diff options
Diffstat (limited to 'tests/data/certificates/create-test-certificates.sh')
-rwxr-xr-x | tests/data/certificates/create-test-certificates.sh | 55 |
1 files changed, 48 insertions, 7 deletions
diff --git a/tests/data/certificates/create-test-certificates.sh b/tests/data/certificates/create-test-certificates.sh index 67f1e501..068267b6 100755 --- a/tests/data/certificates/create-test-certificates.sh +++ b/tests/data/certificates/create-test-certificates.sh @@ -4,6 +4,12 @@ # Copyright (C) 2018 Pelagicore AG # SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +#set -x +set -e + +# check basic requirement +[ ! -e openssl-ca.cnf ] && { echo "Please cd to the tests/data/certificates directory before running this script"; exit 1; } + . ../utilities.sh rm -f index.txt* serial.txt* @@ -18,14 +24,49 @@ rm -f other-index.txt* other-serial.txt* rm -f other-ca-priv.key other-ca.crt rm -f other.csr other.crt other-priv.key other.p12 + +echo "OpenSSL installation check:" + +# cater for the most common settings in the CI +SSL_BIN_PATH="" +if [ -n "$OPENSSL_DIR" ]; then + SSL_BIN_PATH="$OPENSSL_DIR/bin/" +elif [ -n "$OPENSSL_HOME" ]; then + SSL_BIN_PATH="$OPENSSL_HOME/bin/" +fi + +echo " * using openssl at ${SSL_BIN_PATH:-`which openssl`}" + +# try to execute and extract the major version number +SSL_VERSION=$(${SSL_BIN_PATH}openssl version 2>/dev/null || true) +SSL_MAJOR=$(echo "$SSL_VERSION" | cut -d' ' -f 2 | cut -d'.' -f 1) +if [ -z "$SSL_VERSION" ] || [ -z "$SSL_MAJOR" ] || ! [ "$SSL_MAJOR" -eq "$SSL_MAJOR" ] 2>/dev/null; then + echo -e "$R Failed$W to run or parse the output of$G openssl version$W". + exit 1 +fi + +echo " * version $SSL_MAJOR (${SSL_VERSION})" +echo + +SSL_PKCS12_EXTRA='' +if [ "${SSL_MAJOR}" -ge 3 ]; then + # if we don't do this, then macOS' SecurityFramework cannot load the PKCS#12 files + if [ "$isMac" = "1" ]; then + SSL_PKCS12_EXTRA="-legacy" + echo " * using -legacy mode for PKCS#12 files for SecurityFramework compatibility" + fi +fi + runSSL() { - sslOutput=`openssl "$@" 2>&1` + set +e + sslOutput=`${SSL_BIN_PATH}openssl "$@" 2>&1` sslResult=$? + set -e if [ $sslResult -ne 0 ]; then - echo -e "The openssl$R failed with exit code $sslResult$W. The executed command was:" + echo -e "Running openssl $R failed with exit code $sslResult$W. The executed command was:" echo - echo -e " $G openssl $@$W" + echo -e " $G ${SSL_BIN_PATH}openssl $@$W" echo echo "The command's output was:" echo @@ -48,7 +89,7 @@ echo '01' > serial.txt info "Generating, signing and exporting the store certificate" runSSL req -config openssl-store.cnf -newkey rsa:2048 -nodes -keyout store-priv.key -out store.csr runSSL ca -batch -config openssl-ca.cnf -policy signing_policy -extensions signing_req -out store.crt -infiles store.csr -runSSL pkcs12 -export -password pass:password -out store.p12 -inkey store-priv.key -nodes -in store.crt -name "Pelagicore App Store" +runSSL pkcs12 ${SSL_PKCS12_EXTRA} -export -password pass:password -out store.p12 -inkey store-priv.key -nodes -in store.crt -name "Pelagicore App Store" info "Generating the developer sub-CA" runSSL req -config openssl-devca.cnf -newkey rsa:2048 -nodes -keyout devca-priv.key -out devca.csr @@ -59,12 +100,12 @@ echo '01' > dev-serial.txt info "Generating, signing and exporting the developer certificate #1" runSSL req -config openssl-dev1.cnf -newkey rsa:2048 -nodes -keyout dev1-priv.key -out dev1.csr runSSL ca -batch -config openssl-devca.cnf -policy signing_policy -extensions signing_req -out dev1.crt -infiles dev1.csr -runSSL pkcs12 -export -out dev1.p12 -password pass:password -inkey dev1-priv.key -nodes -certfile devca.crt -in dev1.crt -name "Developer 1 Certificate" +runSSL pkcs12 ${SSL_PKCS12_EXTRA} -export -out dev1.p12 -password pass:password -inkey dev1-priv.key -nodes -certfile devca.crt -in dev1.crt -name "Developer 1 Certificate" info "Generating, signing and exporting the developer certificate #2" runSSL req -config openssl-dev2.cnf -newkey rsa:2048 -nodes -keyout dev2-priv.key -out dev2.csr runSSL ca -batch -config openssl-devca.cnf -policy signing_policy -extensions signing_req -out dev2.crt -infiles dev2.csr -runSSL pkcs12 -export -out dev2.p12 -password pass:password -inkey dev2-priv.key -nodes -certfile devca.crt -in dev2.crt -name "Developer 2 Certificate" +runSSL pkcs12 ${SSL_PKCS12_EXTRA} -export -out dev2.p12 -password pass:password -inkey dev2-priv.key -nodes -certfile devca.crt -in dev2.crt -name "Developer 2 Certificate" info "Generating the \"other\" CA" # generate self-signed CA cert @@ -76,7 +117,7 @@ echo '01' > other-serial.txt # the double // is needed to get around MSYS hardwired path replacement runSSL req -config openssl-other-ca.cnf -batch -subj '//C=DE/ST=Foo/L=Bar/CN=www.other.com' -newkey rsa:2048 -nodes -keyout other-priv.key -out other.csr runSSL ca -batch -config openssl-other-ca.cnf -policy signing_policy -extensions signing_req -out other.crt -infiles other.csr -runSSL pkcs12 -export -out other.p12 -password pass:password -inkey other-priv.key -nodes -certfile other-ca.crt -in other.crt -name "Other Certificate" +runSSL pkcs12 ${SSL_PKCS12_EXTRA} -export -out other.p12 -password pass:password -inkey other-priv.key -nodes -certfile other-ca.crt -in other.crt -name "Other Certificate" echo -e "$G All test certificates have been created successfully$W" echo |