59 lines
1.6 KiB
Bash
Executable File
59 lines
1.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# This script is used to generate all cert related files for etcd testing.
|
|
|
|
# location for temporary depot
|
|
depot=".depot"
|
|
# The passphrases for the keys are `asdf`.
|
|
passphrase="--passphrase asdf"
|
|
|
|
# etcd-ca could be found at github.com/coreos/etcd-ca
|
|
if [ $# -eq 0 ]; then
|
|
# try to find it through $GOPATH
|
|
IFS=':' read -a paths <<< "${GOPATH}"
|
|
for path in ${paths[@]}; do
|
|
if [ -f "${path}/bin/etcd-ca" ]; then
|
|
ca="${path}/bin/etcd-ca --depot-path $depot"
|
|
break
|
|
fi
|
|
done
|
|
if [ "$ca" == "" ]; then echo "Failed finding etcd-ca binary"; exit 1; fi
|
|
else
|
|
# treat the first argument as the path to etcd-ca binary
|
|
ca="$1 --depot-path $depot"
|
|
fi
|
|
|
|
rm -rf $depot 2>/dev/null
|
|
# create ca, which is assumed to be the broken one
|
|
$ca init $passphrase
|
|
# export out and rename files
|
|
$ca export | tar xvf -
|
|
mv ca.crt broken_ca.crt
|
|
mv ca.key broken_ca.key
|
|
|
|
# create certificate
|
|
$ca new-cert $passphrase --ip 127.0.0.1 server
|
|
$ca sign $passphrase server
|
|
# export out and rename files
|
|
$ca export --insecure $passphrase server | tar xvf -
|
|
mv server.crt broken_server.crt
|
|
mv server.key.insecure broken_server.key.insecure
|
|
|
|
rm -rf $depot 2>/dev/null
|
|
# create ca
|
|
$ca init $passphrase
|
|
$ca export | tar xvf -
|
|
|
|
# create certificate for server
|
|
$ca new-cert $passphrase --ip 127.0.0.1 server
|
|
$ca sign $passphrase server
|
|
$ca export --insecure $passphrase server | tar xvf -
|
|
$ca chain server > server-chain.pem
|
|
|
|
# create certificate for server2
|
|
$ca new-cert $passphrase --ip 127.0.0.1 server2
|
|
$ca sign $passphrase server2
|
|
$ca export --insecure $passphrase server2 | tar xvf -
|
|
|
|
rm -rf $depot 2>/dev/null
|