tests/make-pki.sh.in

   1 #!/usr/bin/env bash
   2 # nbdkit
   3 # @configure_input@
   4 # Copyright (C) 2017-2022 Red Hat Inc.
   5 #
   6 # Redistribution and use in source and binary forms, with or without
   7 # modification, are permitted provided that the following conditions are
   8 # met:
   9 #
  10 # * Redistributions of source code must retain the above copyright
  11 # notice, this list of conditions and the following disclaimer.
  12 #
  13 # * Redistributions in binary form must reproduce the above copyright
  14 # notice, this list of conditions and the following disclaimer in the
  15 # documentation and/or other materials provided with the distribution.
  16 #
  17 # * Neither the name of Red Hat nor the names of its contributors may be
  18 # used to endorse or promote products derived from this software without
  19 # specific prior written permission.
  20 #
  21 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
  22 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  23 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  24 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
  25 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  26 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  27 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  28 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  29 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  30 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  31 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32 # SUCH DAMAGE.
  33
  34 set -e
  35
  36 # This creates the PKI files for the TLS tests.  However if certtool
  37 # doesn't exist, just create an empty directory instead.
  38
  39 rm -rf pki pki-t
  40
  41 mkdir pki-t
  42
  43 if ! @CERTTOOL@ --help >/dev/null 2>&1; then
  44     echo "$0: certtool not found, TLS tests will be skipped."
  45     touch pki-t/.stamp
  46     mv pki-t pki
  47     exit 0
  48 fi
  49
  50 # Create the CA.
  51 @CERTTOOL@ --generate-privkey > pki-t/ca-key.pem
  52 chmod 0600 pki-t/ca-key.pem
  53
  54 cat > pki-t/ca.info <<EOF
  55 cn = Test
  56 ca
  57 cert_signing_key
  58 EOF
  59 @CERTTOOL@ --generate-self-signed \
  60            --load-privkey pki-t/ca-key.pem \
  61            --template pki-t/ca.info \
  62            --outfile pki-t/ca-cert.pem
  63
  64 # Create the server certificate and key.
  65 @CERTTOOL@ --generate-privkey > pki-t/server-key.pem
  66 chmod 0600 pki-t/server-key.pem
  67
  68 cat > pki-t/server.info <<EOF
  69 organization = Test
  70 cn = localhost
  71 dns_name = localhost
  72 ip_address = 127.0.0.1
  73 ip_address = ::1
  74 tls_www_server
  75 encryption_key
  76 signing_key
  77 EOF
  78 @CERTTOOL@ --generate-certificate \
  79            --load-ca-certificate pki-t/ca-cert.pem \
  80            --load-ca-privkey pki-t/ca-key.pem \
  81            --load-privkey pki-t/server-key.pem \
  82            --template pki-t/server.info \
  83            --outfile pki-t/server-cert.pem
  84
  85 # Create a client certificate and key.
  86 @CERTTOOL@ --generate-privkey > pki-t/client-key.pem
  87 chmod 0600 pki-t/client-key.pem
  88
  89 cat > pki-t/client.info <<EOF
  90 country = US
  91 state = New York
  92 locality = New York
  93 organization = Test
  94 cn = localhost
  95 tls_www_client
  96 encryption_key
  97 signing_key
  98 EOF
  99 @CERTTOOL@ --generate-certificate \
 100            --load-ca-certificate pki-t/ca-cert.pem \
 101            --load-ca-privkey pki-t/ca-key.pem \
 102            --load-privkey pki-t/client-key.pem \
 103            --template pki-t/client.info \
 104            --outfile pki-t/client-cert.pem
 105
 106 # Finish off.
 107 touch pki-t/.stamp
 108 mv pki-t pki