src/dma/vendor/github.com/streadway/amqp/certs.sh

   1 #!/bin/sh
   2 #
   3 # Creates the CA, server and client certs to be used by tls_test.go
   4 # http://www.rabbitmq.com/ssl.html
   5 #
   6 # Copy stdout into the const section of tls_test.go or use for RabbitMQ
   7 #
   8 root=$PWD/certs
   9
  10 if [ -f $root/ca/serial ]; then
  11   echo >&2 "Previous installation found"
  12   echo >&2 "Remove $root/ca and rerun to overwrite"
  13   exit 1
  14 fi
  15
  16 mkdir -p $root/ca/private
  17 mkdir -p $root/ca/certs
  18 mkdir -p $root/server
  19 mkdir -p $root/client
  20
  21 cd $root/ca
  22
  23 chmod 700 private
  24 touch index.txt
  25 echo 'unique_subject = no' > index.txt.attr
  26 echo '01' > serial
  27 echo >openssl.cnf '
  28 [ ca ]
  29 default_ca = testca
  30
  31 [ testca ]
  32 dir = .
  33 certificate = $dir/cacert.pem
  34 database = $dir/index.txt
  35 new_certs_dir = $dir/certs
  36 private_key = $dir/private/cakey.pem
  37 serial = $dir/serial
  38
  39 default_crl_days = 7
  40 default_days = 3650
  41 default_md = sha1
  42
  43 policy = testca_policy
  44 x509_extensions = certificate_extensions
  45
  46 [ testca_policy ]
  47 commonName = supplied
  48 stateOrProvinceName = optional
  49 countryName = optional
  50 emailAddress = optional
  51 organizationName = optional
  52 organizationalUnitName = optional
  53
  54 [ certificate_extensions ]
  55 basicConstraints = CA:false
  56
  57 [ req ]
  58 default_bits = 2048
  59 default_keyfile = ./private/cakey.pem
  60 default_md = sha1
  61 prompt = yes
  62 distinguished_name = root_ca_distinguished_name
  63 x509_extensions = root_ca_extensions
  64
  65 [ root_ca_distinguished_name ]
  66 commonName = hostname
  67
  68 [ root_ca_extensions ]
  69 basicConstraints = CA:true
  70 keyUsage = keyCertSign, cRLSign
  71
  72 [ client_ca_extensions ]
  73 basicConstraints = CA:false
  74 keyUsage = digitalSignature
  75 extendedKeyUsage = 1.3.6.1.5.5.7.3.2
  76
  77 [ server_ca_extensions ]
  78 basicConstraints = CA:false
  79 keyUsage = keyEncipherment
  80 extendedKeyUsage = 1.3.6.1.5.5.7.3.1
  81 subjectAltName = @alt_names
  82
  83 [ alt_names ]
  84 IP.1 = 127.0.0.1
  85 '
  86
  87 openssl req \
  88   -x509 \
  89   -nodes \
  90   -config openssl.cnf \
  91   -newkey rsa:2048 \
  92   -days 3650 \
  93   -subj "/CN=MyTestCA/" \
  94   -out cacert.pem \
  95   -outform PEM
  96
  97 openssl x509 \
  98   -in cacert.pem \
  99   -out cacert.cer \
 100   -outform DER
 101
 102 openssl genrsa -out $root/server/key.pem 2048
 103 openssl genrsa -out $root/client/key.pem 2048
 104
 105 openssl req \
 106   -new \
 107   -nodes \
 108   -config openssl.cnf \
 109   -subj "/CN=127.0.0.1/O=server/" \
 110   -key $root/server/key.pem \
 111   -out $root/server/req.pem \
 112   -outform PEM
 113
 114 openssl req \
 115   -new \
 116   -nodes \
 117   -config openssl.cnf \
 118   -subj "/CN=127.0.0.1/O=client/" \
 119   -key $root/client/key.pem \
 120   -out $root/client/req.pem \
 121   -outform PEM
 122
 123 openssl ca \
 124   -config openssl.cnf \
 125   -in $root/server/req.pem \
 126   -out $root/server/cert.pem \
 127   -notext \
 128   -batch \
 129   -extensions server_ca_extensions
 130
 131 openssl ca \
 132   -config openssl.cnf \
 133   -in $root/client/req.pem \
 134   -out $root/client/cert.pem \
 135   -notext \
 136   -batch \
 137   -extensions client_ca_extensions
 138
 139 cat <<-END
 140 const caCert = \`
 141 `cat $root/ca/cacert.pem`
 142 \`
 143
 144 const serverCert = \`
 145 `cat $root/server/cert.pem`
 146 \`
 147
 148 const serverKey = \`
 149 `cat $root/server/key.pem`
 150 \`
 151
 152 const clientCert = \`
 153 `cat $root/client/cert.pem`
 154 \`
 155
 156 const clientKey = \`
 157 `cat $root/client/key.pem`
 158 \`
 159 END