github.com/khulnasoft-lab/khulnasoft@v26.0.1-0.20240328202558-330a6f959fe0+incompatible/hack/generate-test-certs.sh

github.com/khulnasoft-lab/khulnasoft@v26.0.1-0.20240328202558-330a6f959fe0+incompatible/hack/generate-test-certs.sh (about)

     1  #!/bin/bash
     2  set -eu
     3  
     4  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
     5  
     6  # integration/testdata/https (and integration-cli/fixtures/https, which has symlinks to these files)
     7  OUT_DIR="${SCRIPT_DIR}/../integration/testdata/https"
     8  
     9  # generate CA
    10  echo 01 > "${OUT_DIR}/ca.srl"
    11  openssl genrsa -out "${OUT_DIR}/ca-key.pem"
    12  
    13  openssl req \
    14  	-new \
    15  	-x509 \
    16  	-days 3652 \
    17  	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=moby-ci/name=moby/emailAddress=moby@example.org" \
    18  	-nameopt compat \
    19  	-text \
    20  	-key "${OUT_DIR}/ca-key.pem" \
    21  	-out "${OUT_DIR}/ca.pem"
    22  
    23  # Now that we have a CA, create a server key and certificate signing request.
    24  # Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use
    25  # to connect or just use '*' for a certificate valid for any hostname:
    26  
    27  openssl genrsa -out server-key.pem
    28  openssl req -new \
    29  	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=server/name=moby/emailAddress=moby@example.org" \
    30  	-text \
    31  	-key "${OUT_DIR}/server-key.pem" \
    32  	-out "${OUT_DIR}/server.csr"
    33  
    34  # Options for server certificate
    35  cat > "${OUT_DIR}/server-options.cfg" << 'EOF'
    36  basicConstraints=CA:FALSE
    37  subjectKeyIdentifier=hash
    38  authorityKeyIdentifier=keyid,issuer
    39  extendedKeyUsage=serverAuth
    40  subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
    41  EOF
    42  
    43  # Generate the certificate and sign with our CA
    44  openssl x509 \
    45  	-req \
    46  	-days 3652 \
    47  	-extfile "${OUT_DIR}/server-options.cfg" \
    48  	-CA "${OUT_DIR}/ca.pem" \
    49  	-CAkey "${OUT_DIR}/ca-key.pem" \
    50  	-nameopt compat \
    51  	-text \
    52  	-in "${OUT_DIR}/server.csr" \
    53  	-out "${OUT_DIR}/server-cert.pem"
    54  
    55  # For client authentication, create a client key and certificate signing request
    56  openssl genrsa -out "${OUT_DIR}/client-key.pem"
    57  openssl req -new \
    58  	-subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=client/name=moby/emailAddress=moby@example.org" \
    59  	-text \
    60  	-key "${OUT_DIR}/client-key.pem" \
    61  	-out "${OUT_DIR}/client.csr"
    62  
    63  # Options for client certificate
    64  cat > "${OUT_DIR}/client-options.cfg" << 'EOF'
    65  basicConstraints=CA:FALSE
    66  subjectKeyIdentifier=hash
    67  authorityKeyIdentifier=keyid,issuer
    68  extendedKeyUsage=clientAuth
    69  subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1
    70  EOF
    71  
    72  # Generate the certificate and sign with our CA:
    73  openssl x509 \
    74  	-req \
    75  	-days 3652 \
    76  	-extfile "${OUT_DIR}/client-options.cfg" \
    77  	-CA "${OUT_DIR}/ca.pem" \
    78  	-CAkey "${OUT_DIR}/ca-key.pem" \
    79  	-nameopt compat \
    80  	-text \
    81  	-in "${OUT_DIR}/client.csr" \
    82  	-out "${OUT_DIR}/client-cert.pem"
    83  
    84  rm "${OUT_DIR}/ca.srl"
    85  rm "${OUT_DIR}/ca-key.pem"
    86  rm "${OUT_DIR}"/*.cfg
    87  rm "${OUT_DIR}"/*.csr