slhdsa_sha2_128s.pem
     75  1.1  christos gen sm_slhdsa_sha2_128s.pem "/CN=Test SMIME EE SLH-DSA-SHA2-128s" \
     76  1.1  christos     signer_cert >>sm_slhdsa_sha2_128s.pem
     77  1.1  christos $OPENSSL genpkey -algorithm SLH-DSA-SHAKE-128s -out sm_slhdsa_shake_128s.pem
     78  1.1  christos gen sm_slhdsa_shake_128s.pem "/CN=Test SMIME EE SLH-DSA-SHAKE-128s" \
     79  1.1  christos     signer_cert >>sm_slhdsa_shake_128s.pem
     80  1.1  christos $OPENSSL genpkey -algorithm SLH-DSA-SHAKE-256s -out sm_slhdsa_shake_256s.pem
     81  1.1  christos gen sm_slhdsa_shake_256s.pem "/CN=Test SMIME EE SLH-DSA-SHAKE-256s" \
     82  1.1  christos     signer_cert >>sm_slhdsa_shake_256s.pem
     83