forked from aurae-runtime/aurae
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcertgen
executable file
·90 lines (81 loc) · 4.5 KB
/
certgen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/usr/bin/env bash
# ---------------------------------------------------------------------------- #
# Apache 2.0 License Copyright © 2022-2023 The Aurae Authors #
# #
# +--------------------------------------------+ #
# | █████╗ ██╗ ██╗██████╗ █████╗ ███████╗ | #
# | ██╔══██╗██║ ██║██╔══██╗██╔══██╗██╔════╝ | #
# | ███████║██║ ██║██████╔╝███████║█████╗ | #
# | ██╔══██║██║ ██║██╔══██╗██╔══██║██╔══╝ | #
# | ██║ ██║╚██████╔╝██║ ██║██║ ██║███████╗ | #
# | ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ | #
# +--------------------------------------------+ #
# #
# Distributed Systems Runtime #
# #
# ---------------------------------------------------------------------------- #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
# You may obtain a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
# #
# ---------------------------------------------------------------------------- #
#
set -e
echo ""
# Generate a ed25519 private key
#echo " -> Generating Aurae ED25519 Key: aurae.ed25519.key..."
#openssl genpkey -algorithm ED25519 > ./pki/aurae.ed25519.key
## Generate a root CA
echo " -> Generating Root CA: ca.key, ca.crt..."
openssl req \
-new \
-x509 \
-nodes \
-days 9999 \
-addext "subjectAltName = DNS:unsafe.aurae.io" \
-subj "/C=IS/ST=aurae/L=aurae/O=Aurae/OU=Runtime/CN=unsafe.aurae.io" \
-keyout "./pki/ca.key" \
-out "./pki/ca.crt" 2>/dev/null
## Generate server CSR
echo " -> Generating Server Material: server.key, server.csr..."
openssl genrsa -out ./pki/server.key 4096 2>/dev/null
openssl req \
-new \
-subj "/C=IS/ST=aurae/L=aurae/O=Aurae/OU=Runtime/CN=server.unsafe.aurae.io" \
-addext "subjectAltName = DNS:server.unsafe.aurae.io" \
-key "./pki/server.key" \
-out "./pki/server.csr" 2>/dev/null
## Sign the server cert using the CA
echo " -> Signing Server Material (Root CA): server.csr..."
openssl x509 \
-req \
-days 9999 \
-extfile "./hack/certgen.client.ext" \
-in "./pki/server.csr" \
-CA "./pki/ca.crt" \
-CAkey "./pki/ca.key" \
-CAcreateserial \
-extfile "./hack/certgen.server.ext" \
-out "./pki/_signed.server.crt" 2>/dev/null
## Verify the server material is signed
echo " -> Verify Server Material (Root CA): server.csr..."
openssl verify -CAfile "./pki/ca.crt" "./pki/_signed.server.crt" 1>/dev/null && echo " -> Root Verification: Success!"
# Client <nova>
. ./hack/certgen-client nova
# Client <unsafe>
. ./hack/certgen-client unsafe
# Client <system>
. ./hack/certgen-client system
echo "x509 Version Numbers: "
openssl x509 -noout -text -in "./pki/_signed.server.crt" | grep "Version"
openssl x509 -noout -text -in "./pki/_signed.client.unsafe.crt" | grep "Version"
echo ""