tile38/vendor/github.com/streadway/amqp/certs.sh

#!/bin/sh
#
# Creates the CA, server and client certs to be used by tls_test.go
# http://www.rabbitmq.com/ssl.html
#
# Copy stdout into the const section of tls_test.go or use for RabbitMQ
#
root=$PWD/certs

if [ -f $root/ca/serial ]; then
  echo >&2 "Previous installation found"
  echo >&2 "Remove $root/ca and rerun to overwrite"
  exit 1
fi

mkdir -p $root/ca/private
mkdir -p $root/ca/certs
mkdir -p $root/server
mkdir -p $root/client

cd $root/ca

chmod 700 private
touch index.txt
echo 'unique_subject = no' > index.txt.attr
echo '01' > serial
echo >openssl.cnf '
[ ca ]
default_ca = testca

[ testca ]
dir = .
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/cakey.pem
serial = $dir/serial

default_crl_days = 7
default_days = 3650
default_md = sha1

policy = testca_policy
x509_extensions = certificate_extensions

[ testca_policy ]
commonName = supplied
stateOrProvinceName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional

[ certificate_extensions ]
basicConstraints = CA:false

[ req ]
default_bits = 2048
default_keyfile = ./private/cakey.pem
default_md = sha1
prompt = yes
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions

[ root_ca_distinguished_name ]
commonName = hostname

[ root_ca_extensions ]
basicConstraints = CA:true
keyUsage = keyCertSign, cRLSign

[ client_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ server_ca_extensions ]
basicConstraints = CA:false
keyUsage = keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
subjectAltName = @alt_names

[ alt_names ]
IP.1 = 127.0.0.1
'

openssl req \
  -x509 \
  -nodes \
  -config openssl.cnf \
  -newkey rsa:2048 \
  -days 3650 \
  -subj "/CN=MyTestCA/" \
  -out cacert.pem \
  -outform PEM

openssl x509 \
  -in cacert.pem \
  -out cacert.cer \
  -outform DER

openssl genrsa -out $root/server/key.pem 2048
openssl genrsa -out $root/client/key.pem 2048

openssl req \
  -new \
  -nodes \
  -config openssl.cnf \
  -subj "/CN=127.0.0.1/O=server/" \
  -key $root/server/key.pem \
  -out $root/server/req.pem \
  -outform PEM

openssl req \
  -new \
  -nodes \
  -config openssl.cnf \
  -subj "/CN=127.0.0.1/O=client/" \
  -key $root/client/key.pem \
  -out $root/client/req.pem \
  -outform PEM

openssl ca \
  -config openssl.cnf \
  -in $root/server/req.pem \
  -out $root/server/cert.pem \
  -notext \
  -batch \
  -extensions server_ca_extensions

openssl ca \
  -config openssl.cnf \
  -in $root/client/req.pem \
  -out $root/client/cert.pem \
  -notext \
  -batch \
  -extensions client_ca_extensions

cat <<-END
const caCert = \`
`cat $root/ca/cacert.pem`
\`

const serverCert = \`
`cat $root/server/cert.pem`
\`

const serverKey = \`
`cat $root/server/key.pem`
\`

const clientCert = \`
`cat $root/client/cert.pem`
\`

const clientKey = \`
`cat $root/client/key.pem`
\`
END
Refactor repository and build scripts This commit includes updates that affects the build, testing, and deployment of Tile38. - The root level build.sh has been broken up into multiple scripts and placed in the "scripts" directory. - The vendor directory has been updated to follow the Go modules rules, thus `make` should work on isolated environments. Also some vendored packages may have been updated to a later version, if needed. - The Makefile has been updated to allow for making single binaries such as `make tile38-server`. There is some scaffolding during the build process, so from now on all binaries should be made using make. For example, to run a development version of the tile38-cli binary, do this: make tile38-cli && ./tile38-cli not this: go run cmd/tile38-cli/main.go - Travis.CI docker push script has been updated to address a change to Docker's JSON repo meta output, which in turn fixes a bug where new Tile38 versions were not being properly pushed to Docker 2019-11-18 20:33:15 +03:00			`#!/bin/sh`
			`#`
			`# Creates the CA, server and client certs to be used by tls_test.go`
			`# http://www.rabbitmq.com/ssl.html`
			`#`
			`# Copy stdout into the const section of tls_test.go or use for RabbitMQ`
			`#`
			`root=$PWD/certs`

			`if [ -f $root/ca/serial ]; then`
			`echo >&2 "Previous installation found"`
			`echo >&2 "Remove $root/ca and rerun to overwrite"`
			`exit 1`
			`fi`

			`mkdir -p $root/ca/private`
			`mkdir -p $root/ca/certs`
			`mkdir -p $root/server`
			`mkdir -p $root/client`

			`cd $root/ca`

			`chmod 700 private`
			`touch index.txt`
			`echo 'unique_subject = no' > index.txt.attr`
			`echo '01' > serial`
			`echo >openssl.cnf '`
			`[ ca ]`
			`default_ca = testca`

			`[ testca ]`
			`dir = .`
			`certificate = $dir/cacert.pem`
			`database = $dir/index.txt`
			`new_certs_dir = $dir/certs`
			`private_key = $dir/private/cakey.pem`
			`serial = $dir/serial`

			`default_crl_days = 7`
			`default_days = 3650`
			`default_md = sha1`

			`policy = testca_policy`
			`x509_extensions = certificate_extensions`

			`[ testca_policy ]`
			`commonName = supplied`
			`stateOrProvinceName = optional`
			`countryName = optional`
			`emailAddress = optional`
			`organizationName = optional`
			`organizationalUnitName = optional`

			`[ certificate_extensions ]`
			`basicConstraints = CA:false`

			`[ req ]`
			`default_bits = 2048`
			`default_keyfile = ./private/cakey.pem`
			`default_md = sha1`
			`prompt = yes`
			`distinguished_name = root_ca_distinguished_name`
			`x509_extensions = root_ca_extensions`

			`[ root_ca_distinguished_name ]`
			`commonName = hostname`

			`[ root_ca_extensions ]`
			`basicConstraints = CA:true`
			`keyUsage = keyCertSign, cRLSign`

			`[ client_ca_extensions ]`
			`basicConstraints = CA:false`
			`keyUsage = digitalSignature`
			`extendedKeyUsage = 1.3.6.1.5.5.7.3.2`

			`[ server_ca_extensions ]`
			`basicConstraints = CA:false`
			`keyUsage = keyEncipherment`
			`extendedKeyUsage = 1.3.6.1.5.5.7.3.1`
			`subjectAltName = @alt_names`

			`[ alt_names ]`
			`IP.1 = 127.0.0.1`
			`'`

			`openssl req \`
			`-x509 \`
			`-nodes \`
			`-config openssl.cnf \`
			`-newkey rsa:2048 \`
			`-days 3650 \`
			`-subj "/CN=MyTestCA/" \`
			`-out cacert.pem \`
			`-outform PEM`

			`openssl x509 \`
			`-in cacert.pem \`
			`-out cacert.cer \`
			`-outform DER`

			`openssl genrsa -out $root/server/key.pem 2048`
			`openssl genrsa -out $root/client/key.pem 2048`

			`openssl req \`
			`-new \`
			`-nodes \`
			`-config openssl.cnf \`
			`-subj "/CN=127.0.0.1/O=server/" \`
			`-key $root/server/key.pem \`
			`-out $root/server/req.pem \`
			`-outform PEM`

			`openssl req \`
			`-new \`
			`-nodes \`
			`-config openssl.cnf \`
			`-subj "/CN=127.0.0.1/O=client/" \`
			`-key $root/client/key.pem \`
			`-out $root/client/req.pem \`
			`-outform PEM`

			`openssl ca \`
			`-config openssl.cnf \`
			`-in $root/server/req.pem \`
			`-out $root/server/cert.pem \`
			`-notext \`
			`-batch \`
			`-extensions server_ca_extensions`

			`openssl ca \`
			`-config openssl.cnf \`
			`-in $root/client/req.pem \`
			`-out $root/client/cert.pem \`
			`-notext \`
			`-batch \`
			`-extensions client_ca_extensions`

			`cat <<-END`
			const caCert = \`
			`cat $root/ca/cacert.pem`
			\`

			const serverCert = \`
			`cat $root/server/cert.pem`
			\`

			const serverKey = \`
			`cat $root/server/key.pem`
			\`

			const clientCert = \`
			`cat $root/client/cert.pem`
			\`

			const clientKey = \`
			`cat $root/client/key.pem`
			\`
			`END`