Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/pkg
 Path: blob/main/external/curl/tests/certs/genserv.pl
2066 views
1
#!/usr/bin/env perl

2
#***************************************************************************

3
#                                  _   _ ____  _

4
#  Project                     ___| | | |  _ \| |

5
#                             / __| | | | |_) | |

6
#                            | (__| |_| |  _ <| |___

7
#                             \___|\___/|_| \_\_____|

8
#

9
# Copyright (C) EdelWeb for EdelKey and OpenEvidence

10
#

11
# This software is licensed as described in the file COPYING, which

12
# you should have received as part of this distribution. The terms

13
# are also available at https://curl.se/docs/copyright.html.

14
#

15
# You may opt to use, copy, modify, merge, publish, distribute and/or sell

16
# copies of the Software, and permit persons to whom the Software is

17
# furnished to do so, under the terms of the COPYING file.

18
#

19
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY

20
# KIND, either express or implied.

21
#

22
# SPDX-License-Identifier: curl

23
#

24
###########################################################################

25


26
use strict;

27
use warnings;

28


29
use File::Basename;

30
use File::Spec;

31


32
sub opensslfail {

33
    die "Missing or broken 'openssl' tool. openssl 1.0.2+ is required. ".

34
        "Without it, this script cannot generate the necessary certificates ".

35
        "the curl test suite needs for all its TLS related tests.";

36
}

37


38
my $OPENSSL = 'openssl';

39
if(-f '/usr/local/ssl/bin/openssl') {

40
    $OPENSSL = '/usr/local/ssl/bin/openssl';

41
}

42


43
my $SRCDIR = dirname(__FILE__);

44
my $fh;

45
my $dev_null = File::Spec->devnull();

46


47
my $KEYSIZE = 'prime256v1';

48
my $DURATION;

49
my $PREFIX;

50


51
my $CAPREFIX = shift @ARGV;

52
if(!$CAPREFIX) {

53
    print 'Usage: genserv.pl <caprefix> [<prefix> ...]\n';

54
    exit 1;

55
} elsif(! -f "$CAPREFIX-ca.cacert" ||

56
        ! -f "$CAPREFIX-ca.key") {

57


58
    if($OPENSSL eq basename($OPENSSL)) {  # has no dir component

59
        # find openssl in PATH

60
        my $found = 0;

61
        foreach(File::Spec->path()) {

62
            my $file = File::Spec->catfile($_, $OPENSSL);

63
            if(-f $file) {

64
                $OPENSSL = $file;

65
                $found = 1;

66
                last;

67
            }

68
        }

69
        if(!$found) {

70
            opensslfail();

71
        }

72
    }

73


74
    print "$OPENSSL\n";

75
    system("$OPENSSL version");

76


77
    $PREFIX = $CAPREFIX;

78
    $DURATION = 6000;

79


80
    if(system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .

81
        "-out $PREFIX-ca.key -pass pass:secret") != 0) {

82
        opensslfail();

83
    }

84
    system("$OPENSSL req -config $SRCDIR/$PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret 2>$dev_null");

85
    system("$OPENSSL x509 -sha256 -extfile $SRCDIR/$PREFIX-ca.prm -days $DURATION " .

86
        "-req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-ca.raw-cacert");

87
    system("$OPENSSL x509 -in $PREFIX-ca.raw-cacert -text -nameopt multiline > $PREFIX-ca.cacert");

88
    system("$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der");

89
    system("$OPENSSL x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt");

90


91
    print "CA root generated: $PREFIX $DURATION days $KEYSIZE\n";

92
}

93


94
$DURATION = 300;

95


96
open($fh, '>>', "$CAPREFIX-ca.db") and close($fh);  # for revoke server cert

97


98
while(@ARGV) {

99
    $PREFIX = shift @ARGV;

100
    $PREFIX =~ s/\.prm$//;

101


102
    # pseudo-secrets

103
    system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .

104
        "-out $PREFIX.keyenc -pass pass:secret");

105
    system("$OPENSSL req -config $SRCDIR/$PREFIX.prm -new -key $PREFIX.keyenc -out $PREFIX.csr -passin pass:secret 2>$dev_null");

106
    system("$OPENSSL pkey -in $PREFIX.keyenc -out $PREFIX.key -passin pass:secret");

107


108
    system("$OPENSSL pkey -in $PREFIX.key -pubout -outform DER -out $PREFIX.pub.der");

109
    system("$OPENSSL pkey -in $PREFIX.key -pubout -outform PEM -out $PREFIX.pub.pem");

110
    system("$OPENSSL x509 -sha256 -extfile $SRCDIR/$PREFIX.prm -days $DURATION " .

111
        "-req -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -CAcreateserial -in $PREFIX.csr > $PREFIX.crt 2>$dev_null");

112


113
    # revoke server cert

114
    if(open($fh, '>', "$CAPREFIX-ca.cnt")) {

115
        print $fh '01';

116
        close($fh);

117
    }

118
    system("$OPENSSL ca -config $SRCDIR/$CAPREFIX-ca.cnf -revoke $PREFIX.crt 2>$dev_null");

119


120
    # issue CRL

121
    system("$OPENSSL ca -config $SRCDIR/$CAPREFIX-ca.cnf -gencrl -out $PREFIX.crl 2>$dev_null");

122
    system("$OPENSSL x509 -in $PREFIX.crt -outform der -out $PREFIX.der");

123


124
    # concatenate all together now

125
    open($fh, '>', "$PREFIX.pem") and close($fh);

126
    chmod 0600, "$PREFIX.pem";

127
    if(open($fh, '>>', "$PREFIX.pem")) {

128
        my $fi;

129
        print $fh do { local $/; open $fi, '<', $_ and <$fi> } for("$SRCDIR/$PREFIX.prm", "$PREFIX.key", "$PREFIX.crt");

130
        close($fh);

131
    }

132


133
    print "Certificate generated: CA=$CAPREFIX ${DURATION}days $KEYSIZE $PREFIX\n";

134
}

135


136