"Fossies" - the Fresh Open Source Software Archive

Member "mariadb-connector-c-3.0.9-src/.travis/gen-ssl.sh" (8 Feb 2019, 3645 Bytes) of package /linux/misc/mariadb-connector-c-3.0.9-src.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "gen-ssl.sh": 3.0.4-src_vs_3.0.5-src.

    1 #!/bin/bash
    2 set -e
    3 
    4 log () {
    5   echo "$@" 1>&2
    6 }
    7 
    8 print_error () {
    9   echo "$@" 1>&2
   10   exit 1
   11 }
   12 
   13 print_usage () {
   14   print_error "Usage: gen-ssl-cert-key <fqdn> <output-dir>"
   15 }
   16 
   17 gen_cert_subject () {
   18   local fqdn="$1"
   19   [[ "${fqdn}" != "" ]] || print_error "FQDN cannot be blank"
   20   echo "/C=XX/ST=X/O=X/localityName=X/CN=${fqdn}/organizationalUnitName=X/emailAddress=X/"
   21 }
   22 
   23 main () {
   24   local fqdn="$1"
   25   local sslDir="$2"
   26   [[ "${fqdn}" != "" ]] || print_usage
   27   [[ -d "${sslDir}" ]] || print_error "Directory does not exist: ${sslDir}"
   28 
   29   local caCertFile="${sslDir}/ca.crt"
   30   local caKeyFile="${sslDir}/ca.key"
   31   local certFile="${sslDir}/server.crt"
   32   local certShaFile="${sslDir}/server-cert.sha1"
   33   local keyFile="${sslDir}/server.key"
   34   local csrFile=$(mktemp)
   35   local clientCertFile="${sslDir}/client-cert.pem"
   36   local clientKeyFile="${sslDir}/client-key.pem"
   37   local clientEncryptedKeyFile="${sslDir}/client-key-enc.pem"
   38   local clientKeystoreFile="${sslDir}/client-keystore.jks"
   39   local fullClientKeystoreFile="${sslDir}/fullclient-keystore.jks"
   40   local tmpKeystoreFile=$(mktemp)
   41   local pcks12FullKeystoreFile="${sslDir}/fullclient-keystore.p12"
   42   local clientReqFile=$(mktemp)
   43 
   44   log "Generating CA key"
   45   openssl genrsa -out "${caKeyFile}" 2048
   46 
   47   log "Generating CA certificate"
   48   openssl req \
   49     -sha1 \
   50     -new \
   51     -x509 \
   52     -nodes \
   53     -days 3650 \
   54     -subj "$(gen_cert_subject ca.example.com)" \
   55     -key "${caKeyFile}" \
   56     -out "${caCertFile}"
   57 
   58   log "Generating private key"
   59   openssl genrsa -out "${keyFile}" 2048
   60 
   61   log "Generating certificate signing request"
   62   openssl req \
   63     -new \
   64     -batch \
   65     -sha1 \
   66     -subj "$(gen_cert_subject "$fqdn")" \
   67     -set_serial 01 \
   68     -key "${keyFile}" \
   69     -out "${csrFile}" \
   70     -nodes
   71 
   72   log "Generating X509 certificate"
   73   openssl x509 \
   74     -req \
   75     -sha1 \
   76     -set_serial 01 \
   77     -CA "${caCertFile}" \
   78     -CAkey "${caKeyFile}" \
   79     -days 3650 \
   80     -in "${csrFile}" \
   81     -signkey "${keyFile}" \
   82     -out "${certFile}"
   83 
   84   log "Generating client certificate"
   85   openssl req \
   86     -batch \
   87     -newkey rsa:2048 \
   88     -days 3600 \
   89     -subj "$(gen_cert_subject "$fqdn")" \
   90     -nodes \
   91     -keyout "${clientKeyFile}" \
   92     -out "${clientReqFile}"
   93 
   94   log "Generating password protected client key file"
   95   openssl rsa \
   96      -aes256 \
   97      -in "${clientKeyFile}" \
   98      -out "${clientEncryptedKeyFile}" \
   99      -passout pass:qwerty
  100 
  101    log "Generating finger print of server certificate"
  102    openssl x509 \
  103      -noout \
  104      -fingerprint \
  105      -sha1 \
  106      -inform pem \
  107      -in "${certFile}" | \
  108      sed -e  "s/SHA1 Fingerprint=//g" \
  109      > "${certShaFile}"
  110 
  111   log "copy ca file"
  112     cp "${caCertFile}" "${sslDir}/cacert.pem"
  113 
  114   openssl x509 \
  115     -req \
  116     -in "${clientReqFile}" \
  117     -days 3600 \
  118     -CA "${caCertFile}" \
  119     -CAkey "${caKeyFile}" \
  120     -set_serial 01 \
  121     -out "${clientCertFile}"
  122 
  123   # Now generate a keystore with the client cert & key
  124   log "Generating client keystore"
  125   openssl pkcs12 \
  126     -export \
  127     -in "${clientCertFile}" \
  128     -inkey "${clientKeyFile}" \
  129     -out "${tmpKeystoreFile}" \
  130     -name "mysqlAlias" \
  131     -passout pass:kspass
  132 
  133 
  134   # Now generate a full keystore with the client cert & key + trust certificates
  135   log "Generating full client keystore"
  136   openssl pkcs12 \
  137     -export \
  138     -in "${clientCertFile}" \
  139     -inkey "${clientKeyFile}" \
  140     -out "${pcks12FullKeystoreFile}" \
  141     -name "mysqlAlias" \
  142     -passout pass:kspass
  143 
  144 
  145   # Clean up CSR file:
  146   rm "$csrFile"
  147   rm "$clientReqFile"
  148   rm "$tmpKeystoreFile"
  149 
  150   log "Generated key file and certificate in: ${sslDir}"
  151   ls -l "${sslDir}"
  152 }
  153 
  154 main "$@"
  155