modules/http/ssl-ca-conf - tuscany-sca-cpp - Git at Google

 #!/bin/sh

 #  Licensed to the Apache Software Foundation (ASF) under one
 #  or more contributor license agreements.  See the NOTICE file
 #  distributed with this work for additional information
 #  regarding copyright ownership.  The ASF licenses this file
 #  to you under the Apache License, Version 2.0 (the
 #  "License"); you may not use this file except in compliance
 #  with the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing,
 #  software distributed under the License is distributed on an
 #  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #  KIND, either express or implied.  See the License for the
 #  specific language governing permissions and limitations
 #  under the License.

 # Generate a test certification authority certificate
 here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
 mkdir -p $1
 root=`echo "import os; print os.path.realpath('$1')" | python`

 host=$2

 # Don't override existing certificate
 if [ -f $root/cert/ca.crt ]; then
     exit 0
 fi

 # Generate openssl configuration
 mkdir -p $root/cert
 umask 0007
 cat >$root/cert/openssl-ca.conf <<EOF
 [ req ]
 default_bits = 1024
 encrypt_key = no
 prompt = no
 distinguished_name = req_distinguished_name
 x509_extensions = v3_ca

 [ req_distinguished_name ]
 C = US
 ST = CA
 L = San Francisco
 O = $host
 OU = authority
 CN = $host
 emailAddress = admin@$host

 [ v3_ca ]
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer:always
 basicConstraints = CA:true

 [ca]
 default_ca = ca_default

 [ca_default]
 certificate = $root/cert/ca.crt
 private_key = $root/cert/ca.key
 serial = $root/cert/ca-serial
 database = $root/cert/ca-database
 new_certs_dir = $root/cert
 default_md = sha1
 email_in_dn = no
 default_days = 365
 default_crl_days = 30
 policy = policy_any
 copy_extensions = none

 [ policy_any ]
 countryName = supplied
 stateOrProvinceName = optional
 localityName = optional
 organizationName = optional
 organizationalUnitName = optional
 commonName = supplied
 emailAddress = optional

 EOF

 rm -rf $root/cert/*.crt $root/cert/*.pem $root/cert/hash
 rm -f $root/cert/ca-database
 echo 1000 > $root/cert/ca-serial
 touch $root/cert/ca-database

 # Generate the certification authority certificate
 openssl req -new -x509 -config $root/cert/openssl-ca.conf -out $root/cert/ca.crt -keyout $root/cert/ca.key

 # Add to the hash directory and rehash
 mkdir -p $root/cert/hash
 cp $root/cert/ca.crt $root/cert/hash
 perl /usr/bin/c_rehash $root/cert/hash

 # Build CA certificate bundle
 curl_prefix=`cat $here/../http/curl.prefix`
 cp $curl_prefix/lib/cacert.pem $root/cert/cacert.pem
 cat $root/cert/ca.crt >> $root/cert/cacert.pem
	#!/bin/sh

	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	# Generate a test certification authority certificate
	here=`echo "import os; print os.path.realpath('$0')" \| python`; here=`dirname $here`
	mkdir -p $1
	root=`echo "import os; print os.path.realpath('$1')" \| python`

	host=$2

	# Don't override existing certificate
	if [ -f $root/cert/ca.crt ]; then
	exit 0
	fi

	# Generate openssl configuration
	mkdir -p $root/cert
	umask 0007
	cat >$root/cert/openssl-ca.conf <<EOF
	[ req ]
	default_bits = 1024
	encrypt_key = no
	prompt = no
	distinguished_name = req_distinguished_name
	x509_extensions = v3_ca

	[ req_distinguished_name ]
	C = US
	ST = CA
	L = San Francisco
	O = $host
	OU = authority
	CN = $host
	emailAddress = admin@$host

	[ v3_ca ]
	subjectKeyIdentifier = hash
	authorityKeyIdentifier = keyid:always,issuer:always
	basicConstraints = CA:true

	[ca]
	default_ca = ca_default

	[ca_default]
	certificate = $root/cert/ca.crt
	private_key = $root/cert/ca.key
	serial = $root/cert/ca-serial
	database = $root/cert/ca-database
	new_certs_dir = $root/cert
	default_md = sha1
	email_in_dn = no
	default_days = 365
	default_crl_days = 30
	policy = policy_any
	copy_extensions = none

	[ policy_any ]
	countryName = supplied
	stateOrProvinceName = optional
	localityName = optional
	organizationName = optional
	organizationalUnitName = optional
	commonName = supplied
	emailAddress = optional

	EOF

	rm -rf $root/cert/.crt $root/cert/.pem $root/cert/hash
	rm -f $root/cert/ca-database
	echo 1000 > $root/cert/ca-serial
	touch $root/cert/ca-database

	# Generate the certification authority certificate
	openssl req -new -x509 -config $root/cert/openssl-ca.conf -out $root/cert/ca.crt -keyout $root/cert/ca.key

	# Add to the hash directory and rehash
	mkdir -p $root/cert/hash
	cp $root/cert/ca.crt $root/cert/hash
	perl /usr/bin/c_rehash $root/cert/hash

	# Build CA certificate bundle
	curl_prefix=`cat $here/../http/curl.prefix`
	cp $curl_prefix/lib/cacert.pem $root/cert/cacert.pem
	cat $root/cert/ca.crt >> $root/cert/cacert.pem