quickjs-tart

quickjs-based runtime for wallet-core logic
Log | Files | Refs | README | LICENSE

genserv.pl (4921B)

      1 #!/usr/bin/env perl
      2 #***************************************************************************
      3 #                                  _   _ ____  _
      4 #  Project                     ___| | | |  _ \| |
      5 #                             / __| | | | |_) | |
      6 #                            | (__| |_| |  _ <| |___
      7 #                             \___|\___/|_| \_\_____|
      8 #
      9 # Copyright (C) EdelWeb for EdelKey and OpenEvidence
     10 #
     11 # This software is licensed as described in the file COPYING, which
     12 # you should have received as part of this distribution. The terms
     13 # are also available at https://curl.se/docs/copyright.html.
     14 #
     15 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
     16 # copies of the Software, and permit persons to whom the Software is
     17 # furnished to do so, under the terms of the COPYING file.
     18 #
     19 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     20 # KIND, either express or implied.
     21 #
     22 # SPDX-License-Identifier: curl
     23 #
     24 ###########################################################################
     25 
     26 use strict;
     27 use warnings;
     28 
     29 use File::Basename;
     30 use File::Spec;
     31 
     32 sub opensslfail {
     33     die "Missing or broken 'openssl' tool. openssl 1.0.2+ is required. ".
     34         "Without it, this script cannot generate the necessary certificates ".
     35         "the curl test suite needs for all its TLS related tests.";
     36 }
     37 
     38 my $OPENSSL = 'openssl';
     39 if(-f '/usr/local/ssl/bin/openssl') {
     40     $OPENSSL = '/usr/local/ssl/bin/openssl';
     41 }
     42 
     43 my $SRCDIR = dirname(__FILE__);
     44 my $fh;
     45 my $dev_null = File::Spec->devnull();
     46 
     47 my $KEYSIZE = 'prime256v1';
     48 my $DURATION;
     49 my $PREFIX;
     50 
     51 my $CAPREFIX = shift @ARGV;
     52 if(!$CAPREFIX) {
     53     print "Usage: genserv.pl <caprefix> [<prefix> ...]\n";
     54     exit 1;
     55 } elsif(! -f "$CAPREFIX-ca.cacert" ||
     56         ! -f "$CAPREFIX-ca.key") {
     57 
     58     if($OPENSSL eq basename($OPENSSL)) {  # has no dir component
     59         # find openssl in PATH
     60         my $found = 0;
     61         foreach(File::Spec->path()) {
     62             my $file = File::Spec->catfile($_, $OPENSSL);
     63             if(-f $file) {
     64                 $OPENSSL = $file;
     65                 $found = 1;
     66                 last;
     67             }
     68         }
     69         if(!$found) {
     70             opensslfail();
     71         }
     72     }
     73 
     74     print "$OPENSSL\n";
     75     system("$OPENSSL version");
     76 
     77     $PREFIX = $CAPREFIX;
     78     $DURATION = 6000;
     79 
     80     if(system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .
     81         "-out $PREFIX-ca.key -pass pass:secret") != 0) {
     82         opensslfail();
     83     }
     84     system("$OPENSSL req -config $SRCDIR/$PREFIX-ca.prm -new -key $PREFIX-ca.key -out $PREFIX-ca.csr -passin pass:secret 2>$dev_null");
     85     system("$OPENSSL x509 -sha256 -extfile $SRCDIR/$PREFIX-ca.prm -days $DURATION " .
     86         "-req -signkey $PREFIX-ca.key -in $PREFIX-ca.csr -out $PREFIX-ca.raw-cacert");
     87     system("$OPENSSL x509 -in $PREFIX-ca.raw-cacert -text -nameopt multiline > $PREFIX-ca.cacert");
     88     system("$OPENSSL x509 -in $PREFIX-ca.cacert -outform der -out $PREFIX-ca.der");
     89     system("$OPENSSL x509 -in $PREFIX-ca.cacert -text -nameopt multiline > $PREFIX-ca.crt");
     90 
     91     print "CA root generated: $PREFIX $DURATION days $KEYSIZE\n";
     92 }
     93 
     94 $DURATION = 300;
     95 
     96 open($fh, '>>', "$CAPREFIX-ca.db") and close($fh);  # for revoke server cert
     97 
     98 while(@ARGV) {
     99     $PREFIX = shift @ARGV;
    100     $PREFIX =~ s/\.prm$//;
    101 
    102     # pseudo-secrets
    103     system("$OPENSSL genpkey -algorithm EC -pkeyopt ec_paramgen_curve:$KEYSIZE -pkeyopt ec_param_enc:named_curve " .
    104         "-out $PREFIX.keyenc -pass pass:secret");
    105     system("$OPENSSL req -config $SRCDIR/$PREFIX.prm -new -key $PREFIX.keyenc -out $PREFIX.csr -passin pass:secret 2>$dev_null");
    106     system("$OPENSSL pkey -in $PREFIX.keyenc -out $PREFIX.key -passin pass:secret");
    107 
    108     system("$OPENSSL pkey -in $PREFIX.key -pubout -outform DER -out $PREFIX.pub.der");
    109     system("$OPENSSL pkey -in $PREFIX.key -pubout -outform PEM -out $PREFIX.pub.pem");
    110     system("$OPENSSL x509 -sha256 -extfile $SRCDIR/$PREFIX.prm -days $DURATION " .
    111         "-req -CA $CAPREFIX-ca.cacert -CAkey $CAPREFIX-ca.key -CAcreateserial -in $PREFIX.csr > $PREFIX.crt 2>$dev_null");
    112 
    113     # revoke server cert
    114     if(open($fh, '>', "$CAPREFIX-ca.cnt")) {
    115         print $fh '01';
    116         close($fh);
    117     }
    118     system("$OPENSSL ca -config $SRCDIR/$CAPREFIX-ca.cnf -revoke $PREFIX.crt 2>$dev_null");
    119 
    120     # issue CRL
    121     system("$OPENSSL ca -config $SRCDIR/$CAPREFIX-ca.cnf -gencrl -out $PREFIX.crl 2>$dev_null");
    122     system("$OPENSSL x509 -in $PREFIX.crt -outform der -out $PREFIX.der");
    123 
    124     # concatenate all together now
    125     open($fh, '>', "$PREFIX.pem") and close($fh);
    126     chmod 0600, "$PREFIX.pem";
    127     if(open($fh, '>>', "$PREFIX.pem")) {
    128         my $fi;
    129         print $fh do { local $/; open $fi, '<', $_ and <$fi> } for("$SRCDIR/$PREFIX.prm", "$PREFIX.key", "$PREFIX.crt");
    130         close($fh);
    131     }
    132 
    133     print "Certificate generated: CA=$CAPREFIX ${DURATION}days $KEYSIZE $PREFIX\n";
    134 }