forked from open-telemetry/opentelemetry-collector-contrib
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gen-certs.sh
executable file
·126 lines (108 loc) · 3.32 KB
/
gen-certs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/usr/bin/env bash
# Copyright The OpenTelemetry Authors
# SPDX-License-Identifier: Apache-2.0
# This script is used to create the CA, server and client's certificates and keys required by unit tests.
# These certificates use the Subject Alternative Name extension rather than the Common Name, which will be unsupported from Go 1.15.
usage() {
echo "Usage: $0 [-d]"
echo
echo "-d Dry-run mode. No project files will not be modified. Default: 'false'"
echo "-m Domain name to use in the certificate. Default: 'localhost'"
echo "-o Output directory where certificates will be written to. Default: '.'; the current directory"
exit 1
}
dry_run=false
domain="localhost"
output_dir="."
while getopts "dm:o:" o; do
case "${o}" in
d)
dry_run=true
;;
m)
domain=$OPTARG
;;
o)
output_dir=$OPTARG
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
set -ex
# Create temp dir for generated files.
tmp_dir=$(mktemp -d -t certificates)
clean_up() {
ARG=$?
if [ $dry_run = true ]; then
echo "Dry-run complete. Generated files can be found in $tmp_dir"
else
rm -rf "$tmp_dir"
fi
exit $ARG
}
trap clean_up EXIT
gen_ssl_conf() {
domain_name=$1
output_file=$2
cat << EOF > "$output_file"
[ req ]
prompt = no
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = AU
stateOrProvinceName = Australia
localityName = Sydney
organizationName = MyOrgName
commonName = MyCommonName
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = $domain_name
EOF
}
# Generate config files.
gen_ssl_conf "$domain" "$tmp_dir/ssl.conf"
# Create CA (accept defaults from prompts).
openssl genrsa -out "$tmp_dir/ca.key" 2048
openssl req -new -key "$tmp_dir/ca.key" -x509 -days 3650 -out "$tmp_dir/ca.crt" -config "$tmp_dir/ssl.conf"
# Create client and server keys.
openssl genrsa -out "$tmp_dir/server.key" 2048
openssl genrsa -out "$tmp_dir/client.key" 2048
# Create certificate sign request using the above created keys.
openssl req -new -nodes -key "$tmp_dir/server.key" -out "$tmp_dir/server.csr" -config "$tmp_dir/ssl.conf"
openssl req -new -nodes -key "$tmp_dir/client.key" -out "$tmp_dir/client.csr" -config "$tmp_dir/ssl.conf"
# Creating the client and server certificates.
openssl x509 -req \
-sha256 \
-days 3650 \
-in "$tmp_dir/server.csr" \
-out "$tmp_dir/server.crt" \
-extensions req_ext \
-CA "$tmp_dir/ca.crt" \
-CAkey "$tmp_dir/ca.key" \
-CAcreateserial \
-extfile "$tmp_dir/ssl.conf"
openssl x509 -req \
-sha256 \
-days 3650 \
-in "$tmp_dir/client.csr" \
-out "$tmp_dir/client.crt" \
-extensions req_ext \
-CA "$tmp_dir/ca.crt" \
-CAkey "$tmp_dir/ca.key" \
-CAcreateserial \
-extfile "$tmp_dir/ssl.conf"
# Copy files if not in dry-run mode.
if [ $dry_run = false ]; then
cp "$tmp_dir/ca.crt" \
"$tmp_dir/client.crt" \
"$tmp_dir/client.key" \
"$tmp_dir/server.crt" \
"$tmp_dir/server.key" \
"$output_dir"
fi