This repository has been archived by the owner on Aug 2, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #10118 from EOSIO/privacy-tests-cert-setup
certificate generation scripts for tests added
- Loading branch information
Showing
2 changed files
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
#!/bin/bash | ||
|
||
function parse-args() { | ||
while [[ $# > 0 ]] | ||
do | ||
case "$1" in | ||
--days|-d) | ||
DAYS=${2} | ||
shift | ||
;; | ||
--CA-org|-o) | ||
CA_ORG=${2} | ||
;; | ||
--CA-CN|-n) | ||
CA_CN=${2} | ||
shift | ||
;; | ||
--org-mask|-m) | ||
ORG_MASK=${2} | ||
shift | ||
;; | ||
--cn-mask|-cm) | ||
CN_MASK=${2} | ||
shift | ||
;; | ||
--group-size|-s) | ||
GROUP_SIZE=${2} | ||
shift | ||
;; | ||
esac | ||
shift | ||
done | ||
} | ||
|
||
if [[ $1 == "--help" ]] | ||
then | ||
echo "Usage:" | ||
echo "--days: Number of days for certificate to expire" | ||
echo "--CA-org: Certificate Authority organization name" | ||
echo "--CA-CN: Certificate Authority common name" | ||
echo "--org-mask: Paritipant certificates name mask in format of name{number}" | ||
echo "--cn-mask: Paritipant certificates common name mask in format of name{number}" | ||
echo "--group-size: Number of participants signed by generated CA" | ||
fi | ||
|
||
#default arguments: | ||
DAYS=1 | ||
CA_ORG="Block.one" | ||
CA_CN="test-domain" | ||
ORG_MASK="node{NUMBER}" | ||
CN_MASK="test-domain{NUMBER}" | ||
GROUP_SIZE=4 | ||
|
||
#overrides default is set | ||
parse-args "${@}" | ||
|
||
echo "*************************************************" | ||
echo " generating dh param " | ||
echo "*************************************************" | ||
#using low values like 128 here and below as this is for unit tests and our goal to save running time. For real applications 2048 recommended | ||
openssl dhparam -out dh.pem 128 | ||
|
||
echo "*************************************************" | ||
echo " generating CA_cert.pem " | ||
echo "*************************************************" | ||
|
||
openssl req -newkey rsa:512 -nodes -keyout CA_key.pem -x509 -days ${DAYS} -out CA_cert.pem -subj "/C=US/ST=VA/L=Blocksburg/O=${CA_ORG}/CN=${CA_CN}" | ||
|
||
echo "*************************************************" | ||
openssl x509 -in CA_cert.pem -text -noout | ||
|
||
echo "*************************************************" | ||
echo " generating nodes certificates " | ||
echo "*************************************************" | ||
|
||
#client certificate requests + private keys | ||
for n in $(seq 1 $GROUP_SIZE) | ||
do | ||
ORG_NAME=$(sed "s/{NUMBER}/$n/" <<< "$ORG_MASK") | ||
CN_NAME=$(sed "s/{NUMBER}/$n/" <<< "$CN_MASK") | ||
echo "*************************************************" | ||
echo "generating certificate for $ORG_NAME / $CN_NAME " | ||
echo "*************************************************" | ||
openssl req -newkey rsa:512 -nodes -keyout "${ORG_NAME}_key.pem" -out "${ORG_NAME}.csr" -subj "/C=US/ST=VA/L=Blockburg/O=${ORG_NAME}/CN=${CN_NAME}" | ||
openssl x509 -req -in "${ORG_NAME}.csr" -CA CA_cert.pem -CAkey CA_key.pem -CAcreateserial -out "${ORG_NAME}.crt" -days ${DAYS} -sha256 | ||
echo "*************************************************" | ||
openssl x509 -in "${ORG_NAME}.crt" -text -noout | ||
echo "" | ||
done |