tests/integration/security/sds_ingress/util/generate_certs.sh - dubbo-go-pixiu - Git at Google

 #!/bin/sh

 # Copyright Istio Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 WD=$(dirname "$0")
 WD=$(cd "$WD" || exit; pwd)

 cat > "${WD}/client.conf" <<EOF
 [req]
 req_extensions = v3_req
 distinguished_name = req_distinguished_name
 [req_distinguished_name]
 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth, serverAuth
 subjectAltName = @alt_names
 [alt_names]
 DNS = *.example.com
 EOF

 cat > "${WD}/server.conf" <<EOF
 [req]
 req_extensions = v3_req
 distinguished_name = req_distinguished_name
 [req_distinguished_name]
 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth, serverAuth
 subjectAltName = @alt_names
 [alt_names]
 DNS = *.example.com
 EOF

 openssl req -new -newkey rsa:4096 -x509 -sha256 \
         -days 3650 -nodes -out rootA.crt -keyout rootA.key \
         -subj "/C=US/ST=Denial/L=Ether/O=Dis/CN=*.example.com" \
         -addext "subjectAltName = DNS:*.example.com"

 openssl genrsa -out "clientA.key" 2048
 openssl req -new -key "clientA.key" -out clientA.csr -subj "/CN=*.example.com" -config "${WD}/client.conf"
 openssl x509 -req -days 3650 -CA rootA.crt -CAkey rootA.key -set_serial 0 -in clientA.csr -out clientA.crt -extensions v3_req -extfile "${WD}/client.conf"

 openssl genrsa -out "serverA.key" 2048
 openssl req -new -key "serverA.key" -out serverA.csr -subj "/CN=*.example.com" -config "${WD}/server.conf"
 openssl x509 -req -days 3650 -CA rootA.crt -CAkey rootA.key -set_serial 0 -in serverA.csr -out serverA.crt -extensions v3_req -extfile "${WD}/server.conf"


 openssl req -new -newkey rsa:4096 -x509 -sha256 \
         -days 3650 -nodes -out rootB.crt -keyout rootB.key \
         -subj "/C=US/ST=Denial/L=Ether/O=Dis/CN=*.example.com" \
         -addext "subjectAltName = DNS:*.example.com"

 openssl genrsa -out "clientB.key" 2048
 openssl req -new -key "clientB.key" -out clientB.csr -subj "/CN=*.example.com" -config "${WD}/client.conf"
 openssl x509 -req -days 3650 -CA rootB.crt -CAkey rootB.key -set_serial 0 -in clientB.csr -out clientB.crt -extensions v3_req -extfile "${WD}/client.conf"

 openssl genrsa -out "serverB.key" 2048
 openssl req -new -key "serverB.key" -out serverB.csr -subj "/CN=*.example.com" -config "${WD}/server.conf"
 openssl x509 -req -days 3650 -CA rootB.crt -CAkey rootB.key -set_serial 0 -in serverB.csr -out serverB.crt -extensions v3_req -extfile "${WD}/server.conf"
	#!/bin/sh

	# Copyright Istio Authors
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	WD=$(dirname "$0")
	WD=$(cd "$WD" \|\| exit; pwd)

	cat > "${WD}/client.conf" <<EOF
	[req]
	req_extensions = v3_req
	distinguished_name = req_distinguished_name
	[req_distinguished_name]
	[ v3_req ]
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	extendedKeyUsage = clientAuth, serverAuth
	subjectAltName = @alt_names
	[alt_names]
	DNS = *.example.com
	EOF

	cat > "${WD}/server.conf" <<EOF
	[req]
	req_extensions = v3_req
	distinguished_name = req_distinguished_name
	[req_distinguished_name]
	[ v3_req ]
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	extendedKeyUsage = clientAuth, serverAuth
	subjectAltName = @alt_names
	[alt_names]
	DNS = *.example.com
	EOF

	openssl req -new -newkey rsa:4096 -x509 -sha256 \
	-days 3650 -nodes -out rootA.crt -keyout rootA.key \
	-subj "/C=US/ST=Denial/L=Ether/O=Dis/CN=*.example.com" \
	-addext "subjectAltName = DNS:*.example.com"

	openssl genrsa -out "clientA.key" 2048
	openssl req -new -key "clientA.key" -out clientA.csr -subj "/CN=*.example.com" -config "${WD}/client.conf"
	openssl x509 -req -days 3650 -CA rootA.crt -CAkey rootA.key -set_serial 0 -in clientA.csr -out clientA.crt -extensions v3_req -extfile "${WD}/client.conf"

	openssl genrsa -out "serverA.key" 2048
	openssl req -new -key "serverA.key" -out serverA.csr -subj "/CN=*.example.com" -config "${WD}/server.conf"
	openssl x509 -req -days 3650 -CA rootA.crt -CAkey rootA.key -set_serial 0 -in serverA.csr -out serverA.crt -extensions v3_req -extfile "${WD}/server.conf"


	openssl req -new -newkey rsa:4096 -x509 -sha256 \
	-days 3650 -nodes -out rootB.crt -keyout rootB.key \
	-subj "/C=US/ST=Denial/L=Ether/O=Dis/CN=*.example.com" \
	-addext "subjectAltName = DNS:*.example.com"

	openssl genrsa -out "clientB.key" 2048
	openssl req -new -key "clientB.key" -out clientB.csr -subj "/CN=*.example.com" -config "${WD}/client.conf"
	openssl x509 -req -days 3650 -CA rootB.crt -CAkey rootB.key -set_serial 0 -in clientB.csr -out clientB.crt -extensions v3_req -extfile "${WD}/client.conf"

	openssl genrsa -out "serverB.key" 2048
	openssl req -new -key "serverB.key" -out serverB.csr -subj "/CN=*.example.com" -config "${WD}/server.conf"
	openssl x509 -req -days 3650 -CA rootB.crt -CAkey rootB.key -set_serial 0 -in serverB.csr -out serverB.crt -extensions v3_req -extfile "${WD}/server.conf"