Google Git
Sign in
pigweed / third_party / github / project-chip / connectedhomeip / 1694d34b6e8ad3da51fc9d5406a98a0ebdd741ad / . / credentials / development / gen-development-paa-cert.sh
blob: 6c6a5fe8e906c32e4747e2a8eebf26a7c55306f9 [file] [log] [blame]
Evgeny Margolis2db01232021-08-31 17:42:44 -0700[diff] [blame]1#!/usr/bin/env bash
2
3#
4# Copyright (c) 2021 Project CHIP Authors
5#
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
17#
18
19# Script that was used to generate CHIP Development Protuct Attestation Authority (PAA)
20# certificates.
21# The script expects the path to the chip-cert tool binary as an input argument.
22#
23# Usage example when the script is run from the CHIP SDK root directory:
24# ./credentials/development/gen-development-paa-cert.sh ./out/debug/standalone/chip-cert
25#
26# The result will be stored in:
27# credentials/development/attestation
28#
29
30set -e
31
32here=${0%/*}
33
34dest_dir="$here/attestation"
35
36mkdir -p "$dest_dir"
37
38if [ $# == 1 ]; then
39 chip_cert_tool=$1
40else
41 echo "Error: Please specify exactly one input argument; the path to the chip-cert tool binary"
42 exit
43fi
44
45cert_valid_from="2021-06-28 14:23:43"
46cert_lifetime=4294967295
47paa_key_file="$dest_dir/Chip-Development-PAA-Key"
48paa_cert_file="$dest_dir/Chip-Development-PAA-Cert"
49
50"$chip_cert_tool" gen-att-cert --type a --subject-cn "Matter Development PAA" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --out-key "$paa_key_file".pem --out "$paa_cert_file".pem
51
52"$chip_cert_tool" convert-key "$paa_key_file".pem "$paa_key_file".der --x509-der
53"$chip_cert_tool" convert-cert "$paa_cert_file".pem "$paa_cert_file".der --x509-der
54
55# Example of how Vendor (FFF1) PAI Certificates can be generate:
56#
57# vid=FFF1
58# pai_key_file="$dest_dir/Chip-Development-PAI-$vid-Key"
59# pai_cert_file="$dest_dir/Chip-Development-PAI-$vid-Cert"
60#
61# "$chip_cert_tool" gen-att-cert --type i --subject-cn "Matter Development PAI" --subject-vid "$vid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --ca-key "$paa_key_file".pem --ca-cert "$paa_cert_file".pem --out-key "$pai_key_file".pem --out "$pai_cert_file".pem
62#
63# "$chip_cert_tool" convert-key "$pai_key_file".pem "$pai_key_file".der --x509-der
64# "$chip_cert_tool" convert-cert "$pai_cert_file".pem "$pai_cert_file".der --x509-der