google.golang.org/grpc@v1.74.2/testdata/spiffe_end2end/intermediate_gen.sh

google.golang.org/grpc@v1.74.2/testdata/spiffe_end2end/intermediate_gen.sh (about)

     1  #!/bin/bash
     2  # Copyright 2025 gRPC authors.
     3  #
     4  # Licensed under the Apache License, Version 2.0 (the "License");
     5  # you may not use this file except in compliance with the License.
     6  # You may obtain a copy of the License at
     7  #
     8  #     http://www.apache.org/licenses/LICENSE-2.0
     9  #
    10  # Unless required by applicable law or agreed to in writing, software
    11  # distributed under the License is distributed on an "AS IS" BASIS,
    12  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  
    16  set -e
    17  
    18  # Meant to be run from testdata/spiffe_end2end/
    19  # Sets up an intermediate ca, generates certificates, then copies then up and deletes unnecessary files
    20  
    21  rm -rf intermediate_ca
    22  mkdir intermediate_ca
    23  cp intermediate.cnf intermediate_ca/
    24  cp spiffe-openssl.cnf intermediate_ca/
    25  pushd intermediate_ca
    26  
    27  # Generating the intermediate CA
    28  openssl genrsa -out temp.rsa 2048
    29  openssl pkcs8 -topk8 -in temp.rsa -out intermediate_ca.key -nocrypt
    30  rm temp.rsa
    31  openssl req -key intermediate_ca.key -new -out temp.csr -config intermediate.cnf
    32  openssl x509 -req -days 3650 -in temp.csr -CA "../ca.pem" -CAkey "../ca.key" -CAcreateserial -out intermediate_ca.pem -extfile intermediate.cnf  -extensions 'v3_req'
    33  
    34  # Generating the leaf and chain
    35  openssl genrsa -out temp.rsa 2048
    36  openssl pkcs8 -topk8 -in temp.rsa -out leaf_signed_by_intermediate.key -nocrypt
    37  openssl req -new -key leaf_signed_by_intermediate.key -out spiffe-cert.csr \
    38   -subj /C=US/ST=CA/L=SVL/O=gRPC/CN=testserver/ \
    39   -config spiffe-openssl.cnf -reqexts spiffe_server_e2e
    40  openssl x509 -req -CA intermediate_ca.pem -CAkey intermediate_ca.key -CAcreateserial \
    41   -in spiffe-cert.csr -out leaf_signed_by_intermediate.pem -extensions spiffe_server_e2e \
    42    -extfile spiffe-openssl.cnf -days 3650 -sha256
    43  cat leaf_signed_by_intermediate.pem intermediate_ca.pem > leaf_and_intermediate_chain.pem
    44  
    45  popd
    46  
    47  # Copy files up to the higher directory
    48  cp "./intermediate_ca/leaf_signed_by_intermediate.key" ./
    49  cp "./intermediate_ca/leaf_signed_by_intermediate.pem" ./
    50  cp "./intermediate_ca/leaf_and_intermediate_chain.pem" ./
    51  cp "./intermediate_ca/intermediate_ca.key" ./
    52  cp "./intermediate_ca/intermediate_ca.pem" ./
    53  
    54  rm ca.srl
    55  rm -rf intermediate_ca