chromium/chrome/test/data/policy/test_certs/create_test_certs.sh

#!/bin/bash

# Copyright 2019 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Generates the following tree of certificates:
#     root_ca_cert (self-signed root)
#      \
#       \--> ok_cert (end-entity)
#      \
#       \--> intermediate_ca_cert (intermediate CA)
#        \
#         \--> ok_cert_by_intermediate (end-identity)

SRC_DIR="../../../../.."
export CA_CERT_UTIL_DIR="${SRC_DIR}/chrome/test/data/policy/ca_util"
source "${CA_CERT_UTIL_DIR}/ca_util.sh"
export CA_CERT_UTIL_OUT_DIR="./out/"

try rm -rf out
try mkdir out

CN=root_ca_cert \
  try root_cert root_ca_cert

CA_ID=root_ca_cert CN="127.0.0.1" SAN="IP:127.0.0.1" \
  try issue_cert ok_cert leaf_cert_san as_pem

CA_ID=root_ca_cert CN=intermediate_ca_cert \
  try issue_cert intermediate_ca_cert ca_cert as_pem

CA_ID=intermediate_ca_cert CN="127.0.0.1" SAN="IP:127.0.0.1" \
  try issue_cert ok_cert_by_intermediate leaf_cert_san as_pem

try rm -rf out

# Read the root CA cert and interemdiate CA cert PEM files and replace newlines
# with \n literals. This is needed because the ONC JSON does not support
# multi-line strings. Note that replacement is done in two steps, using ',' as
# intermediate character. PEM files will not contain commas.
ROOT_CA_CERT_CONTENTS=$(cat root_ca_cert.pem \
  | tr '\n' ',' | sed 's/,/\\n/g')
INTERMEDIATE_CA_CERT_CONTENTS=$(cat intermediate_ca_cert.pem \
  | tr '\n' ',' | sed 's/,/\\n/g')

cat > root-ca-cert.onc << EOL
{
  "Certificates": [
    {
      "GUID": "{b3aae353-cfa9-4093-9aff-9f8ee2bf8c29}",
      "TrustBits": [
        "Web"
      ],
      "Type": "Authority",
      "X509": "${ROOT_CA_CERT_CONTENTS}"
    }
  ],
  "Type": "UnencryptedConfiguration"
}
EOL

cat > root-and-intermediate-ca-certs.onc << EOL
{
  "Certificates": [
    {
      "GUID": "{b3aae353-cfa9-4093-9aff-9f8ee2bf8c29}",
      "TrustBits": [
        "Web"
      ],
      "Type": "Authority",
      "X509": "${ROOT_CA_CERT_CONTENTS}"
    },
    {
      "GUID": "{ac861420-3342-4537-a20e-3c2ec0809b7a}",
      "TrustBits": [ ],
      "Type": "Authority",
      "X509": "${INTERMEDIATE_CA_CERT_CONTENTS}"
    }
  ],
  "Type": "UnencryptedConfiguration"
}
EOL