#!/bin/bash # # Creates or overwrites 3 files in ./res/raw: # - cacert.der # - userkey.der # - usercert.der # tmpdir=$(mktemp -d './XXXXXXXX') trap 'rm -r ${tmpdir}; echo; exit 1' EXIT INT QUIT # CA_default defined in openssl.cnf CA_DIR='demoCA' SUBJECT=\ '/C=US'\ '/ST=CA'\ '/L=Mountain View'\ '/O=Android'\ '/CN=localhost' PASSWORD='androidtest' SAN=\ 'DNS:localhost' echo "Creating directory '$CA_DIR'..." mkdir -p "$tmpdir"/"$CA_DIR"/newcerts \ && echo '01' > "$tmpdir"/"$CA_DIR"/serial \ && touch "$tmpdir"/"$CA_DIR"/index.txt cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=$SAN") \ > "$tmpdir"/openssl.conf echo "Generating CA certificate..." (cd "$tmpdir" \ && openssl req \ -new \ -x509 \ -days 3650 \ -extensions v3_ca \ -keyout 'cakey.pem' \ -out 'cacert.pem' \ -subj "$SUBJECT" \ -passout 'pass:'"$PASSWORD" \ && openssl x509 \ -outform DER \ -in 'cacert.pem' \ -out 'cacert.der') echo "Generating user key..." (cd "$tmpdir" \ && openssl req \ -newkey rsa:2048 \ -sha256 \ -keyout 'userkey.pem' \ -nodes \ -days 3650 \ -out 'userkey.req' \ -subj "$SUBJECT" \ -extensions SAN \ -config openssl.conf \ && openssl pkcs8 \ -topk8 \ -outform DER \ -in 'userkey.pem' \ -out 'userkey.der' \ -nocrypt) echo "Generating user certificate..." (cd "$tmpdir" \ && openssl ca \ -out 'usercert.pem' \ -in 'userkey.req' \ -cert 'cacert.pem' \ -keyfile 'cakey.pem' \ -days 3650 \ -passin 'pass:'"$PASSWORD" \ -extensions SAN \ -config openssl.conf \ -batch \ && openssl x509 \ -outform DER \ -in 'usercert.pem' \ -out 'usercert.der') # Copy important files to raw resources directory cp \ "$tmpdir"/cacert.der \ "$tmpdir"/userkey.der \ "$tmpdir"/usercert.der \ 'res/raw/' echo "Finished" exit