#!/bin/bash
#
# Creates or overwrites 3 files in ./res/raw:
# - cacert.der
# - userkey.der
# - usercert.der
#
tmpdir=$(mktemp -d './XXXXXXXX')
trap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT
# CA_default defined in openssl.cnf
CA_DIR='demoCA'
SUBJECT=\
'/C=US'\
'/ST=CA'\
'/L=Mountain View'\
'/O=Android'\
'/CN=localhost'
PASSWORD='androidtest'
SAN=\
'DNS:localhost'
echo "Creating directory '$CA_DIR'..."
mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \
&& echo '01' > "$tmpdir"/"$CA_DIR"/serial \
&& touch "$tmpdir"/"$CA_DIR"/index.txt
cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \
> "$tmpdir"/openssl.conf
echo "Generating CA certificate..."
(cd "$tmpdir" \
&& openssl req \
-new \
-x509 \
-days 3650 \
-extensions v3_ca \
-keyout 'cakey.pem' \
-out 'cacert.pem' \
-subj "$SUBJECT" \
-passout 'pass:'"$PASSWORD" \
&& openssl x509 \
-outform DER \
-in 'cacert.pem' \
-out 'cacert.der')
echo "Generating user key..."
(cd "$tmpdir" \
&& openssl req \
-newkey rsa:2048 \
-sha256 \
-keyout 'userkey.pem' \
-nodes \
-days 3650 \
-out 'userkey.req' \
-subj "$SUBJECT" \
-extensions SAN \
-config openssl.conf \
&& openssl pkcs8 \
-topk8 \
-outform DER \
-in 'userkey.pem' \
-out 'userkey.der' \
-nocrypt)
echo "Generating user certificate..."
(cd "$tmpdir" \
&& openssl ca \
-out 'usercert.pem' \
-in 'userkey.req' \
-cert 'cacert.pem' \
-keyfile 'cakey.pem' \
-days 3650 \
-passin 'pass:'"$PASSWORD" \
-extensions SAN \
-config openssl.conf \
-batch \
&& openssl x509 \
-outform DER \
-in 'usercert.pem' \
-out 'usercert.der')
# Copy important files to raw resources directory
cp \
"$tmpdir"/cacert.der \
"$tmpdir"/userkey.der \
"$tmpdir"/usercert.der \
'res/raw/'
echo "Finished"
exit