diff options
author | Filip Krzywka <filip.krzywka@nokia.com> | 2018-12-12 08:14:57 +0100 |
---|---|---|
committer | Filip Krzywka <filip.krzywka@nokia.com> | 2018-12-12 14:29:28 +0100 |
commit | ccdbec825673153bd57681fa8e1e5a507f4f776b (patch) | |
tree | 5a08208daa706ad1d816be1ebd8bce3067e30f6a /ssl | |
parent | a239958522a9edd0951854884dd11a7ef5513ca4 (diff) |
Add helper scripts
Change-Id: I8d5b48511e1b7f9cb7d1f65e8605ebe4cf1b17fc
Issue-ID: DCAEGEN2-1027
Signed-off-by: Filip Krzywka <filip.krzywka@nokia.com>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/.gitignore | 7 | ||||
-rw-r--r-- | ssl/Makefile-openssl | 41 | ||||
-rw-r--r-- | ssl/README.md | 54 | ||||
-rwxr-xr-x | ssl/gen-certs.sh | 58 |
4 files changed, 0 insertions, 160 deletions
diff --git a/ssl/.gitignore b/ssl/.gitignore deleted file mode 100644 index 23888eb0..00000000 --- a/ssl/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -*.crt -*.key -*.srl -*.csr -*.pkcs12 -*.p12 - diff --git a/ssl/Makefile-openssl b/ssl/Makefile-openssl deleted file mode 100644 index 09802ce4..00000000 --- a/ssl/Makefile-openssl +++ /dev/null @@ -1,41 +0,0 @@ -FILE=sample -PASSWD=onaponap -CA_PASSWD=onaponap -SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO -CA=trust - -sign: $(FILE).crt - -clean: - rm -f *.crt *.key *.srl *.csr *.pkcs12 - -generate-ca-certificate: $(CA).crt - -generate-private-key: $(FILE).key - -create-public-key: $(FILE).pub - -create-sign-request: $(FILE).csr - -create-key-store: $(FILE).ks.pkcs12 - -create-trust-store: $(CA).crt - openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) - -$(CA).crt: - openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" - -$(FILE).key: - openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 - -$(FILE).pub: $(FILE).key - openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt - -$(FILE).csr: $(FILE).key - openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" - -$(FILE).crt: $(CA).crt $(FILE).csr - openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) - -$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt - openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) diff --git a/ssl/README.md b/ssl/README.md deleted file mode 100644 index c2819d24..00000000 --- a/ssl/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# Generating SSL certificates - -## Java keytool way (recommended) - -To generate: - -```shell -./gen-certs.sh -``` - -To clean (remove generated files): - -```shell -./gen-certs.sh clean -``` - -## OpenSSL way (currently might not work) - -> Add `-f Makefile-openssl` to each command - -Typical usage: - -```shell -make FILE=client -make FILE=server -``` - -or (to generate PKCS12 key and trust stores): - -```shell -make create-key-store FILE=client -make create-key-store FILE=server -make create-trust-store -``` - -Will generate CA certificate and signed client and server certificates. - -More "low-level" usage: - -```shell -make generate-ca-certificate -make generate-private-key FILE=client -make sign FILE=client -``` - -# Connecting to a server - -First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. - -After that you can: - -```shell -./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat -``` diff --git a/ssl/gen-certs.sh b/ssl/gen-certs.sh deleted file mode 100755 index b4f78227..00000000 --- a/ssl/gen-certs.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env bash - -set -eu -o pipefail -o xtrace - -STORE_PASS=onaponap -CN_PREFIX=dcaegen2-hvves -DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" -TRUST=trust - -store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" - -function gen_key() { - local key_name="$1" - local ca="$2" - local keystore="-keystore ${key_name}.p12 ${store_opts}" - keytool -genkey -alias ${key_name} \ - ${keystore} \ - -keyalg RSA \ - -validity 730 \ - -keysize 2048 \ - -dname "${DNAME_PREFIX}-${key_name}" - keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} - - keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ - keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ - keytool -alias ${key_name} -importcert ${keystore} -} - - -function gen_ca() { - local ca="$1" - keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 - keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 -} - -function gen_truststore() { - local trusted_ca="$1" - keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 -} - -function clean() { - rm -f *.crt *.p12 -} - -if [[ $# -eq 0 ]]; then - gen_ca ca - gen_ca untrustedca - gen_truststore ca - gen_key client ca - gen_key server ca - gen_key untrustedclient untrustedca -elif [[ $1 == "clean" ]]; then - clean -else - echo "usage: $0 [clean]" - exit 1 -fi - |