From 55680712aff4ef0f8e3ccb3ea9fe3ca3aeaa1cd1 Mon Sep 17 00:00:00 2001 From: Dmytro Sydorchenko Date: Tue, 9 Mar 2021 09:46:20 -0500 Subject: [PATCH] certificate generation scripts for tests added --- tests/CMakeLists.txt | 1 + tests/generate-certificates.sh | 89 ++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100755 tests/generate-certificates.sh diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 0d1cce56fe7..0258d4ee8ef 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -60,6 +60,7 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/test_filter.wasm ${CMAKE_CURRENT_BINA configure_file(${CMAKE_CURRENT_SOURCE_DIR}/trace_plugin_test.py ${CMAKE_CURRENT_BINARY_DIR}/trace_plugin_test.py COPYONLY) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/nodeos_contrl_c_test.py ${CMAKE_CURRENT_BINARY_DIR}/nodeos_contrl_c_test.py COPYONLY) configure_file(${CMAKE_CURRENT_SOURCE_DIR}/blockvault_tests.py ${CMAKE_CURRENT_BINARY_DIR}/blockvault_tests.py COPYONLY) +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/generate-certificates.sh ${CMAKE_CURRENT_BINARY_DIR}/generate-certificates.sh COPYONLY) #To run plugin_test with all log from blockchain displayed, put --verbose after --, i.e. plugin_test -- --verbose add_test(NAME plugin_test COMMAND plugin_test --report_level=detailed --color_output) diff --git a/tests/generate-certificates.sh b/tests/generate-certificates.sh new file mode 100755 index 00000000000..ac593e2dcdc --- /dev/null +++ b/tests/generate-certificates.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +function parse-args() { +while [[ $# > 0 ]] +do + case "$1" in + --days|-d) + DAYS=${2} + shift + ;; + --CA-org|-o) + CA_ORG=${2} + ;; + --CA-CN|-n) + CA_CN=${2} + shift + ;; + --org-mask|-m) + ORG_MASK=${2} + shift + ;; + --cn-mask|-cm) + CN_MASK=${2} + shift + ;; + --group-size|-s) + GROUP_SIZE=${2} + shift + ;; + esac + shift +done +} + +if [[ $1 == "--help" ]] +then + echo "Usage:" + echo "--days: Number of days for certificate to expire" + echo "--CA-org: Certificate Authority organization name" + echo "--CA-CN: Certificate Authority common name" + echo "--org-mask: Paritipant certificates name mask in format of name{number}" + echo "--cn-mask: Paritipant certificates common name mask in format of name{number}" + echo "--group-size: Number of participants signed by generated CA" +fi + +#default arguments: +DAYS=1 +CA_ORG="Block.one" +CA_CN="test-domain" +ORG_MASK="node{NUMBER}" +CN_MASK="test-domain{NUMBER}" +GROUP_SIZE=4 + +#overrides default is set +parse-args "${@}" + +echo "*************************************************" +echo " generating dh param " +echo "*************************************************" +#using low values like 128 here and below as this is for unit tests and our goal to save running time. For real applications 2048 recommended +openssl dhparam -out dh.pem 128 + +echo "*************************************************" +echo " generating CA_cert.pem " +echo "*************************************************" + +openssl req -newkey rsa:512 -nodes -keyout CA_key.pem -x509 -days ${DAYS} -out CA_cert.pem -subj "/C=US/ST=VA/L=Blocksburg/O=${CA_ORG}/CN=${CA_CN}" + +echo "*************************************************" +openssl x509 -in CA_cert.pem -text -noout + +echo "*************************************************" +echo " generating nodes certificates " +echo "*************************************************" + +#client certificate requests + private keys +for n in $(seq 1 $GROUP_SIZE) +do + ORG_NAME=$(sed "s/{NUMBER}/$n/" <<< "$ORG_MASK") + CN_NAME=$(sed "s/{NUMBER}/$n/" <<< "$CN_MASK") + echo "*************************************************" + echo "generating certificate for $ORG_NAME / $CN_NAME " + echo "*************************************************" + openssl req -newkey rsa:512 -nodes -keyout "${ORG_NAME}_key.pem" -out "${ORG_NAME}.csr" -subj "/C=US/ST=VA/L=Blockburg/O=${ORG_NAME}/CN=${CN_NAME}" + openssl x509 -req -in "${ORG_NAME}.csr" -CA CA_cert.pem -CAkey CA_key.pem -CAcreateserial -out "${ORG_NAME}.crt" -days ${DAYS} -sha256 + echo "*************************************************" + openssl x509 -in "${ORG_NAME}.crt" -text -noout + echo "" +done \ No newline at end of file