github.com/hxx258456/fabric-ca-gm@v0.0.3-0.20221111064038-a268ad7e3a37/images/fabric-ca-fvt/payload/tls_pki.sh (about) 1 #!/bin/bash 2 SCRIPTDIR="/etc/hyperledger/fabric-ca" 3 export HOME=$SCRIPTDIR 4 PKI="$SCRIPTDIR/pki" 5 . "$SCRIPTDIR/fabric-ca_utils" 6 CaDir='/tmp/CAs' 7 RC=0 8 9 curr_year=$(date +"%y") 10 ten=$((curr_year+10)) 11 five=$((curr_year+5)) 12 two=$((curr_year+2)) 13 14 now=$(date +"%y%m%d%H%M%SZ") 15 ten_year=$(date +"$ten%m%d%H%M%SZ") 16 five_year=$(date +"$five%m%d%H%M%SZ") 17 two_year=$(date +"$two%m%d%H%M%SZ") 18 19 KeyType="$1" 20 case ${KeyType:=rsa} in 21 ec) CaKeyLength=521 22 CaDigest="sha512" 23 EeKeyLength=384 24 EeDigest="sha384" 25 ;; 26 rsa) CaKeyLength=4096 27 CaDigest="sha512" 28 EeKeyLength=2048 29 EeDigest="sha256" 30 ;; 31 dsa) CaKeyLength=512 32 CaDigest="sha256" 33 EeKeyLength=512 34 EeDigest="sha256" 35 ;; 36 *) ErrorExit "Unsupported keytype $KeyType" 37 ;; 38 esac 39 40 # Shared variables 41 IpV4Addr='127.0.0.1' 42 IpV6Addr='::1' 43 HostName='localhost' 44 CaKeyUsage='keyCertSign,cRLSign,digitalSignature' 45 EeKeyUsage='digitalSignature,nonRepudiation' 46 CaExpiry="$ten_year" 47 RaExpiry="$five_year" 48 EeExpiry="$two_year" 49 50 # RootCa variables 51 RootCa='FabricTlsRootCa' 52 RootSubject="/C=CN/ST=Anhui/L=Hefei/O=gcsoft/OU=gcbaas-ca/CN=$RootCa/" 53 RootEmail="$RootCa@localhost" 54 55 # SubCa variables 56 SubCa='FabricTlsSubCa' 57 SubSubject="/C=CN/ST=Anhui/L=Hefei/O=gcsoft/OU=gcbaas-ca/CN=$SubCa/" 58 SubEmail="$SubCa@localhost" 59 60 # TlsRa variables 61 TlsRa='FabricTlsRa' 62 TlsRaSubject="/C=CN/ST=Anhui/L=Hefei/O=gcsoft/OU=gcbaas-ca/CN=$TlsRa/" 63 TlsRaEmail="$TlsRa@localhost" 64 65 # TlsServerEE variables 66 TlsServerEE='FabricTlsServerEE' 67 TlsServerSubject="/C=CN/ST=Anhui/L=Hefei/O=gcsoft/OU=gcbaas-ca/CN=$TlsServerEE/" 68 TlsServerEmail="$TlsServerEE@localhost" 69 70 # TlsClientEE variables 71 TlsClientEE='FabricTlsClientEE' 72 TlsClientSubject="/C=CN/ST=Anhui/L=Hefei/O=gcsoft/OU=gcbaas-ca/CN=$TlsClientEE/" 73 TlsClientEmail="$TlsClientEE@localhost" 74 75 cd $HOME 76 77 rm -rf $CaDir/$RootCa 78 rm -rf $CaDir/$SubCa 79 rm -rf $CaDir/$TlsRa 80 81 # TLS root cert 82 $PKI -f newca -a $RootCa -n "$RootSubject" -t $KeyType -l $CaKeyLength \ 83 -d $CaDigest -e $CaExpiry -K "$CaKeyUsage" -p $RootCa -x <<EOF 84 $IpV4Addr 85 "$IpV6Addr" 86 $HostName 87 "$RootEmail" 88 Y 89 EOF 90 91 # TLS SubCa 92 $PKI -f newsub -a $RootCa -b $SubCa -n "$SubSubject" -t $KeyType -l $CaKeyLength \ 93 -d $CaDigest -e $CaExpiry -K "$CaKeyUsage" -p $SubCa -x <<EOF 94 $IpV4Addr 95 "$IpV6Addr" 96 $HostName 97 $SubEmail 98 Y 99 EOF 100 101 # TLS Ra 102 $PKI -f newsub -a $SubCa -b $TlsRa -n "$TlsRaSubject" -t $KeyType -l $CaKeyLength \ 103 -d $CaDigest -e $RaExpiry -K "$CaKeyUsage" -p $TlsRaCa -x <<EOF 104 $IpV4Addr 105 "$IpV6Addr" 106 $HostName 107 $TlsRaEmail 108 Y 109 EOF 110 111 # TLS Server 112 $PKI -f newcert -a $TlsRa -n "$TlsServerSubject" -t $KeyType -l $EeKeyLength \ 113 -d $EeDigest -e $EeExpiry -K "$EeKeyUsage" -E serverAuth -p $TlsServerEE -x <<EOF 114 $IpV4Addr 115 "$IpV6Addr" 116 $HostName 117 $TlsServerEmail 118 Y 119 y 120 y 121 EOF 122 123 # TLS Client 124 $PKI -f newcert -a $TlsRa -n "$TlsClientSubject" -t $KeyType -l $EeKeyLength \ 125 -d $EeDigest -e $EeExpiry -K "$EeKeyUsage" -E clientAuth -p $TlsClientEE -x <<EOF 126 $IpV4Addr 127 "$IpV6Addr" 128 $HostName 129 $TlsClientEmail 130 Y 131 y 132 y 133 EOF 134 135 cat ${TlsRa}*cert.pem ${SubCa}*cert.pem ${RootCa}*cert.pem > FabricTlsPkiBundle.pem