vendor/k8s.io/kubernetes/pkg/cloudprovider/providers/vsphere/vclib/fixtures/createCerts.sh - cloudstack-kubernetes-provider - Git at Google

 #!/usr/bin/env bash

 # Copyright 2018 The Kubernetes Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 set -eu

 readonly VALID_DAYS='73000'
 readonly RSA_KEY_SIZE='4096'

 createKey() {
   openssl genrsa \
     -out "$1" \
     "$RSA_KEY_SIZE"
 }

 createCaCert() {
   openssl req \
     -x509 \
     -subj "$( getSubj 'someCA' )" \
     -new \
     -nodes \
     -key "$2" \
     -sha256 \
     -days "$VALID_DAYS" \
     -out "$1"
 }

 createCSR() {
   openssl req \
     -new \
     -sha256 \
     -key "$2" \
     -subj "$( getSubj 'localhost' )" \
     -reqexts SAN \
     -config <( getSANConfig ) \
     -out "$1"
 }

 signCSR() {
   openssl x509 \
     -req \
     -in "$2" \
     -CA "$3" \
     -CAkey "$4" \
     -CAcreateserial \
     -days "$VALID_DAYS" \
     -sha256 \
     -extfile <( getSAN ) \
     -out "$1"
 }

 getSubj() {
   local cn="${1:-someRandomCN}"
   echo "/C=US/ST=CA/O=Acme, Inc./CN=${cn}"
 }

 getSAN() {
   printf "subjectAltName=DNS:localhost,IP:127.0.0.1"
 }

 getSANConfig() {
   cat /etc/ssl/openssl.cnf
   printf '\n[SAN]\n'
   getSAN
 }

 main() {
   local caCertPath="./ca.pem"
   local caKeyPath="./ca.key"
   local serverCsrPath="./server.csr"
   local serverCertPath="./server.pem"
   local serverKeyPath="./server.key"

   createKey "$caKeyPath"
   createCaCert "$caCertPath" "$caKeyPath"
   createKey "$serverKeyPath"
   createCSR "$serverCsrPath" "$serverKeyPath"
   signCSR "$serverCertPath" "$serverCsrPath" "$caCertPath" "$caKeyPath"
 }

 main "$@"
	#!/usr/bin/env bash

	# Copyright 2018 The Kubernetes Authors.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	set -eu

	readonly VALID_DAYS='73000'
	readonly RSA_KEY_SIZE='4096'

	createKey() {
	openssl genrsa \
	-out "$1" \
	"$RSA_KEY_SIZE"
	}

	createCaCert() {
	openssl req \
	-x509 \
	-subj "$( getSubj 'someCA' )" \
	-new \
	-nodes \
	-key "$2" \
	-sha256 \
	-days "$VALID_DAYS" \
	-out "$1"
	}

	createCSR() {
	openssl req \
	-new \
	-sha256 \
	-key "$2" \
	-subj "$( getSubj 'localhost' )" \
	-reqexts SAN \
	-config <( getSANConfig ) \
	-out "$1"
	}

	signCSR() {
	openssl x509 \
	-req \
	-in "$2" \
	-CA "$3" \
	-CAkey "$4" \
	-CAcreateserial \
	-days "$VALID_DAYS" \
	-sha256 \
	-extfile <( getSAN ) \
	-out "$1"
	}

	getSubj() {
	local cn="${1:-someRandomCN}"
	echo "/C=US/ST=CA/O=Acme, Inc./CN=${cn}"
	}

	getSAN() {
	printf "subjectAltName=DNS:localhost,IP:127.0.0.1"
	}

	getSANConfig() {
	cat /etc/ssl/openssl.cnf
	printf '\n[SAN]\n'
	getSAN
	}

	main() {
	local caCertPath="./ca.pem"
	local caKeyPath="./ca.key"
	local serverCsrPath="./server.csr"
	local serverCertPath="./server.pem"
	local serverKeyPath="./server.key"

	createKey "$caKeyPath"
	createCaCert "$caCertPath" "$caKeyPath"
	createKey "$serverKeyPath"
	createCSR "$serverCsrPath" "$serverKeyPath"
	signCSR "$serverCertPath" "$serverCsrPath" "$caCertPath" "$caKeyPath"
	}

	main "$@"