github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/hack/generate-test-rogue-certs.sh

github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/hack/generate-test-rogue-certs.sh (about)

     1  #!/bin/bash
     2  set -eu
     3  
     4  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
     5  
     6  OUT_DIR="${SCRIPT_DIR}/../integration-cli/fixtures/https"
     7  
     8  # generate CA
     9  echo 01 > "${OUT_DIR}/ca-rogue.srl"
    10  openssl genrsa -out "${OUT_DIR}/ca-rogue-key.pem"
    11  
    12  openssl req \
    13  	-new \
    14  	-x509 \
    15  	-days 3652 \
    16  	-subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \
    17  	-nameopt compat \
    18  	-text \
    19  	-key "${OUT_DIR}/ca-rogue-key.pem" \
    20  	-out "${OUT_DIR}/ca-rogue.pem"
    21  
    22  # Now that we have a CA, create a server key and certificate signing request.
    23  # Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use
    24  # to connect or just use '*' for a certificate valid for any hostname:
    25  
    26  openssl genrsa -out "${OUT_DIR}/server-rogue-key.pem"
    27  openssl req -new \
    28  	-subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \
    29  	-text \
    30  	-key "${OUT_DIR}/server-rogue-key.pem" \
    31  	-out "${OUT_DIR}/server-rogue.csr"
    32  
    33  # Options for server certificate
    34  cat > "${OUT_DIR}/server-rogue-options.cfg" << 'EOF'
    35  basicConstraints=CA:FALSE
    36  subjectKeyIdentifier=hash
    37  authorityKeyIdentifier=keyid,issuer
    38  extendedKeyUsage=serverAuth
    39  subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
    40  EOF
    41  
    42  # Generate the certificate and sign with our CA
    43  openssl x509 \
    44  	-req \
    45  	-days 3652 \
    46  	-extfile "${OUT_DIR}/server-rogue-options.cfg" \
    47  	-CA "${OUT_DIR}/ca-rogue.pem" \
    48  	-CAkey "${OUT_DIR}/ca-rogue-key.pem" \
    49  	-nameopt compat \
    50  	-text \
    51  	-in "${OUT_DIR}/server-rogue.csr" \
    52  	-out "${OUT_DIR}/server-rogue-cert.pem"
    53  
    54  # For client authentication, create a client key and certificate signing request
    55  openssl genrsa -out "${OUT_DIR}/client-rogue-key.pem"
    56  openssl req -new \
    57  	-subj "/C=US/ST=CA/L=SanFrancisco/O=Evil Inc/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain" \
    58  	-text \
    59  	-key "${OUT_DIR}/client-rogue-key.pem" \
    60  	-out "${OUT_DIR}/client-rogue.csr"
    61  
    62  # Options for client certificate
    63  cat > "${OUT_DIR}/client-rogue-options.cfg" << 'EOF'
    64  basicConstraints=CA:FALSE
    65  subjectKeyIdentifier=hash
    66  authorityKeyIdentifier=keyid,issuer
    67  extendedKeyUsage=clientAuth
    68  subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
    69  EOF
    70  
    71  # Generate the certificate and sign with our CA:
    72  openssl x509 \
    73  	-req \
    74  	-days 3652 \
    75  	-extfile "${OUT_DIR}/client-rogue-options.cfg" \
    76  	-CA "${OUT_DIR}/ca-rogue.pem" \
    77  	-CAkey "${OUT_DIR}/ca-rogue-key.pem" \
    78  	-nameopt compat \
    79  	-text \
    80  	-in "${OUT_DIR}/client-rogue.csr" \
    81  	-out "${OUT_DIR}/client-rogue-cert.pem"
    82  
    83  rm "${OUT_DIR}/ca-rogue.srl"
    84  rm "${OUT_DIR}/ca-rogue-key.pem"
    85  rm "${OUT_DIR}"/*.cfg
    86  rm "${OUT_DIR}"/*.csr