1 files changed, 121 insertions, 0 deletions
diff --git a/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh b/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh
new file mode 100755
index 0000000000..0cb0153596
--- /dev/null
+++ b/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+# For a list of supported curves, use "apps/openssl ecparam -list_curves".
+# Path to the openssl distribution
+OPENSSL_DIR=../..
+# Path to the openssl program
+OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
+# Option to find configuration file
+OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
+# Directory where certificates are stored
+CERTS_DIR=./Certs
+# Directory where private key files are stored
+KEYS_DIR=$CERTS_DIR
+# Directory where combo files (containing a certificate and corresponding
+# private key together) are stored
+COMBO_DIR=$CERTS_DIR
+# cat command
+CAT=/bin/cat
+# rm command
+RM=/bin/rm
+# mkdir command
+MKDIR=/bin/mkdir
+# The certificate will expire these many days after the issue date.
+DAYS=1500
+TEST_CA_FILE=rsa1024TestCA
+TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
+TEST_SERVER_FILE=rsa1024TestServer
+TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
+TEST_CLIENT_FILE=rsa1024TestClient
+TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
+# Generating an EC certificate involves the following main steps
+# 1. Generating curve parameters (if needed)
+# 2. Generating a certificate request
+# 3. Signing the certificate request 
+# 4. [Optional] One can combine the cert and private key into a single
+#    file and also delete the certificate request
+$MKDIR -p $CERTS_DIR
+$MKDIR -p $KEYS_DIR
+$MKDIR -p $COMBO_DIR
+echo "Generating self-signed CA certificate (RSA)"
+echo "==========================================="
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
+    -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -newkey rsa:1024 -new \
+    -out $CERTS_DIR/$TEST_CA_FILE.req.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
+    -extfile $OPENSSL_DIR/apps/openssl.cnf \
+    -extensions v3_ca \
+    -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
+# Display the certificate
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
+         > $COMBO_DIR/$TEST_CA_FILE.pem
+$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
+echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
+echo "=========================================="
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
+    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
+    -newkey rsa:1024 -new \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
+         > $COMBO_DIR/$TEST_SERVER_FILE.pem
+$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
+echo "=========================================="
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
+             -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
+             -newkey rsa:1024 -new \
+             -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
+         > $COMBO_DIR/$TEST_CLIENT_FILE.pem
+$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem

diff --git a/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh b/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh new file mode 100755 index 0000000000..0cb0153596 --- /dev/null +++ b/src/lib/libssl/src/demos/ssltest-ecc/RSAcertgen.sh
@@ -0,0 +1,121 @@
	1	#!/bin/sh
	2
	3	# For a list of supported curves, use "apps/openssl ecparam -list_curves".
	4
	5	# Path to the openssl distribution
	6	OPENSSL_DIR=../..
	7	# Path to the openssl program
	8	OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
	9	# Option to find configuration file
	10	OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
	11	# Directory where certificates are stored
	12	CERTS_DIR=./Certs
	13	# Directory where private key files are stored
	14	KEYS_DIR=$CERTS_DIR
	15	# Directory where combo files (containing a certificate and corresponding
	16	# private key together) are stored
	17	COMBO_DIR=$CERTS_DIR
	18	# cat command
	19	CAT=/bin/cat
	20	# rm command
	21	RM=/bin/rm
	22	# mkdir command
	23	MKDIR=/bin/mkdir
	24	# The certificate will expire these many days after the issue date.
	25	DAYS=1500
	26	TEST_CA_FILE=rsa1024TestCA
	27	TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
	28
	29	TEST_SERVER_FILE=rsa1024TestServer
	30	TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
	31
	32	TEST_CLIENT_FILE=rsa1024TestClient
	33	TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
	34
	35	# Generating an EC certificate involves the following main steps
	36	# 1. Generating curve parameters (if needed)
	37	# 2. Generating a certificate request
	38	# 3. Signing the certificate request
	39	# 4. [Optional] One can combine the cert and private key into a single
	40	# file and also delete the certificate request
	41
	42	$MKDIR -p $CERTS_DIR
	43	$MKDIR -p $KEYS_DIR
	44	$MKDIR -p $COMBO_DIR
	45
	46	echo "Generating self-signed CA certificate (RSA)"
	47	echo "==========================================="
	48
	49	$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
	50	-keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
	51	-newkey rsa:1024 -new \
	52	-out $CERTS_DIR/$TEST_CA_FILE.req.pem
	53
	54	$OPENSSL_CMD x509 -req -days $DAYS \
	55	-in $CERTS_DIR/$TEST_CA_FILE.req.pem \
	56	-extfile $OPENSSL_DIR/apps/openssl.cnf \
	57	-extensions v3_ca \
	58	-signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
	59	-out $CERTS_DIR/$TEST_CA_FILE.cert.pem
	60
	61	# Display the certificate
	62	$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
	63
	64	# Place the certificate and key in a common file
	65	$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
	66	> $COMBO_DIR/$TEST_CA_FILE.pem
	67	$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
	68
	69	# Remove the cert request file (no longer needed)
	70	$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
	71
	72	echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
	73	echo "=========================================="
	74
	75	$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
	76	-keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
	77	-newkey rsa:1024 -new \
	78	-out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
	79
	80	$OPENSSL_CMD x509 -req -days $DAYS \
	81	-in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
	82	-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
	83	-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
	84	-out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
	85
	86	# Display the certificate
	87	$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
	88
	89	# Place the certificate and key in a common file
	90	$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
	91	> $COMBO_DIR/$TEST_SERVER_FILE.pem
	92	$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
	93
	94	# Remove the cert request file (no longer needed)
	95	$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
	96
	97	echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
	98	echo "=========================================="
	99
	100	$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
	101	-keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
	102	-newkey rsa:1024 -new \
	103	-out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
	104
	105	$OPENSSL_CMD x509 -req -days $DAYS \
	106	-in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
	107	-CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
	108	-CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
	109	-out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
	110
	111	# Display the certificate
	112	$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
	113
	114	# Place the certificate and key in a common file
	115	$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
	116	> $COMBO_DIR/$TEST_CLIENT_FILE.pem
	117	$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
	118
	119	# Remove the cert request file (no longer needed)
	120	$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
	121