diff options
Diffstat (limited to '')
| -rwxr-xr-x | tests/common/acme/certs/generate | 66 | ||||
| -rwxr-xr-x | tests/common/acme/certs/generate.ca | 38 | ||||
| -rwxr-xr-x | tests/common/acme/certs/generate.client (renamed from system/services/taskserver/certs/generate.client) | 46 |
3 files changed, 122 insertions, 28 deletions
diff --git a/tests/common/acme/certs/generate b/tests/common/acme/certs/generate new file mode 100755 index 0000000..0d6258e --- /dev/null +++ b/tests/common/acme/certs/generate @@ -0,0 +1,66 @@ +#! /usr/bin/env nix-shell +#! nix-shell -p gnutls -p dash -i dash --impure +# shellcheck shell=dash + +# For development and testing. +# Create a CA key and cert, and use that to generate a server key and cert. +# Creates: +# ca.key.pem +# ca.cert.pem +# server.key.pem +# server.cert.pem + +export SEC_PARAM=ultra +export EXPIRATION_DAYS=123456 +export ORGANIZATION="Vhack.eu Test Keys" +export COUNTRY=EU +export SAN="acme.test" +export KEY_TYPE="ed25519" + +BASEDIR="$(dirname "$0")" +GENERATION_LOCATION="$BASEDIR/output" +cd "$BASEDIR" || { + echo "(BUG?) No basedir ('$BASEDIR')" 1>&2 + exit 1 +} + +ca=false +clients=false + +usage() { + echo "Usage: $0 --ca|--clients" + exit 2 +} + +if [ "$#" -eq 0 ]; then + usage +fi + +for arg in "$@"; do + case "$arg" in + "--ca") + ca=true + ;; + "--clients") + clients=true + ;; + *) + usage + ;; + esac +done + +[ -d "$GENERATION_LOCATION" ] || mkdir --parents "$GENERATION_LOCATION" +cd "$GENERATION_LOCATION" || echo "(BUG?) No generation location fould!" 1>&2 + +[ "$ca" = true ] && ../generate.ca + +# Creates: +# <client_name>.key.pem +# <client_name>.cert.pem +# +[ "$clients" = true ] && ../generate.client "acme.test" + +echo "(INFO) Look for the keys at: $GENERATION_LOCATION" + +# vim: ft=sh diff --git a/tests/common/acme/certs/generate.ca b/tests/common/acme/certs/generate.ca new file mode 100755 index 0000000..92832c5 --- /dev/null +++ b/tests/common/acme/certs/generate.ca @@ -0,0 +1,38 @@ +#! /usr/bin/env sh + +# Take the correct binary to create the certificates +CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) +if [ -z "$CERTTOOL" ]; then + echo "ERROR: No certtool found" >&2 + exit 1 +fi + +# Create a CA key. +$CERTTOOL \ + --generate-privkey \ + --sec-param "$SEC_PARAM" \ + --key-type "$KEY_TYPE" \ + --outfile ca.key.pem + +chmod 600 ca.key.pem + +# Sign a CA cert. +cat <<EOF >ca.template +country = $COUNTRY +dns_name = "$SAN" +expiration_days = $EXPIRATION_DAYS +organization = $ORGANIZATION +ca +EOF +#state = $STATE +#locality = $LOCALITY + +$CERTTOOL \ + --generate-self-signed \ + --load-privkey ca.key.pem \ + --template ca.template \ + --outfile ca.cert.pem + +chmod 600 ca.cert.pem + +# vim: ft=sh diff --git a/system/services/taskserver/certs/generate.client b/tests/common/acme/certs/generate.client index 4f0e503..5930298 100755 --- a/system/services/taskserver/certs/generate.client +++ b/tests/common/acme/certs/generate.client @@ -1,54 +1,44 @@ -#!/bin/sh +#! /usr/bin/env sh # Take the correct binary to create the certificates CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) -if [ -z "$CERTTOOL" ] -then - echo "ERROR: No certtool found" >&2 - exit 1 +if [ -z "$CERTTOOL" ]; then + echo "ERROR: No certtool found" >&2 + exit 1 fi -. ./vars - NAME=client -if [ $# -gt 0 ] -then - NAME=$1 +if [ $# -gt 0 ]; then + NAME="$1" fi -if ! [ -f "$NAME".key.pem ] -then - # Create a client key. - $CERTTOOL \ +# Create a client key. +$CERTTOOL \ --generate-privkey \ - --sec-param $SEC_PARAM \ + --sec-param "$SEC_PARAM" \ + --key-type "$KEY_TYPE" \ --outfile "$NAME".key.pem -fi chmod 600 "$NAME".key.pem -if ! [ -f "$NAME".template ] -then - # Sign a client cert with the key. - cat <<EOF >"$NAME".template -organization = $ORGANIZATION -cn = $CN +# Sign a client cert with the key. +cat <<EOF >"$NAME".template +dns_name = "$NAME" +dns_name = "$SAN" expiration_days = $EXPIRATION_DAYS -tls_www_client +organization = $ORGANIZATION encryption_key signing_key EOF -fi -if ! [ -f "$NAME".cert.pem ] -then - $CERTTOOL \ +$CERTTOOL \ --generate-certificate \ --load-privkey "$NAME".key.pem \ --load-ca-certificate ca.cert.pem \ --load-ca-privkey ca.key.pem \ --template "$NAME".template \ --outfile "$NAME".cert.pem -fi chmod 600 "$NAME".cert.pem + +# vim: ft=sh |