esp-idf/examples/wifi/wifi_enterprise/generate_certs/generate_certs.sh

#!/bin/bash

help_text="
Usage: generate_certs.sh <cert_type>\n
<cert_type> only support p384, 2048, 3072, 4096\n
example:\n
sh generate_certs.sh p384\n
sh generate_certs.sh 2048\n
sh generate_certs.sh 3072\n
sh generate_certs.sh 4096\n
"

DIGEST="-sha256"
DIGEST_CA="-md sha256"
CERT_TYPE="2048"
CERT="2048-ca"

show_help() {
    echo -e $help_text
}

init_param() {
    if [ $(basename "$(pwd)") != "generate_certs" ]; then
        echo "path is incorrect, please go into generate_certs directory"
        exit
    fi

    CERT_TYPE=$1
    CERT=${CERT_TYPE}-ca

    if [ -d "$CERT" ]; then
        rm -rf "$CERT"
    fi

    if [ $1 = "p384" ] || [ $1 = "3072" ]; then
        DIGEST="-sha384"
        DIGEST_CA="-md sha384"
    elif [ $1 = "2048" ] || [ $1 = "4096" ]; then
        DIGEST="-sha256"
        DIGEST_CA="-md sha256"
    else
        echo "parameter error"
        exit
    fi
}

create_ca() {
    echo
    echo "---[ Root CA ]----------------------------------------------------------"

    if [ -d $CERT ]; then
        rm $CERT
    fi

    mkdir -p $CERT
    cat example-ca-openssl.cnf |
    sed "s/#@CN@/commonName_default = Root CA/" |
    sed s%\./ca$%./$CERT% \
    > ${CERT}-openssl.cnf.tmp
    mkdir -p $CERT/certs $CERT/crl $CERT/newcerts $CERT/private
    case "$CERT_TYPE" in
        "p384") openssl ecparam -out $CERT/ca.key -name secp384r1 -genkey;;
        "2048") openssl genrsa -out $CERT/ca.key 2048;;
        "3072") openssl genrsa -out $CERT/ca.key 3072;;
        "4096") openssl genrsa -out $CERT/ca.key 4096;;
    esac
    openssl req -config ${CERT}-openssl.cnf.tmp -batch -new -x509 -key $CERT/ca.key -out $CERT/ca.pem $DIGEST
    touch $CERT/index.txt
    rm ${CERT}-openssl.cnf.tmp
}

create_certs() {
    echo
    echo "---[ Server ]-----------------------------------------------------------"
    echo

    cat example-ca-openssl.cnf |
    	sed "s/#@CN@/commonName_default = $CERT_TYPE.$1/" |
        sed s%\./ca$%./$CERT% \
        > ${CERT}-openssl.cnf.tmp
    echo "---[ Generate $1 Key]----------------------------------------------"
    case "$CERT_TYPE" in
        "p384") openssl ecparam -out $CERT/$1.key -name secp384r1 -genkey;;
        "2048") openssl genrsa -out $CERT/$1.key 2048;;
        "3072") openssl genrsa -out $CERT/$1.key 3072;;
        "4096") openssl genrsa -out $CERT/$1.key 4096;;
    esac
    echo "---[ Generate $1 Req]----------------------------------------------"
    openssl req -config ${CERT}-openssl.cnf.tmp -batch -new -key $CERT/$1.key -out $CERT/$1.req $DIGEST
    openssl ca -config ${CERT_TYPE}-ca-openssl.cnf.tmp -batch -keyfile $CERT/ca.key -cert $CERT/ca.pem -create_serial -in $CERT/$1.req -out $CERT/$1.pem -extensions ext_$1 ${DIGEST_CA}
    cp $CERT/$1.pem $CERT/$1.crt
    rm ${CERT_TYPE}-ca-openssl.cnf.tmp
}

verify() {
    echo
    echo "---[ Verify ]-----------------------------------------------------------"
    echo

    openssl verify -CAfile $CERT/ca.pem $CERT/server.pem
    openssl verify -CAfile $CERT/ca.pem $CERT/server.crt
    openssl verify -CAfile $CERT/ca.pem $CERT/client.pem
    openssl verify -CAfile $CERT/ca.pem $CERT/client.crt
}

clean() {
    rm $CERT/*.req
    rm $CERT/index*
    rm $CERT/serial*
    rm -rf $CERT/certs
    rm -rf $CERT/newcerts
    rm -rf $CERT/private
    rm -rf $CERT/crl
}

if [ "$1" = "--help" ] || [ "$1" = "-h" ] || [ -z "$1" ]; then
    show_help
    exit 0
else
    init_param $1
    create_ca
    create_certs "server"
    create_certs "client"
    verify
    clean
fi
add generate cert script 2023-06-15 08:32:57 -04:00			`#!/bin/bash`

			`help_text="`
			`Usage: generate_certs.sh <cert_type>\n`
			`<cert_type> only support p384, 2048, 3072, 4096\n`
			`example:\n`
			`sh generate_certs.sh p384\n`
			`sh generate_certs.sh 2048\n`
			`sh generate_certs.sh 3072\n`
			`sh generate_certs.sh 4096\n`
			`"`

			`DIGEST="-sha256"`
			`DIGEST_CA="-md sha256"`
			`CERT_TYPE="2048"`
			`CERT="2048-ca"`

			`show_help() {`
			`echo -e $help_text`
			`}`

			`init_param() {`
			`if [ $(basename "$(pwd)") != "generate_certs" ]; then`
			`echo "path is incorrect, please go into generate_certs directory"`
			`exit`
			`fi`

			`CERT_TYPE=$1`
			`CERT=${CERT_TYPE}-ca`

			`if [ -d "$CERT" ]; then`
			`rm -rf "$CERT"`
			`fi`

			`if [ $1 = "p384" ] \|\| [ $1 = "3072" ]; then`
			`DIGEST="-sha384"`
			`DIGEST_CA="-md sha384"`
			`elif [ $1 = "2048" ] \|\| [ $1 = "4096" ]; then`
			`DIGEST="-sha256"`
			`DIGEST_CA="-md sha256"`
			`else`
			`echo "parameter error"`
			`exit`
			`fi`
			`}`

			`create_ca() {`
			`echo`
			`echo "---[ Root CA ]----------------------------------------------------------"`

			`if [ -d $CERT ]; then`
			`rm $CERT`
			`fi`

			`mkdir -p $CERT`
			`cat example-ca-openssl.cnf \|`
			`sed "s/#@CN@/commonName_default = Root CA/" \|`
			`sed s%\./ca$%./$CERT% \`
			`> ${CERT}-openssl.cnf.tmp`
			`mkdir -p $CERT/certs $CERT/crl $CERT/newcerts $CERT/private`
			`case "$CERT_TYPE" in`
			`"p384") openssl ecparam -out $CERT/ca.key -name secp384r1 -genkey;;`
			`"2048") openssl genrsa -out $CERT/ca.key 2048;;`
			`"3072") openssl genrsa -out $CERT/ca.key 3072;;`
			`"4096") openssl genrsa -out $CERT/ca.key 4096;;`
			`esac`
			`openssl req -config ${CERT}-openssl.cnf.tmp -batch -new -x509 -key $CERT/ca.key -out $CERT/ca.pem $DIGEST`
			`touch $CERT/index.txt`
			`rm ${CERT}-openssl.cnf.tmp`
			`}`

			`create_certs() {`
			`echo`
			`echo "---[ Server ]-----------------------------------------------------------"`
			`echo`

			`cat example-ca-openssl.cnf \|`
			`sed "s/#@CN@/commonName_default = $CERT_TYPE.$1/" \|`
			`sed s%\./ca$%./$CERT% \`
			`> ${CERT}-openssl.cnf.tmp`
			`echo "---[ Generate $1 Key]----------------------------------------------"`
			`case "$CERT_TYPE" in`
			`"p384") openssl ecparam -out $CERT/$1.key -name secp384r1 -genkey;;`
			`"2048") openssl genrsa -out $CERT/$1.key 2048;;`
			`"3072") openssl genrsa -out $CERT/$1.key 3072;;`
			`"4096") openssl genrsa -out $CERT/$1.key 4096;;`
			`esac`
			`echo "---[ Generate $1 Req]----------------------------------------------"`
			`openssl req -config ${CERT}-openssl.cnf.tmp -batch -new -key $CERT/$1.key -out $CERT/$1.req $DIGEST`
			`openssl ca -config ${CERT_TYPE}-ca-openssl.cnf.tmp -batch -keyfile $CERT/ca.key -cert $CERT/ca.pem -create_serial -in $CERT/$1.req -out $CERT/$1.pem -extensions ext_$1 ${DIGEST_CA}`
			`cp $CERT/$1.pem $CERT/$1.crt`
			`rm ${CERT_TYPE}-ca-openssl.cnf.tmp`
			`}`

			`verify() {`
			`echo`
			`echo "---[ Verify ]-----------------------------------------------------------"`
			`echo`

			`openssl verify -CAfile $CERT/ca.pem $CERT/server.pem`
			`openssl verify -CAfile $CERT/ca.pem $CERT/server.crt`
			`openssl verify -CAfile $CERT/ca.pem $CERT/client.pem`
			`openssl verify -CAfile $CERT/ca.pem $CERT/client.crt`
			`}`

			`clean() {`
			`rm $CERT/*.req`
			`rm $CERT/index*`
			`rm $CERT/serial*`
			`rm -rf $CERT/certs`
			`rm -rf $CERT/newcerts`
			`rm -rf $CERT/private`
			`rm -rf $CERT/crl`
			`}`

			`if [ "$1" = "--help" ] \|\| [ "$1" = "-h" ] \|\| [ -z "$1" ]; then`
			`show_help`
			`exit 0`
			`else`
			`init_param $1`
			`create_ca`
			`create_certs "server"`
			`create_certs "client"`
			`verify`
			`clean`
			`fi`