esp8266-std/tools/makefile.sh

# * Redistributions in binary form must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer in the
#   documentation and/or other materials provided with the distribution.
# * Neither the name of the axTLS project nor the names of its
#   contributors may be used to endorse or promote products derived
#   from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 
# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
PROJECT_NAME="TLS Project"
mkdir ca
mkdir bin
TrueCA=-1
if [ -f "ca.crt" ]; then
	echo ca.crt is found, generating esp_ca_cert.bin...
	TrueCA=1
else
	echo ca.crt not exist\! We would generate self-signed CA certificate,and generating esp_ca_cert.bin...
	TrueCA=0

# Generate the openssl configuration files.
cat > ca_cert.conf << EOF  
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]
 O                      = $PROJECT_NAME Dodgy Certificate Authority
EOF

	
	openssl genrsa -out ca.key 1024	#you can change number 1024 if encryption bits is required
	openssl req -out ca.req -key ca.key -new -config ./ca_cert.conf

	# generate the actual self-signed ca certs.
	openssl x509 -req -in ca.req -out ca.crt -sha1 -days 5000 -signkey ca.key

	cp ca.key ca/

fi

	openssl x509 -in ca.crt -outform DER -out TLS.ca_x509.cer
	cp TLS.ca_x509.cer ca/
	cp make_cacert.py ca/
	cd ca/
	python make_cacert.py
	cd ..
	cp ca/esp_ca_cert.bin bin/
	cp ca.crt ca/

echo esp_ca_cert.bin generated OK\!

if [ $TrueCA -eq 1 ];then
	echo trust CA
	if [ -f "client.crt" ] && [ -f "client.key" ]; then
		echo client.crt \&\& client.key are found, generating esp_cert_private_key.bin 
		mkdir client
		mkdir include
		openssl rsa -in client.key -out TLS.key_1024 -outform DER
		openssl x509 -in client.crt -outform DER -out TLS.x509_1024.cer
		cp TLS.x509_1024.cer client/
		cp TLS.key_1024 client/
		mv client/TLS.x509_1024.cer client/certificate.cer
		mv client/TLS.key_1024 client/private_key.key_1024
		cp make_cert.py client/
		cd client
	
		python make_cert.py
		rm make_cert.py
		mv esp_cert_private_key.bin ../bin/
		cd ..

		# set default cert for use in the client
		xxd -i  TLS.x509_1024.cer | sed -e \
		        "s/TLS_x509_1024_cer/default_certificate/" > cert.h
		# set default key for use in the server
		xxd -i TLS.key_1024 | sed -e \
		        "s/TLS_key_1024/default_private_key/" > private_key.h
		cp cert.h private_key.h include/
		cp client.crt client.key client/
		
	elif [ -f "server.crt" ] && [ -f "server.key" ]; then
		echo server.crt \&\& server.key are found, generating esp_cert_private_key.bin
		mkdir server
		mkdir include
		openssl rsa -in server.key -out TLS.key_1024 -outform DER
		openssl x509 -in server.crt -outform DER -out TLS.x509_1024.cer
		cp TLS.x509_1024.cer server/
		cp TLS.key_1024 server/
		mv server/TLS.x509_1024.cer server/certificate.cer
		mv server/TLS.key_1024 server/private_key.key_1024
		cp make_cert.py server/
		cd server
	
		python make_cert.py
		rm make_cert.py
		mv esp_cert_private_key.bin ../bin/
		cd ..

		# set default cert for use in the client
		xxd -i  TLS.x509_1024.cer | sed -e \
		        "s/TLS_x509_1024_cer/default_certificate/" > cert.h
		# set default key for use in the server
		xxd -i TLS.key_1024 | sed -e \
		        "s/TLS_key_1024/default_private_key/" > private_key.h
		cp cert.h private_key.h include/
		cp server.crt server.key server/
	else
		echo we would not generate certificate \for ESP chip when trust CA exist and [client.crt \&\& client.key] or [server.crt \&\& server.key] could not be found.
	fi
elif [ $TrueCA -eq 0 ];then
	echo generate cerificate and private key with self-signed CA
	mkdir server
	mkdir client
	mkdir include

cat > server_cert.conf << EOF  
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]
 O                      = $PROJECT_NAME
 CN                     = 192.168.111.104
EOF

cat > client_cert.conf << EOF  
[ req ]
distinguished_name     = req_distinguished_name
prompt                 = no

[ req_distinguished_name ]
 O                      = $PROJECT_NAME Device Certificate
 CN                     = 192.168.111.111
EOF

	openssl genrsa -out server.key 1024
	openssl genrsa -out client.key 1024

	openssl rsa -in client.key -out TLS.key_1024 -outform DER
	openssl req -out server.req -key server.key -new -config ./server_cert.conf 
	openssl req -out client.req -key client.key -new -config ./client_cert.conf 

	openssl x509 -req -in server.req -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key
	openssl x509 -req -in client.req -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key
	cp server.crt server.key server/

	openssl x509 -in client.crt -outform DER -out TLS.x509_1024.cer
	cp TLS.x509_1024.cer client/
	cp TLS.key_1024 client/
	mv client/TLS.x509_1024.cer client/certificate.cer
	mv client/TLS.key_1024 client/private_key.key_1024
	cp make_cert.py client/
	cd client
	
	python make_cert.py
	rm make_cert.py
	mv esp_cert_private_key.bin ../bin/
	cd ..

		# set default cert for use in the client
		xxd -i  TLS.x509_1024.cer | sed -e \
		        "s/TLS_x509_1024_cer/default_certificate/" > cert.h
		# set default key for use in the server
		xxd -i TLS.key_1024 | sed -e \
		        "s/TLS_key_1024/default_private_key/" > private_key.h
		mv cert.h private_key.h include/
	cp client.crt client.key client/
		rm *.crt
		rm *.key

else
	echo error happened\!TrueCA didnot initialize.
fi

#delete intermediate file

rm ca/make_cacert.py ca/esp_ca_cert.bin -rf
rm *.conf -rf
rm *.req -rf
rm *.h -rf

rm *.srl -rf

find -name \*.cer | xargs rm -f
find -name \*.key_1024 | xargs rm -f

echo esp_ca_cert.bin \&\& esp_cert_private_key.bin was generated under bin\/ directory

# set ca crt for use in the client
cp ca/ca.crt ./
cp client/client.crt ./
cp client/client.key ./

xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_client_crt.h

# set client crt for use in the client
xxd -i client.crt | sed -e "s/client_crt/client_crt/" >> ssl_client_crt.h

# set private key for use in the client
xxd -i client.key | sed -e "s/client_key/client_key/" >> ssl_client_crt.h

mv ssl_client_crt.h ../include/
rm ca.crt client.crt client.key
Init Projects 2018-11-23 01:43:17 +00:00			`# * Redistributions in binary form must reproduce the above copyright`
			`# notice, this list of conditions and the following disclaimer in the`
			`# documentation and/or other materials provided with the distribution.`
			`# * Neither the name of the axTLS project nor the names of its`
			`# contributors may be used to endorse or promote products derived`
			`# from this software without specific prior written permission.`
			`#`
			`# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS`
			`# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT`
			`# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR`
			`# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR`
			`# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,`
			`# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED`
			`# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,`
			`# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY`
			`# OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING`
			`# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF`
			`# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`#`
			`PROJECT_NAME="TLS Project"`
			`mkdir ca`
			`mkdir bin`
			`TrueCA=-1`
			`if [ -f "ca.crt" ]; then`
			`echo ca.crt is found, generating esp_ca_cert.bin...`
			`TrueCA=1`
			`else`
			`echo ca.crt not exist\! We would generate self-signed CA certificate,and generating esp_ca_cert.bin...`
			`TrueCA=0`

			`# Generate the openssl configuration files.`
			`cat > ca_cert.conf << EOF`
			`[ req ]`
			`distinguished_name = req_distinguished_name`
			`prompt = no`

			`[ req_distinguished_name ]`
			`O = $PROJECT_NAME Dodgy Certificate Authority`
			`EOF`


			`openssl genrsa -out ca.key 1024 #you can change number 1024 if encryption bits is required`
			`openssl req -out ca.req -key ca.key -new -config ./ca_cert.conf`

			`# generate the actual self-signed ca certs.`
			`openssl x509 -req -in ca.req -out ca.crt -sha1 -days 5000 -signkey ca.key`

			`cp ca.key ca/`

			`fi`

			`openssl x509 -in ca.crt -outform DER -out TLS.ca_x509.cer`
			`cp TLS.ca_x509.cer ca/`
			`cp make_cacert.py ca/`
			`cd ca/`
			`python make_cacert.py`
			`cd ..`
			`cp ca/esp_ca_cert.bin bin/`
			`cp ca.crt ca/`

			`echo esp_ca_cert.bin generated OK\!`

			`if [ $TrueCA -eq 1 ];then`
			`echo trust CA`
			`if [ -f "client.crt" ] && [ -f "client.key" ]; then`
			`echo client.crt \&\& client.key are found, generating esp_cert_private_key.bin`
			`mkdir client`
			`mkdir include`
			`openssl rsa -in client.key -out TLS.key_1024 -outform DER`
			`openssl x509 -in client.crt -outform DER -out TLS.x509_1024.cer`
			`cp TLS.x509_1024.cer client/`
			`cp TLS.key_1024 client/`
			`mv client/TLS.x509_1024.cer client/certificate.cer`
			`mv client/TLS.key_1024 client/private_key.key_1024`
			`cp make_cert.py client/`
			`cd client`

			`python make_cert.py`
			`rm make_cert.py`
			`mv esp_cert_private_key.bin ../bin/`
			`cd ..`

			`# set default cert for use in the client`
			`xxd -i TLS.x509_1024.cer \| sed -e \`
			`"s/TLS_x509_1024_cer/default_certificate/" > cert.h`
			`# set default key for use in the server`
			`xxd -i TLS.key_1024 \| sed -e \`
			`"s/TLS_key_1024/default_private_key/" > private_key.h`
			`cp cert.h private_key.h include/`
			`cp client.crt client.key client/`

			`elif [ -f "server.crt" ] && [ -f "server.key" ]; then`
			`echo server.crt \&\& server.key are found, generating esp_cert_private_key.bin`
			`mkdir server`
			`mkdir include`
			`openssl rsa -in server.key -out TLS.key_1024 -outform DER`
			`openssl x509 -in server.crt -outform DER -out TLS.x509_1024.cer`
			`cp TLS.x509_1024.cer server/`
			`cp TLS.key_1024 server/`
			`mv server/TLS.x509_1024.cer server/certificate.cer`
			`mv server/TLS.key_1024 server/private_key.key_1024`
			`cp make_cert.py server/`
			`cd server`

			`python make_cert.py`
			`rm make_cert.py`
			`mv esp_cert_private_key.bin ../bin/`
			`cd ..`

			`# set default cert for use in the client`
			`xxd -i TLS.x509_1024.cer \| sed -e \`
			`"s/TLS_x509_1024_cer/default_certificate/" > cert.h`
			`# set default key for use in the server`
			`xxd -i TLS.key_1024 \| sed -e \`
			`"s/TLS_key_1024/default_private_key/" > private_key.h`
			`cp cert.h private_key.h include/`
			`cp server.crt server.key server/`
			`else`
			`echo we would not generate certificate \for ESP chip when trust CA exist and [client.crt \&\& client.key] or [server.crt \&\& server.key] could not be found.`
			`fi`
			`elif [ $TrueCA -eq 0 ];then`
			`echo generate cerificate and private key with self-signed CA`
			`mkdir server`
			`mkdir client`
			`mkdir include`

			`cat > server_cert.conf << EOF`
			`[ req ]`
			`distinguished_name = req_distinguished_name`
			`prompt = no`

			`[ req_distinguished_name ]`
			`O = $PROJECT_NAME`
			`CN = 192.168.111.104`
			`EOF`

			`cat > client_cert.conf << EOF`
			`[ req ]`
			`distinguished_name = req_distinguished_name`
			`prompt = no`

			`[ req_distinguished_name ]`
			`O = $PROJECT_NAME Device Certificate`
			`CN = 192.168.111.111`
			`EOF`

			`openssl genrsa -out server.key 1024`
			`openssl genrsa -out client.key 1024`

			`openssl rsa -in client.key -out TLS.key_1024 -outform DER`
			`openssl req -out server.req -key server.key -new -config ./server_cert.conf`
			`openssl req -out client.req -key client.key -new -config ./client_cert.conf`

			`openssl x509 -req -in server.req -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key`
			`openssl x509 -req -in client.req -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key`
			`cp server.crt server.key server/`

			`openssl x509 -in client.crt -outform DER -out TLS.x509_1024.cer`
			`cp TLS.x509_1024.cer client/`
			`cp TLS.key_1024 client/`
			`mv client/TLS.x509_1024.cer client/certificate.cer`
			`mv client/TLS.key_1024 client/private_key.key_1024`
			`cp make_cert.py client/`
			`cd client`

			`python make_cert.py`
			`rm make_cert.py`
			`mv esp_cert_private_key.bin ../bin/`
			`cd ..`

			`# set default cert for use in the client`
			`xxd -i TLS.x509_1024.cer \| sed -e \`
			`"s/TLS_x509_1024_cer/default_certificate/" > cert.h`
			`# set default key for use in the server`
			`xxd -i TLS.key_1024 \| sed -e \`
			`"s/TLS_key_1024/default_private_key/" > private_key.h`
			`mv cert.h private_key.h include/`
			`cp client.crt client.key client/`
			`rm *.crt`
			`rm *.key`

			`else`
			`echo error happened\!TrueCA didnot initialize.`
			`fi`

			`#delete intermediate file`

			`rm ca/make_cacert.py ca/esp_ca_cert.bin -rf`
			`rm *.conf -rf`
			`rm *.req -rf`
			`rm *.h -rf`

			`rm *.srl -rf`

			`find -name \*.cer \| xargs rm -f`
			`find -name \*.key_1024 \| xargs rm -f`

			`echo esp_ca_cert.bin \&\& esp_cert_private_key.bin was generated under bin\/ directory`

			`# set ca crt for use in the client`
			`cp ca/ca.crt ./`
			`cp client/client.crt ./`
			`cp client/client.key ./`

			`xxd -i ca.crt \| sed -e "s/ca_crt/ca_crt/" > ssl_client_crt.h`

			`# set client crt for use in the client`
			`xxd -i client.crt \| sed -e "s/client_crt/client_crt/" >> ssl_client_crt.h`

			`# set private key for use in the client`
			`xxd -i client.key \| sed -e "s/client_key/client_key/" >> ssl_client_crt.h`

			`mv ssl_client_crt.h ../include/`
			`rm ca.crt client.crt client.key`