chromium/chrome/test/data/extensions/api_test/certificate_provider/create_test_certs.sh

#!/bin/bash

# Copyright 2015 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

# Generates the following tree of certificates:
#     root (self-signed root)
#      \
#       \--> l1_leaf (end-entity)

SRC_DIR="../../../../../.."
export CA_CERT_UTIL_DIR="${SRC_DIR}/chrome/test/data/policy/ca_util"
source "${CA_CERT_UTIL_DIR}/ca_util.sh"
export CA_CERT_UTIL_OUT_DIR="./out/"

try rm -rf out
try mkdir out

CN=root \
  try root_cert root

CA_ID=root CN=l1_leaf \
  try issue_cert l1_leaf leaf_cert_without_san as_der as_pk8

try rm -rf out

# Also print out the fingerprint to be put into certificate_provider_apitest.cc.
# The fingerprint is in the format AA:BB:CC:... but the c++ side expects aabbcc
# so convert to lowercase using awk and then remove colons using sed.
echo "Make sure to update the fingerprint certificate_provider_apitest.cc"
echo "The new fingerprint of l1_leaf.der is:"
openssl x509 -inform DER -noout -fingerprint -in l1_leaf.der \
  | awk '{print tolower($0)}' | sed -e "s/://g"