github.com/canhui/fabric_ca2_2@v2.0.0-alpha+incompatible/images/fabric-ca-fvt/payload/tls_pki.sh (about) 1 #!/bin/bash 2 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 3 SCRIPTDIR="/etc/hyperledger/fabric-ca" 4 export HOME=$SCRIPTDIR 5 PKI="$SCRIPTDIR/pki" 6 . $SCRIPTDIR/fabric-ca_utils 7 CaDir='/tmp/CAs' 8 RC=0 9 10 curr_year=$(date +"%g") 11 ten=$((curr_year+10)) 12 five=$((curr_year+5)) 13 two=$((curr_year+2)) 14 15 now=$(date +"%g%m%d%H%M%SZ") 16 ten_year=$(date +"$ten%m%d%H%M%SZ") 17 five_year=$(date +"$five%m%d%H%M%SZ") 18 two_year=$(date +"$two%m%d%H%M%SZ") 19 20 KeyType="$1" 21 case ${KeyType:=rsa} in 22 ec) CaKeyLength=521 23 CaDigest="sha512" 24 EeKeyLength=384 25 EeDigest="sha384" 26 ;; 27 rsa) CaKeyLength=4096 28 CaDigest="sha512" 29 EeKeyLength=2048 30 EeDigest="sha256" 31 ;; 32 dsa) CaKeyLength=512 33 CaDigest="sha256" 34 EeKeyLength=512 35 EeDigest="sha256" 36 ;; 37 *) ErrorExit "Unsupported keytype $KeyType" 38 ;; 39 esac 40 41 # Shared variables 42 IpV4Addr='127.0.0.1' 43 IpV6Addr='::1' 44 HostName='localhost' 45 CaKeyUsage='keyCertSign,cRLSign,digitalSignature' 46 EeKeyUsage='digitalSignature,nonRepudiation' 47 CaExpiry="$ten_year" 48 RaExpiry="$five_year" 49 EeExpiry="$two_year" 50 51 # RootCa variables 52 RootCa='FabricTlsRootCa' 53 RootSubject="/C=US/ST=North Carolina/L=RTP/O=Hyperledger/OU=fabric-ca/CN=$RootCa/" 54 RootEmail="$RootCa@localhost" 55 56 # SubCa variables 57 SubCa='FabricTlsSubCa' 58 SubSubject="/C=US/ST=North Carolina/L=RTP/O=Hyperledger/OU=fabric-ca/CN=$SubCa/" 59 SubEmail="$SubCa@localhost" 60 61 # TlsRa variables 62 TlsRa='FabricTlsRa' 63 TlsRaSubject="/C=US/ST=North Carolina/L=RTP/O=Hyperledger/OU=fabric-ca/CN=$TlsRa/" 64 TlsRaEmail="$TlsRa@localhost" 65 66 # TlsServerEE variables 67 TlsServerEE='FabricTlsServerEE' 68 TlsServerSubject="/C=US/ST=North Carolina/L=RTP/O=Hyperledger/OU=fabric-ca/CN=$TlsServerEE/" 69 TlsServerEmail="$TlsServerEE@localhost" 70 71 # TlsClientEE variables 72 TlsClientEE='FabricTlsClientEE' 73 TlsClientSubject="/C=US/ST=North Carolina/L=RTP/O=Hyperledger/OU=fabric-ca/CN=$TlsClientEE/" 74 TlsClientEmail="$TlsClientEE@localhost" 75 76 cd $HOME 77 78 rm -rf $CaDir/$RootCa 79 rm -rf $CaDir/$SubCa 80 rm -rf $CaDir/$TlsRa 81 82 # TLS root cert 83 $PKI -f newca -a $RootCa -n "$RootSubject" -t $KeyType -l $CaKeyLength \ 84 -d $CaDigest -e $CaExpiry -K "$CaKeyUsage" -p $RootCa -x <<EOF 85 $IpV4Addr 86 "$IpV6Addr" 87 $HostName 88 "$RootEmail" 89 Y 90 EOF 91 92 # TLS SubCa 93 $PKI -f newsub -a $RootCa -b $SubCa -n "$SubSubject" -t $KeyType -l $CaKeyLength \ 94 -d $CaDigest -e $CaExpiry -K "$CaKeyUsage" -p $SubCa -x <<EOF 95 $IpV4Addr 96 "$IpV6Addr" 97 $HostName 98 $SubEmail 99 Y 100 EOF 101 102 # TLS Ra 103 $PKI -f newsub -a $SubCa -b $TlsRa -n "$TlsRaSubject" -t $KeyType -l $CaKeyLength \ 104 -d $CaDigest -e $RaExpiry -K "$CaKeyUsage" -p $TlsRaCa -x <<EOF 105 $IpV4Addr 106 "$IpV6Addr" 107 $HostName 108 $TlsRaEmail 109 Y 110 EOF 111 112 # TLS Server 113 $PKI -f newcert -a $TlsRa -n "$TlsServerSubject" -t $KeyType -l $EeKeyLength \ 114 -d $EeDigest -e $EeExpiry -K "$EeKeyUsage" -E serverAuth -p $TlsServerEE -x <<EOF 115 $IpV4Addr 116 "$IpV6Addr" 117 $HostName 118 $TlsServerEmail 119 Y 120 y 121 y 122 EOF 123 124 # TLS Client 125 $PKI -f newcert -a $TlsRa -n "$TlsClientSubject" -t $KeyType -l $EeKeyLength \ 126 -d $EeDigest -e $EeExpiry -K "$EeKeyUsage" -E clientAuth -p $TlsClientEE -x <<EOF 127 $IpV4Addr 128 "$IpV6Addr" 129 $HostName 130 $TlsClientEmail 131 Y 132 y 133 y 134 EOF 135 136 cat ${TlsRa}*cert.pem ${SubCa}*cert.pem ${RootCa}*cert.pem > FabricTlsPkiBundle.pem