github.com/khulnasoft-lab/khulnasoft@v26.0.1-0.20240328202558-330a6f959fe0+incompatible/hack/generate-test-certs.sh (about) 1 #!/bin/bash 2 set -eu 3 4 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" 5 6 # integration/testdata/https (and integration-cli/fixtures/https, which has symlinks to these files) 7 OUT_DIR="${SCRIPT_DIR}/../integration/testdata/https" 8 9 # generate CA 10 echo 01 > "${OUT_DIR}/ca.srl" 11 openssl genrsa -out "${OUT_DIR}/ca-key.pem" 12 13 openssl req \ 14 -new \ 15 -x509 \ 16 -days 3652 \ 17 -subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=moby-ci/name=moby/emailAddress=moby@example.org" \ 18 -nameopt compat \ 19 -text \ 20 -key "${OUT_DIR}/ca-key.pem" \ 21 -out "${OUT_DIR}/ca.pem" 22 23 # Now that we have a CA, create a server key and certificate signing request. 24 # Make sure that `"Common Name (e.g. server FQDN or YOUR name)"` matches the hostname you will use 25 # to connect or just use '*' for a certificate valid for any hostname: 26 27 openssl genrsa -out server-key.pem 28 openssl req -new \ 29 -subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=server/name=moby/emailAddress=moby@example.org" \ 30 -text \ 31 -key "${OUT_DIR}/server-key.pem" \ 32 -out "${OUT_DIR}/server.csr" 33 34 # Options for server certificate 35 cat > "${OUT_DIR}/server-options.cfg" << 'EOF' 36 basicConstraints=CA:FALSE 37 subjectKeyIdentifier=hash 38 authorityKeyIdentifier=keyid,issuer 39 extendedKeyUsage=serverAuth 40 subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1 41 EOF 42 43 # Generate the certificate and sign with our CA 44 openssl x509 \ 45 -req \ 46 -days 3652 \ 47 -extfile "${OUT_DIR}/server-options.cfg" \ 48 -CA "${OUT_DIR}/ca.pem" \ 49 -CAkey "${OUT_DIR}/ca-key.pem" \ 50 -nameopt compat \ 51 -text \ 52 -in "${OUT_DIR}/server.csr" \ 53 -out "${OUT_DIR}/server-cert.pem" 54 55 # For client authentication, create a client key and certificate signing request 56 openssl genrsa -out "${OUT_DIR}/client-key.pem" 57 openssl req -new \ 58 -subj "/C=US/ST=CA/L=SanFrancisco/O=Moby-project/OU=ci/CN=client/name=moby/emailAddress=moby@example.org" \ 59 -text \ 60 -key "${OUT_DIR}/client-key.pem" \ 61 -out "${OUT_DIR}/client.csr" 62 63 # Options for client certificate 64 cat > "${OUT_DIR}/client-options.cfg" << 'EOF' 65 basicConstraints=CA:FALSE 66 subjectKeyIdentifier=hash 67 authorityKeyIdentifier=keyid,issuer 68 extendedKeyUsage=clientAuth 69 subjectAltName=DNS:*,DNS:localhost,IP:127.0.0.1,IP:::1 70 EOF 71 72 # Generate the certificate and sign with our CA: 73 openssl x509 \ 74 -req \ 75 -days 3652 \ 76 -extfile "${OUT_DIR}/client-options.cfg" \ 77 -CA "${OUT_DIR}/ca.pem" \ 78 -CAkey "${OUT_DIR}/ca-key.pem" \ 79 -nameopt compat \ 80 -text \ 81 -in "${OUT_DIR}/client.csr" \ 82 -out "${OUT_DIR}/client-cert.pem" 83 84 rm "${OUT_DIR}/ca.srl" 85 rm "${OUT_DIR}/ca-key.pem" 86 rm "${OUT_DIR}"/*.cfg 87 rm "${OUT_DIR}"/*.csr