tests/config/ssl/generate_certificates.sh - ignite-python-thin-client - Git at Google

 #!/bin/bash
 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 OSSL=$(command -v openssl11)

 if [ -z "$OSSL" ]
 then
     OSSL=$(command -v openssl)
 fi

 echo "Using following openssl: $OSSL"

 function generate_ca {
     CA_KEY="$1.key"
     CA_CRT="$1.crt"
     OU="$2"

     # Generating CA private key and self-signed certificate
     $OSSL req \
         -newkey rsa:2048 -nodes -sha256 -keyout $CA_KEY \
         -subj "/C=US/ST=Massachusetts/L=Wakefield/CN=ignite.apache.org/O=The Apache Software Foundation/OU=$OU/emailAddress=dev@ignite.apache.org" \
         -x509 -days 3650 -out $CA_CRT
 }

 function generate_client_key_and_crt {
     CA_KEY="$1.key"
     CA_CRT="$1.crt"
     CA_SRL="$1.srl"
     CLIENT_KEY="$2.key"
     CLIENT_CSR="$2.scr"
     CLIENT_CRT="$2.crt"
     OU="$3"

     # Generating client private key and certificate signature request to be used for certificate signing
     $OSSL req \
         -newkey rsa:2048 -nodes -sha256 -keyout $CLIENT_KEY \
         -subj "/C=US/ST=Massachusetts/L=Wakefield/CN=ignite.apache.org/O=The Apache Software Foundation/OU=$OU/emailAddress=dev@ignite.apache.org" \
         -out $CLIENT_CSR

     # Signing client cerificate
     $OSSL x509 -req \
         -in $CLIENT_CSR -CA $CA_CRT -CAkey $CA_KEY -CAcreateserial \
         -days 3650 -sha256 -out $CLIENT_CRT

     # Cleaning up.
     rm -f $CLIENT_CSR

     # Protecting key with the password if required
     if [ "$4" == "1" ]; then
       openssl rsa -aes256 -in $CLIENT_KEY -passout pass:654321 -out $CLIENT_KEY
     fi
 }

 function generate_jks {
     CA_CRT="$1.crt"
     CA_JKS="$1.jks"
     SERVER_KEY="$2.key"
     SERVER_CRT="$2.crt"
     SERVER_PEM="$2.pem"
     SERVER_P12="$2.pkcs12"
     SERVER_JKS="$2.jks"

     rm -f $CA_JKS $SERVER_JKS

     cat $SERVER_KEY $SERVER_CRT > $SERVER_PEM

     $OSSL pkcs12 -export -passout pass:123456 -out $SERVER_P12 -in $SERVER_PEM

     keytool -import -v -trustcacerts \
         -file $CA_CRT -alias certificateauthority -noprompt \
         -keystore $CA_JKS -deststorepass 123456

     keytool -v -importkeystore \
         -srckeystore $SERVER_P12 -srcstoretype PKCS12 -srcstorepass 123456 \
         -destkeystore $SERVER_JKS -deststoretype JKS -deststorepass 123456

     rm -f $SERVER_P12 $SERVER_PEM
 }

 CA='ca'
 CLIENT='client'
 CLIENT_WITH_PASS='client_with_pass'
 SERVER='server'
 CA_UNKNOWN='ca_unknown'
 CLIENT_UNKNOWN='client_unknown'

 generate_ca $CA 'Apache Ignite CA'
 generate_client_key_and_crt $CA $CLIENT 'Apache Ignite Client Test'
 generate_client_key_and_crt $CA $CLIENT_WITH_PASS 'Apache Ignite Client Test' 1
 generate_client_key_and_crt $CA $SERVER 'Apache Ignite Server Test'

 # We won't sign up any other certs so we do not need CA key or srl
 rm -f "$CA.key" "$CA.srl"

 generate_jks $CA $SERVER

 generate_ca $CA_UNKNOWN 'Unknown CA'
 generate_client_key_and_crt $CA_UNKNOWN $CLIENT_UNKNOWN 'Unknown Client'

 # We do not need this CA anymore
 rm -f $CA_UNKNOWN*

 # Re-naming everything as needed
 cat $CLIENT.key $CLIENT.crt > "$CLIENT"_full.pem
 cat $CLIENT_WITH_PASS.key $CLIENT_WITH_PASS.crt > "$CLIENT_WITH_PASS"_full.pem
 cat $CLIENT_UNKNOWN.key $CLIENT_UNKNOWN.crt > $CLIENT_UNKNOWN.pem
 mv $CA.jks trust.jks
 mv $CA.crt ca.pem

 rm -f $CLIENT.crt $CLIENT.key $CLIENT_WITH_PASS.key $CLIENT_WITH_PASS.crt $CLIENT_UNKNOWN.key $CLIENT_UNKNOWN.crt $SERVER_KEY $SERVER_CRT
	#!/bin/bash
	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	OSSL=$(command -v openssl11)

	if [ -z "$OSSL" ]
	then
	OSSL=$(command -v openssl)
	fi

	echo "Using following openssl: $OSSL"

	function generate_ca {
	CA_KEY="$1.key"
	CA_CRT="$1.crt"
	OU="$2"

	# Generating CA private key and self-signed certificate
	$OSSL req \
	-newkey rsa:2048 -nodes -sha256 -keyout $CA_KEY \
	-subj "/C=US/ST=Massachusetts/L=Wakefield/CN=ignite.apache.org/O=The Apache Software Foundation/OU=$OU/emailAddress=dev@ignite.apache.org" \
	-x509 -days 3650 -out $CA_CRT
	}

	function generate_client_key_and_crt {
	CA_KEY="$1.key"
	CA_CRT="$1.crt"
	CA_SRL="$1.srl"
	CLIENT_KEY="$2.key"
	CLIENT_CSR="$2.scr"
	CLIENT_CRT="$2.crt"
	OU="$3"

	# Generating client private key and certificate signature request to be used for certificate signing
	$OSSL req \
	-newkey rsa:2048 -nodes -sha256 -keyout $CLIENT_KEY \
	-subj "/C=US/ST=Massachusetts/L=Wakefield/CN=ignite.apache.org/O=The Apache Software Foundation/OU=$OU/emailAddress=dev@ignite.apache.org" \
	-out $CLIENT_CSR

	# Signing client cerificate
	$OSSL x509 -req \
	-in $CLIENT_CSR -CA $CA_CRT -CAkey $CA_KEY -CAcreateserial \
	-days 3650 -sha256 -out $CLIENT_CRT

	# Cleaning up.
	rm -f $CLIENT_CSR

	# Protecting key with the password if required
	if [ "$4" == "1" ]; then
	openssl rsa -aes256 -in $CLIENT_KEY -passout pass:654321 -out $CLIENT_KEY
	fi
	}

	function generate_jks {
	CA_CRT="$1.crt"
	CA_JKS="$1.jks"
	SERVER_KEY="$2.key"
	SERVER_CRT="$2.crt"
	SERVER_PEM="$2.pem"
	SERVER_P12="$2.pkcs12"
	SERVER_JKS="$2.jks"

	rm -f $CA_JKS $SERVER_JKS

	cat $SERVER_KEY $SERVER_CRT > $SERVER_PEM

	$OSSL pkcs12 -export -passout pass:123456 -out $SERVER_P12 -in $SERVER_PEM

	keytool -import -v -trustcacerts \
	-file $CA_CRT -alias certificateauthority -noprompt \
	-keystore $CA_JKS -deststorepass 123456

	keytool -v -importkeystore \
	-srckeystore $SERVER_P12 -srcstoretype PKCS12 -srcstorepass 123456 \
	-destkeystore $SERVER_JKS -deststoretype JKS -deststorepass 123456

	rm -f $SERVER_P12 $SERVER_PEM
	}

	CA='ca'
	CLIENT='client'
	CLIENT_WITH_PASS='client_with_pass'
	SERVER='server'
	CA_UNKNOWN='ca_unknown'
	CLIENT_UNKNOWN='client_unknown'

	generate_ca $CA 'Apache Ignite CA'
	generate_client_key_and_crt $CA $CLIENT 'Apache Ignite Client Test'
	generate_client_key_and_crt $CA $CLIENT_WITH_PASS 'Apache Ignite Client Test' 1
	generate_client_key_and_crt $CA $SERVER 'Apache Ignite Server Test'

	# We won't sign up any other certs so we do not need CA key or srl
	rm -f "$CA.key" "$CA.srl"

	generate_jks $CA $SERVER

	generate_ca $CA_UNKNOWN 'Unknown CA'
	generate_client_key_and_crt $CA_UNKNOWN $CLIENT_UNKNOWN 'Unknown Client'

	# We do not need this CA anymore
	rm -f $CA_UNKNOWN*

	# Re-naming everything as needed
	cat $CLIENT.key $CLIENT.crt > "$CLIENT"_full.pem
	cat $CLIENT_WITH_PASS.key $CLIENT_WITH_PASS.crt > "$CLIENT_WITH_PASS"_full.pem
	cat $CLIENT_UNKNOWN.key $CLIENT_UNKNOWN.crt > $CLIENT_UNKNOWN.pem
	mv $CA.jks trust.jks
	mv $CA.crt ca.pem

	rm -f $CLIENT.crt $CLIENT.key $CLIENT_WITH_PASS.key $CLIENT_WITH_PASS.crt $CLIENT_UNKNOWN.key $CLIENT_UNKNOWN.crt $SERVER_KEY $SERVER_CRT