blob: eae81789bbcc9b4ff44a0a2427c6a81a8a645776 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
#!/bin/bash
#
# Helpers for TLS related config
#
# Copyright (C) 2018 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
tls_dir="${TEST_DIR}/tls"
tls_x509_cleanup()
{
rm -f "${tls_dir}"/*.pem
rm -f "${tls_dir}"/*/*.pem
rmdir "${tls_dir}"/*
rmdir "${tls_dir}"
}
tls_x509_init()
{
(certtool --help) >/dev/null 2>&1 || \
_notrun "certtool utility not found, skipping test"
mkdir -p "${tls_dir}"
# use a fixed key so we don't waste system entropy on
# each test run
cat > "${tls_dir}/key.pem" <<EOF
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr
BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE
Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9
rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc
kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL
IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H
myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn
2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO
m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J
bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK
mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA
Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa
L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd
a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W
nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp
dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci
-----END PRIVATE KEY-----
EOF
}
tls_x509_create_root_ca()
{
name=${1:-ca-cert}
cat > "${tls_dir}/ca.info" <<EOF
cn = Cthulhu Dark Lord Enterprises $name
ca
cert_signing_key
EOF
certtool --generate-self-signed \
--load-privkey "${tls_dir}/key.pem" \
--template "${tls_dir}/ca.info" \
--outfile "${tls_dir}/$name-cert.pem" 2>&1 | head -1
rm -f "${tls_dir}/ca.info"
}
tls_x509_create_server()
{
caname=$1
name=$2
mkdir -p "${tls_dir}/$name"
cat > "${tls_dir}/cert.info" <<EOF
organization = Cthulhu Dark Lord Enterprises $name
cn = localhost
dns_name = localhost
dns_name = localhost.localdomain
ip_address = 127.0.0.1
ip_address = ::1
tls_www_server
encryption_key
signing_key
EOF
certtool --generate-certificate \
--load-ca-privkey "${tls_dir}/key.pem" \
--load-ca-certificate "${tls_dir}/$caname-cert.pem" \
--load-privkey "${tls_dir}/key.pem" \
--template "${tls_dir}/cert.info" \
--outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | head -1
ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem"
rm -f "${tls_dir}/cert.info"
}
tls_x509_create_client()
{
caname=$1
name=$2
mkdir -p "${tls_dir}/$name"
cat > "${tls_dir}/cert.info" <<EOF
country = South Pacific
locality = R'lyeh
organization = Cthulhu Dark Lord Enterprises $name
cn = localhost
tls_www_client
encryption_key
signing_key
EOF
certtool --generate-certificate \
--load-ca-privkey "${tls_dir}/key.pem" \
--load-ca-certificate "${tls_dir}/$caname-cert.pem" \
--load-privkey "${tls_dir}/key.pem" \
--template "${tls_dir}/cert.info" \
--outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | head -1
ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem"
rm -f "${tls_dir}/cert.info"
}
|