github.com/pingcap/br@v5.3.0-alpha.0.20220125034240-ec59c7b6ce30+incompatible/tests/_utils/generate_certs (about)

     1  #!/bin/sh
     2  #
     3  # Copyright 2020 PingCAP, Inc.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  
    16  set -eu
    17  
    18  mkdir -p $TEST_DIR/certs
    19  openssl ecparam -out "$TEST_DIR/certs/ca.key" -name prime256v1 -genkey
    20  # CA's Common Name must not be the same as signed certificate.
    21  openssl req -new -batch -sha256 -subj '/CN=br_tests' -key "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.csr"
    22  openssl x509 -req -sha256 -days 2 -in "$TEST_DIR/certs/ca.csr" -signkey "$TEST_DIR/certs/ca.key" -out "$TEST_DIR/certs/ca.pem"
    23  for cluster in tidb pd tikv importer lightning tiflash curl ticdc br; do
    24      openssl ecparam -out "$TEST_DIR/certs/$cluster.key" -name prime256v1 -genkey
    25      openssl req -new -batch -sha256 -subj '/CN=localhost' -key "$TEST_DIR/certs/$cluster.key" -out "$TEST_DIR/certs/$cluster.csr"
    26      openssl x509 -req -sha256 -days 1 -extensions EXT -extfile "tests/config/ipsan.cnf" \
    27          -in "$TEST_DIR/certs/$cluster.csr" \
    28          -CA "$TEST_DIR/certs/ca.pem" \
    29          -CAkey "$TEST_DIR/certs/ca.key" \
    30          -CAcreateserial -out "$TEST_DIR/certs/$cluster.pem"
    31  done