github.com/hyperledger/aries-framework-go@v0.3.2/pkg/didcomm/transport/http/testdata/scripts/generate_test_keys.sh (about) 1 #!/bin/sh 2 # 3 # Copyright SecureKey Technologies Inc. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 set -e 9 10 echo "Generating aries-framework-go Test PKI" 11 mkdir -p testdata/crypto/tls 12 13 cat > testdata/crypto/openssl.cnf << EOF 14 # Copyright SecureKey Technologies Inc. All Rights Reserved. 15 # 16 # SPDX-License-Identifier: Apache-2.0 17 18 [ req ] 19 distinguished_name = req_distinguished_name 20 21 [ req_distinguished_name ] 22 23 [SAN] 24 subjectAltName=DNS:*.example.com,DNS:localhost 25 EOF 26 27 #create CA for TLS creds 28 openssl ecparam -name prime256v1 -genkey -noout -out testdata/crypto/tls/ec-cakey.pem 29 openssl req -new -x509 -key testdata/crypto/tls/ec-cakey.pem -subj "/C=CA/ST=ON/O=Example Internet CA TLS Inc.:CA Sec/OU=CA Sec" -out testdata/crypto/tls/ec-cacert.pem 30 31 #create TLS creds 32 openssl ecparam -name prime256v1 -genkey -noout -out testdata/crypto/tls/ec-key.pem 33 openssl req -new -key testdata/crypto/tls/ec-key.pem -subj "/C=CA/ST=ON/O=Example Inc.:aries-framework-go/OU=aries-framework-go/CN=*.example.com" -reqexts SAN -config testdata/crypto/openssl.cnf -out testdata/crypto/tls/ec-key.csr 34 openssl x509 -req -in testdata/crypto/tls/ec-key.csr -extensions SAN -extfile testdata/crypto/openssl.cnf -CA testdata/crypto/tls/ec-cacert.pem -CAkey testdata/crypto/tls/ec-cakey.pem -CAcreateserial -out testdata/crypto/tls/ec-pubCert.pem -days 365 35 36 #create CA for other creds 37 openssl ecparam -name prime256v1 -genkey -noout -out testdata/crypto/ec-cakey.pem 38 openssl req -new -x509 -key testdata/crypto/ec-cakey.pem -subj "/C=CA/ST=ON/O=Example Internet CA Inc.:CA Sec/OU=CA Sec" -out testdata/crypto/ec-cacert.pem 39 40 #create creds 1 41 openssl ecparam -name prime256v1 -genkey -noout -out testdata/crypto/ec-key1.pem 42 openssl req -new -key testdata/crypto/ec-key1.pem -subj "/C=CA/ST=ON/O=Example Inc.:aries-framework-go/OU=aries-framework-go/CN=*.example.com" -reqexts SAN -config testdata/crypto/openssl.cnf -out testdata/crypto/ec-key1.csr 43 openssl x509 -req -in testdata/crypto/ec-key1.csr -extensions SAN -extfile testdata/crypto/openssl.cnf -CA testdata/crypto/ec-cacert.pem -CAkey testdata/crypto/ec-cakey.pem -CAcreateserial -out testdata/crypto/ec-pubCert1.pem -days 365 44 45 #extract pubkey 1 46 openssl x509 -inform pem -in testdata/crypto/ec-pubCert1.pem -pubkey -noout > testdata/crypto/ec-pubKey1.pem 47 48 #create creds 2 49 openssl ecparam -name prime256v1 -genkey -noout -out testdata/crypto/ec-key2.pem 50 openssl req -new -key testdata/crypto/ec-key2.pem -subj "/C=CA/ST=ON/O=Example Inc.:aries-framework-go/OU=aries-framework-go/CN=*.example.com" -reqexts SAN -config testdata/crypto/openssl.cnf -out testdata/crypto/ec-key2.csr 51 openssl x509 -req -in testdata/crypto/ec-key2.csr -extensions SAN -extfile testdata/crypto/openssl.cnf -CA testdata/crypto/ec-cacert.pem -CAkey testdata/crypto/ec-cakey.pem -CAcreateserial -out testdata/crypto/ec-pubCert2.pem -days 365 52 53 #extract pubkey 2 54 openssl x509 -inform pem -in testdata/crypto/ec-pubCert2.pem -pubkey -noout > testdata/crypto/ec-pubKey2.pem 55 56 #create creds 3 57 openssl ecparam -name prime256v1 -genkey -noout -out testdata/crypto/ec-key3.pem 58 openssl req -new -key testdata/crypto/ec-key3.pem -subj "/C=CA/ST=ON/O=Example Inc.:aries-framework-go/OU=aries-framework-go/CN=*.example.com" -reqexts SAN -config testdata/crypto/openssl.cnf -out testdata/crypto/ec-key3.csr 59 openssl x509 -req -in testdata/crypto/ec-key3.csr -extensions SAN -extfile testdata/crypto/openssl.cnf -CA testdata/crypto/ec-cacert.pem -CAkey testdata/crypto/ec-cakey.pem -CAcreateserial -out testdata/crypto/ec-pubCert3.pem -days 365 60 61 #extract pubkey 3 62 openssl x509 -inform pem -in testdata/crypto/ec-pubCert3.pem -pubkey -noout > testdata/crypto/ec-pubKey3.pem 63 64 rm -f testdata/crypto/openssl.cnf 65 echo "done generating aries-framework-go PKI"