tests/make-pki.sh

   1 #!/usr/bin/env bash
   2 # nbdkit
   3 # Copyright (C) 2017 Red Hat Inc.
   4 #
   5 # Redistribution and use in source and binary forms, with or without
   6 # modification, are permitted provided that the following conditions are
   7 # met:
   8 #
   9 # * Redistributions of source code must retain the above copyright
  10 # notice, this list of conditions and the following disclaimer.
  11 #
  12 # * Redistributions in binary form must reproduce the above copyright
  13 # notice, this list of conditions and the following disclaimer in the
  14 # documentation and/or other materials provided with the distribution.
  15 #
  16 # * Neither the name of Red Hat nor the names of its contributors may be
  17 # used to endorse or promote products derived from this software without
  18 # specific prior written permission.
  19 #
  20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
  21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
  22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
  24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
  27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31 # SUCH DAMAGE.
  32
  33 set -e
  34
  35 # This creates the PKI files for the TLS tests.  However if certtool
  36 # doesn't exist, just create an empty directory instead.
  37
  38 if [ -z "$SRCDIR" ] || [ ! -f "$SRCDIR/test-tls.sh" ]; then
  39     echo "$0: script is being run from the wrong directory."
  40     echo "Don't try to run this script by hand."
  41     exit 1
  42 fi
  43
  44 rm -rf pki pki-t
  45
  46 mkdir pki-t
  47
  48 if ! certtool --help >/dev/null 2>&1; then
  49     echo "$0: certtool not found, TLS tests will be skipped."
  50     touch pki-t/.stamp
  51     mv pki-t pki
  52     exit 0
  53 fi
  54
  55 # Create the CA.
  56 certtool --generate-privkey > pki-t/ca-key.pem
  57 chmod 0600 pki-t/ca-key.pem
  58
  59 cat > pki-t/ca.info <<EOF
  60 cn = Test
  61 ca
  62 cert_signing_key
  63 EOF
  64 certtool --generate-self-signed \
  65          --load-privkey pki-t/ca-key.pem \
  66          --template pki-t/ca.info \
  67          --outfile pki-t/ca-cert.pem
  68
  69 # Create the server certificate and key.
  70 certtool --generate-privkey > pki-t/server-key.pem
  71 chmod 0600 pki-t/server-key.pem
  72
  73 cat > pki-t/server.info <<EOF
  74 organization = Test
  75 cn = localhost
  76 tls_www_server
  77 encryption_key
  78 signing_key
  79 EOF
  80 certtool --generate-certificate \
  81          --load-ca-certificate pki-t/ca-cert.pem \
  82          --load-ca-privkey pki-t/ca-key.pem \
  83          --load-privkey pki-t/server-key.pem \
  84          --template pki-t/server.info \
  85          --outfile pki-t/server-cert.pem
  86
  87 # Create a client certificate and key.
  88 certtool --generate-privkey > pki-t/client-key.pem
  89 chmod 0600 pki-t/client-key.pem
  90
  91 cat > pki-t/client.info <<EOF
  92 country = US
  93 state = New York
  94 locality = New York
  95 organization = Test
  96 cn = localhost
  97 tls_www_client
  98 encryption_key
  99 signing_key
 100 EOF
 101 certtool --generate-certificate \
 102          --load-ca-certificate pki-t/ca-cert.pem \
 103          --load-ca-privkey pki-t/ca-key.pem \
 104          --load-privkey pki-t/client-key.pem \
 105          --template pki-t/client.info \
 106          --outfile pki-t/client-cert.pem
 107
 108 # Finish off.
 109 touch pki-t/.stamp
 110 mv pki-t pki