1 files changed, 93 insertions, 0 deletions
diff --git a/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh b/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh
new file mode 100755
index 000000000..36e92bd30
--- /dev/null
+++ b/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+set -e
+CA_PASSWORD="${CA_PASSWORD:-use_strong_password_ca}"
+KEYSTORE_PASSWORD="${KEYSTORE_PASSWORD:-use_strong_password_keystore}"
+TRUSTSTORE_PASSWORD="${TRUSTSTORE_PASSWORD:-use_strong_password_truststore}"
+OUTPUT_FOLDER=${OUTPUT_FOLDER:-$( dirname "$0" )}
+CNS=${@:-client}
+
+cd ${OUTPUT_FOLDER}
+CA_ROOT_KEY=caroot.key
+CA_ROOT_CRT=caroot.crt
+
+echo "# Generate CA"
+openssl req -new -x509 -keyout $CA_ROOT_KEY \
+    -out $CA_ROOT_CRT -days 3650 -subj \
+    '/CN=caroot/OU=/O=/L=/ST=/C=' -passin "pass:${CA_PASSWORD}" \
+    -passout "pass:${CA_PASSWORD}"
+
+for CN in $CNS; do
+    KEYSTORE=$CN.keystore.p12
+    TRUSTSTORE=$CN.truststore.p12
+    SIGNED_CRT=$CN-ca-signed.crt
+    CERTIFICATE=$CN.certificate.pem
+    KEY=$CN.key
+    # Get specific password for this CN
+    CN_KEYSTORE_PASSWORD="$(eval echo \$${CN}_KEYSTORE_PASSWORD)"
+    if [ -z "$CN_KEYSTORE_PASSWORD" ]; then
+        CN_KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}_$CN
+    fi
+
+    echo ${CN_KEYSTORE_PASSWORD}
+
+    echo "# $CN: Generate Keystore"
+    keytool -genkey -noprompt \
+        -alias $CN \
+        -dname "CN=$CN,OU=,O=,L=,S=,C=" \
+                        -ext "SAN=dns:$CN,dns:localhost" \
+        -keystore $KEYSTORE \
+        -keyalg RSA \
+        -storepass "${CN_KEYSTORE_PASSWORD}" \
+        -storetype pkcs12
+
+    echo "# $CN: Generate Truststore"
+    keytool -noprompt -keystore \
+        $TRUSTSTORE -alias caroot -import \
+        -file $CA_ROOT_CRT -storepass "${TRUSTSTORE_PASSWORD}"
+
+    echo "# $CN: Generate CSR"
+    keytool -keystore  $KEYSTORE -alias $CN \
+        -certreq -file  $CN.csr -storepass "${CN_KEYSTORE_PASSWORD}" \
+        -keypass "${CN_KEYSTORE_PASSWORD}" \
+        -ext "SAN=dns:$CN,dns:localhost"
+
+    echo "# $CN: Generate extfile"
+    cat << EOF > extfile
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+CN = $CN
+[v3_req]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = $CN
+DNS.2 = localhost
+EOF
+
+    echo "# $CN: Sign the certificate with the CA"
+    openssl x509 -req -CA $CA_ROOT_CRT -CAkey $CA_ROOT_KEY \
+        -in $CN.csr \
+        -out $CN-ca-signed.crt -days 9999 \
+        -CAcreateserial -passin "pass:${CA_PASSWORD}" \
+        -extensions v3_req -extfile extfile
+
+    echo "# $CN: Import root certificate"
+    keytool -noprompt -keystore $KEYSTORE \
+        -alias caroot -import -file $CA_ROOT_CRT -storepass "${CN_KEYSTORE_PASSWORD}"
+
+    echo "# $CN: Import signed certificate"
+    keytool -noprompt -keystore $KEYSTORE -alias $CN \
+        -import -file $SIGNED_CRT -storepass "${CN_KEYSTORE_PASSWORD}" \
+        -ext "SAN=dns:$CN,dns:localhost"
+
+    echo "# $CN: Export PEM certificate"
+    openssl pkcs12 -in "$KEYSTORE" -out "$CERTIFICATE" \
+        -nodes -passin "pass:${CN_KEYSTORE_PASSWORD}"
+
+    echo "# $CN: Export PEM key"
+    openssl pkcs12 -in "$KEYSTORE" -out "$KEY" \
+        -nocerts -passin "pass:${CN_KEYSTORE_PASSWORD}" \
+        -passout "pass:${CN_KEYSTORE_PASSWORD}"
+done