diff options
Diffstat (limited to 'development/ssl')
| -rw-r--r-- | development/ssl/.gitignore | 7 | ||||
| -rw-r--r-- | development/ssl/Makefile-openssl | 41 | ||||
| -rw-r--r-- | development/ssl/README.md | 54 | ||||
| -rwxr-xr-x | development/ssl/gen-certs.sh | 78 |
4 files changed, 0 insertions, 180 deletions
diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore deleted file mode 100644 index 955c17d1..00000000 --- a/development/ssl/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -*.crt -*.key -*.srl -*.csr -*.pkcs12 -*.p12 -*.pass diff --git a/development/ssl/Makefile-openssl b/development/ssl/Makefile-openssl deleted file mode 100644 index 09802ce4..00000000 --- a/development/ssl/Makefile-openssl +++ /dev/null @@ -1,41 +0,0 @@ -FILE=sample -PASSWD=onaponap -CA_PASSWD=onaponap -SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO -CA=trust - -sign: $(FILE).crt - -clean: - rm -f *.crt *.key *.srl *.csr *.pkcs12 - -generate-ca-certificate: $(CA).crt - -generate-private-key: $(FILE).key - -create-public-key: $(FILE).pub - -create-sign-request: $(FILE).csr - -create-key-store: $(FILE).ks.pkcs12 - -create-trust-store: $(CA).crt - openssl pkcs12 -export -in $(CA).crt -CAfile $(CA).crt -out $(CA).pkcs12 -nokeys -noiter -nomaciter -passout pass:$(PASSWD) - -$(CA).crt: - openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" - -$(FILE).key: - openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 - -$(FILE).pub: $(FILE).key - openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt - -$(FILE).csr: $(FILE).key - openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" - -$(FILE).crt: $(CA).crt $(FILE).csr - openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) - -$(FILE).ks.pkcs12: $(FILE).key $(FILE).crt $(CA).crt - openssl pkcs12 -export -in $(FILE).crt -inkey $(FILE).key -CAfile $(CA).crt -out $(FILE).ks.pkcs12 -noiter -nomaciter -passout pass:$(PASSWD) diff --git a/development/ssl/README.md b/development/ssl/README.md deleted file mode 100644 index c2819d24..00000000 --- a/development/ssl/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# Generating SSL certificates - -## Java keytool way (recommended) - -To generate: - -```shell -./gen-certs.sh -``` - -To clean (remove generated files): - -```shell -./gen-certs.sh clean -``` - -## OpenSSL way (currently might not work) - -> Add `-f Makefile-openssl` to each command - -Typical usage: - -```shell -make FILE=client -make FILE=server -``` - -or (to generate PKCS12 key and trust stores): - -```shell -make create-key-store FILE=client -make create-key-store FILE=server -make create-trust-store -``` - -Will generate CA certificate and signed client and server certificates. - -More "low-level" usage: - -```shell -make generate-ca-certificate -make generate-private-key FILE=client -make sign FILE=client -``` - -# Connecting to a server - -First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. - -After that you can: - -```shell -./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat -``` diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh deleted file mode 100755 index bf28ca02..00000000 --- a/development/ssl/gen-certs.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env bash -# ============LICENSE_START======================================================= -# csit-dcaegen2-collectors-hv-ves -# ================================================================================ -# Copyright (C) 2018-2019 NOKIA -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -set -eu -o pipefail -o xtrace - -STORE_PASS=onaponap -CN_PREFIX=dcaegen2-hvves -DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" -TRUST=trust - -store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" - -function gen_key() { - local key_name="$1" - local ca="$2" - local keystore="-keystore ${key_name}.p12 ${store_opts}" - keytool -genkey -alias ${key_name} \ - ${keystore} \ - -keyalg RSA \ - -validity 730 \ - -keysize 2048 \ - -dname "${DNAME_PREFIX}-${key_name}" - keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} - - keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ - keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ - keytool -alias ${key_name} -importcert ${keystore} - - printf ${STORE_PASS} > ${key_name}.pass -} - - -function gen_ca() { - local ca="$1" - keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 - keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 -} - -function gen_truststore() { - local trusted_ca="$1" - keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 - printf ${STORE_PASS} > ${TRUST}.pass -} - -function clean() { - rm -f *.crt *.p12 *.pass -} - -if [[ $# -eq 0 ]]; then - gen_ca ca - gen_ca untrustedca - gen_truststore ca - gen_key client ca - gen_key server ca - gen_key untrustedclient untrustedca -elif [[ $1 == "clean" ]]; then - clean -else - echo "usage: $0 [clean]" - exit 1 -fi - |