src/test/resources/certs/generate-server-keystore.sh - cassandra-sidecar - Git at Google

 #!/bin/bash
 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 # A utility script to re-generate the server keystores used for testing

 CERT_VALIDITY_DAYS=${CERT_VALIDITY_DAYS:-1825}
 FILE_NAME=${FILE_NAME:-server_keystore}

 # Generate server key
 openssl req -new -multivalue-rdn -keyout "${SCRIPT_DIR}"/"${FILE_NAME}".key -nodes -newkey rsa:2048 \
   -subj "/CN=cs.local/O=Apache Cassandra/L=San Jose/ST=California/C=US" \
   -out "${SCRIPT_DIR}"/"${FILE_NAME}".csr

 # Sign the server key with the root CA key
 openssl x509 -req -CAkey "${SCRIPT_DIR}"/rootCA.key -CA "${SCRIPT_DIR}"/rootCA.pem \
   -days "${CERT_VALIDITY_DAYS}" -set_serial $RANDOM -sha512 -out "${SCRIPT_DIR}"/"${FILE_NAME}".pem -in "${SCRIPT_DIR}"/"${FILE_NAME}".csr \
   -extfile <(printf "subjectAltName=DNS:localhost,DNS:127.0.0.1,DNS:::1,DNS:cs.local")

 # Chain server certs
 cat "${SCRIPT_DIR}"/"${FILE_NAME}".pem "${SCRIPT_DIR}"/rootCA.pem >"${SCRIPT_DIR}"/"${FILE_NAME}"_chain.pem

 # Generate the server keystore
 openssl pkcs12 -export -out "${SCRIPT_DIR}"/"${FILE_NAME}".p12 -in "${SCRIPT_DIR}"/"${FILE_NAME}"_chain.pem \
   -inkey "${SCRIPT_DIR}"/"${FILE_NAME}".key -name "${FILE_NAME}" \
   -passin pass:"password" -passout pass:"password"

 # Generate JKS server keystore
 keytool -importkeystore -srckeystore "${SCRIPT_DIR}"/"${FILE_NAME}".p12 -srcstoretype pkcs12 \
   -srcalias "${FILE_NAME}" -destkeystore "${SCRIPT_DIR}"/"${FILE_NAME}".jks -deststoretype jks \
   -deststorepass "password" -destalias "${FILE_NAME}" -srcstorepass "password"
	#!/bin/bash
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	# A utility script to re-generate the server keystores used for testing

	CERT_VALIDITY_DAYS=${CERT_VALIDITY_DAYS:-1825}
	FILE_NAME=${FILE_NAME:-server_keystore}

	# Generate server key
	openssl req -new -multivalue-rdn -keyout "${SCRIPT_DIR}"/"${FILE_NAME}".key -nodes -newkey rsa:2048 \
	-subj "/CN=cs.local/O=Apache Cassandra/L=San Jose/ST=California/C=US" \
	-out "${SCRIPT_DIR}"/"${FILE_NAME}".csr

	# Sign the server key with the root CA key
	openssl x509 -req -CAkey "${SCRIPT_DIR}"/rootCA.key -CA "${SCRIPT_DIR}"/rootCA.pem \
	-days "${CERT_VALIDITY_DAYS}" -set_serial $RANDOM -sha512 -out "${SCRIPT_DIR}"/"${FILE_NAME}".pem -in "${SCRIPT_DIR}"/"${FILE_NAME}".csr \
	-extfile <(printf "subjectAltName=DNS:localhost,DNS:127.0.0.1,DNS:::1,DNS:cs.local")

	# Chain server certs
	cat "${SCRIPT_DIR}"/"${FILE_NAME}".pem "${SCRIPT_DIR}"/rootCA.pem >"${SCRIPT_DIR}"/"${FILE_NAME}"_chain.pem

	# Generate the server keystore
	openssl pkcs12 -export -out "${SCRIPT_DIR}"/"${FILE_NAME}".p12 -in "${SCRIPT_DIR}"/"${FILE_NAME}"_chain.pem \
	-inkey "${SCRIPT_DIR}"/"${FILE_NAME}".key -name "${FILE_NAME}" \
	-passin pass:"password" -passout pass:"password"

	# Generate JKS server keystore
	keytool -importkeystore -srckeystore "${SCRIPT_DIR}"/"${FILE_NAME}".p12 -srcstoretype pkcs12 \
	-srcalias "${FILE_NAME}" -destkeystore "${SCRIPT_DIR}"/"${FILE_NAME}".jks -deststoretype jks \
	-deststorepass "password" -destalias "${FILE_NAME}" -srcstorepass "password"