add ocsp cert renew and test-pathlen to script

certs/renewcerts.sh

@@ -354,6 +354,32 @@ function run_renewcerts(){
     ./gen-badsig.sh
     cd ../
 
+    ############################################################
+    ########## generate ocsp certs        ######################
+    ############################################################
+    echo "Changing directory to ocsp..."
+    echo ""
+
+    # guard against recursive calls to renewcerts.sh
+    if [ -d ocsp ]; then
+        cd ./ocsp
+        echo "Execute ./renewcerts.sh..."
+        ./renewcerts.sh
+        cd ../
+    else
+        echo "Error could not find ocsp directory"
+        exit 1
+    fi
+
+    ############################################################
+    ###### calling assemble-chains.sh         ##################
+    ############################################################
+    echo "Calling assemble-chains.sh"
+    echo ""
+    cd ./test-pathlen
+    ./assemble-chains.sh
+    cd ../
+
     ############################################################
     ########## store DER files as buffers ######################
     ############################################################

certs/renewcerts/wolfssl.cnf

@@ -125,6 +125,40 @@ subjectKeyIdentifier=hash
 authorityKeyIdentifier=keyid:always,issuer:always
 basicConstraints=CA:true
 
+# CA with pathlen 0
+[ pathlen_0 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:0
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 1
+[ pathlen_1 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:1
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 127
+[ pathlen_127 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:127
+keyUsage=keyCertSign, cRLSign
+
+# CA with pathlen 128
+[ pathlen_128 ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:true,pathlen:128
+keyUsage=keyCertSign, cRLSign
+
+# test pathlen server cert
+[ test_pathlen ]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints=CA:false
+
 # Extensions to add to a certificate request
 [ v3_req ]
 basicConstraints = CA:FALSE

certs/test-pathlen/assemble-chains.sh

@@ -1,8 +1,192 @@
 #!/bin/bash
 #
 # assemble-chains.sh
-# Assemble all the certificate CA path test cert chains.
+# Create certs and assemble all the certificate CA path test cert chains.
 
+
+###########################################################
+########## update server-0-ca.pem          ################
+###########################################################
+echo "Updating server-0-ca.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-ca-req.pem
+
+openssl x509 -req -in server-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 100 -sha1 > server-0-ca.pem
+
+rm server-0-ca-req.pem
+openssl x509 -in server-0-ca.pem -text > ca_tmp.pem
+mv ca_tmp.pem server-0-ca.pem
+
+
+###########################################################
+########## update server-0-cert.pem        ################
+###########################################################
+echo "Updating server-0-cert.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-cert-req.pem
+
+openssl x509 -req -in server-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 101 -sha1 > server-0-cert.pem
+
+rm server-0-cert-req.pem
+openssl x509 -in server-0-cert.pem -text > cert_tmp.pem
+mv cert_tmp.pem server-0-cert.pem
+
+
+###########################################################
+########## update server-1-ca.pem          ################
+###########################################################
+echo "Updating server-1-ca.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-ca-req.pem
+
+openssl x509 -req -in server-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 102 -sha1 > server-1-ca.pem
+
+rm server-1-ca-req.pem
+openssl x509 -in server-1-ca.pem -text > ca_tmp.pem
+mv ca_tmp.pem server-1-ca.pem
+
+
+###########################################################
+########## update server-1-cert.pem        ################
+###########################################################
+echo "Updating server-1-cert.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-cert-req.pem
+
+openssl x509 -req -in server-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 105 -sha1 > server-1-cert.pem
+
+rm server-1-cert-req.pem
+openssl x509 -in server-1-cert.pem -text > cert_tmp.pem
+mv cert_tmp.pem server-1-cert.pem
+
+
+###########################################################
+########## update server-0-1-ca.pem        ################
+###########################################################
+echo "Updating server-0-1-ca.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-1-ca-req.pem
+
+openssl x509 -req -in server-0-1-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_1 -days 1000 -CA server-0-ca.pem -CAkey ../server-key.pem -set_serial 110 -sha1 > server-0-1-ca.pem
+
+rm server-0-1-ca-req.pem
+openssl x509 -in server-0-1-ca.pem -text > ca_tmp.pem
+mv ca_tmp.pem server-0-1-ca.pem
+
+
+###########################################################
+########## update server-0-1-cert.pem      ################
+###########################################################
+echo "Updating server-0-1-cert.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 0-1\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-0-1-cert-req.pem
+
+openssl x509 -req -in server-0-1-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-0-1-ca.pem -CAkey ../server-key.pem -set_serial 111 -sha1 > server-0-1-cert.pem
+
+rm server-0-1-cert-req.pem
+openssl x509 -in server-0-1-cert.pem -text > cert_tmp.pem
+mv cert_tmp.pem server-0-1-cert.pem
+
+
+###########################################################
+########## update server-1-0-ca.pem        ################
+###########################################################
+echo "Updating server-1-0-ca.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-0-ca-req.pem
+
+openssl x509 -req -in server-1-0-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_0 -days 1000 -CA server-1-ca.pem -CAkey ../server-key.pem -set_serial 103 -sha1 > server-1-0-ca.pem
+
+rm server-1-0-ca-req.pem
+openssl x509 -in server-1-0-ca.pem -text > ca_tmp.pem
+mv ca_tmp.pem server-1-0-ca.pem
+
+
+###########################################################
+########## update server-1-0-cert.pem      ################
+###########################################################
+echo "Updating server-1-0-cert.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 1-0\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-1-0-cert-req.pem
+
+openssl x509 -req -in server-1-0-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-1-0-ca.pem -CAkey ../server-key.pem -set_serial 104 -sha1 > server-1-0-cert.pem
+
+rm server-1-0-cert-req.pem
+openssl x509 -in server-1-0-cert.pem -text > cert_tmp.pem
+mv cert_tmp.pem server-1-0-cert.pem
+
+
+###########################################################
+########## update server-127-ca.pem        ################
+###########################################################
+echo "Updating server-127-ca.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-127-ca-req.pem
+
+openssl x509 -req -in server-127-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_127 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-127-ca.pem
+
+rm server-127-ca-req.pem
+openssl x509 -in server-127-ca.pem -text > ca_tmp.pem
+mv ca_tmp.pem server-127-ca.pem
+
+
+###########################################################
+########## update server-127-cert.pem      ################
+###########################################################
+echo "Updating server-127-cert.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 127\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-127-cert-req.pem
+
+openssl x509 -req -in server-127-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-127-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-127-cert.pem
+
+rm server-127-cert-req.pem
+openssl x509 -in server-127-cert.pem -text > cert_tmp.pem
+mv cert_tmp.pem server-127-cert.pem
+
+
+###########################################################
+########## update server-128-ca.pem        ################
+###########################################################
+echo "Updating server-128-ca.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128 CA\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-128-ca-req.pem
+
+openssl x509 -req -in server-128-ca-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions pathlen_128 -days 1000 -CA ../ca-cert.pem -CAkey ../ca-key.pem -set_serial 106 -sha1 > server-128-ca.pem
+
+rm server-128-ca-req.pem
+openssl x509 -in server-128-ca.pem -text > ca_tmp.pem
+mv ca_tmp.pem server-128-ca.pem
+
+
+###########################################################
+########## update server-128-cert.pem      ################
+###########################################################
+echo "Updating server-128-cert.pem"
+echo ""
+#pipe the following arguments to openssl req...
+echo -e "US\nWashington\nSeattle\nwolfSSL Inc.\nEngineering\nServer 128\ninfo@wolfssl.com\n.\n.\n" | openssl req -new -key ../server-key.pem -nodes -sha1 > server-128-cert-req.pem
+
+openssl x509 -req -in server-128-cert-req.pem -extfile ../renewcerts/wolfssl.cnf -extensions test_pathlen -days 1000 -CA server-128-ca.pem -CAkey ../server-key.pem -set_serial 107 -sha1 > server-128-cert.pem
+
+rm server-128-cert-req.pem
+openssl x509 -in server-128-cert.pem -text > cert_tmp.pem
+mv cert_tmp.pem server-128-cert.pem
+
+
+###########################################################
+########## Assemble Chains                 ################
+###########################################################
 # Success: PathLen of 0
 ## server-0-ca.pem: signed by ca-cert.pem
 ## server-0-cert.pem: signed by server-0-ca.pem