summaryrefslogtreecommitdiffstats
path: root/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl')
-rw-r--r--src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/.gitignore11
-rw-r--r--src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/Makefile8
-rw-r--r--src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/README.md13
-rw-r--r--src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client.keystore.p12bin0 -> 4345 bytes
-rw-r--r--src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.certificate.pem109
-rw-r--r--src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.key34
-rwxr-xr-xsrc/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh93
7 files changed, 268 insertions, 0 deletions
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/.gitignore b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/.gitignore
new file mode 100644
index 000000000..e58fd014d
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/.gitignore
@@ -0,0 +1,11 @@
+*.key
+*.crt
+*.jks
+*.csr
+*.pem
+*.p12
+*.srl
+extfile
+!client.keystore.p12
+!client2.certificate.pem
+!client2.key
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/Makefile b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/Makefile
new file mode 100644
index 000000000..d12bbda9f
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/Makefile
@@ -0,0 +1,8 @@
+ssl_keys: clear_keys
+ @./create_keys.sh client client2
+
+clear_keys:
+ @rm -f *.key *.crt *.jks \
+ *.csr *.pem *.p12 *.srl extfile
+
+.PHONY: ssl_keys
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/README.md b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/README.md
new file mode 100644
index 000000000..43204036c
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/README.md
@@ -0,0 +1,13 @@
+# SSL keys generation for tests
+
+The Makefile in this directory generates a PKCS#12 keystore
+and corresponding PEM certificate and key for testing
+SSL keys and keystore usage in librdkafka.
+
+To update those files with a newer OpenSSL version, just run `make`.
+
+# Requirements
+
+* OpenSSL >= 1.1.1
+* Java keytool >= Java 11
+* GNU Make >= 4.2 \ No newline at end of file
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client.keystore.p12 b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client.keystore.p12
new file mode 100644
index 000000000..e8c8347ee
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client.keystore.p12
Binary files differ
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.certificate.pem b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.certificate.pem
new file mode 100644
index 000000000..34a1da408
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.certificate.pem
@@ -0,0 +1,109 @@
+Bag Attributes
+ friendlyName: client2
+ localKeyID: 54 69 6D 65 20 31 36 36 35 31 35 35 35 36 34 38 38 32
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDMrI+QK7Q6L9TU
+cVjEbl4sMu3KhXgs71JNgQl8joFPVjb3PZF6YHegZo0FAOU1F6lysD3NNnI21HIz
+LbCe6BJRogNFKtcFvWS6uQok1HperDO/DVQkH9ARAcvlxE/I6dPbb1YCi7EMHrjM
+Dle+NXWV3nKCe7BcMkETkki5Bj5fNA5oa/pmS0gSS/HXnB8rxyFv4mB/R+oGC1wO
+WOvgn6ip5bKdjMEEnyqYsDCH8w3xYkKlZ6Ag5w1yxnr6D41J64Go2R62MuLrScVr
++4CM+XJl3Y08+emlCz5m5wuh6A31bp7MFY+f3Gs9AI5qiN3tyjZ//EzoIrfb68tQ
+td+UvT4fAgMBAAECggEALoLkWQHlgfeOqPxdDL57/hVQvl4YUjXMgTpamoiT0CCq
+ewLtxV6YsMW9NC7g53DKG/r7AGBoEhezH/g5E9NvHkfv8E7s8Cv68QfNy1LRwCPn
+2nm/7jmggczjtgInk2O3tj0V0ZxHDpcIra5wuBPT9cvIP+i1yi3NZhIvHoTRtbZp
+lWelovML6SGcbmYDZHWwL8C/quX2/Vp72dJa7ySatlJCe8lcdolazUAhe6W3FGf2
+DojupWddAbwcogQsjQ0WNgtIov5JDF1vHjLkw0uCvh24P+DYBA0JjHybLTR70Ypp
+POwCV5O96JntWfcXYivi4LQrSDFCIDyDwwrbkIkdoQKBgQDuNesfC7C0LJikB+I1
+UgrDJiu4lFVoXwbaWRRuZD58j0mDGeTY9gZzBJ7pJgv3qJbfk1iwpUU25R2Np946
+h63EqpSSoP/TnMBePUBjnu+C5iXxk2KPjNb9Xu8m4Q8tgYvYf5IJ7iLllY2uiT6B
+e+0EGAEPvP1HLbPP22IUMsG6jwKBgQDb9X6fHMeHtP6Du+qhqiMmLK6R2lB7cQ1j
+2FSDySekabucaFhDpK3n2klw2MfF2oZHMrxAfYFySV1kGMil4dvFox8mGBJHc/d5
+lNXGNOfQbVV8P1NRjaPwjyAAgAPZfZgFr+6s+pawMRGnGw5Y6p03sLnD5FWU9Wfa
+vM6RLE5LcQJ/FHiNvB1FEjbC51XGGs7yHdMp7rLQpCeGbz04hEQZGps1tg6DnCGI
+bFn5Tg/291GFpbED7ipFyHHoGERU1LLUPBJssi0jzwupfG/HGMiPzK/6ksgXsD5q
+O1vtMWol48M+QVy1MCVG2nP/uQASXw5HUBLABJo5KeTDjxlLVHEINQKBgAe54c64
+9hFAPEhoS1+OWFm47BDXeEg9ulitepp+cFQIGrzttVv65tjkA/xgwPOkL19E2vPw
+9KENDqi7biDVhCC3EBsIcWvtGN4+ahviM9pQXNZWaxjMPtvuSxN5a6kyDir0+Q8+
+ZhieQJ58Bs78vrT8EipdVNw8mn9GboMO6VkhAoGBAJ+NUvcO3nIVJOCEG3qnweHA
+zqa4JyxFonljwsUFKCIHoiKYlp0KW4wTJJIkTKvLYcRY6kMzP/H1Ja9GqdVnf8ou
+tJOe793M+HkYUMTxscYGoCXXtsWKN2ZOv8aVBA7RvpJS8gE6ApScUrjeM76h20CS
+xxqrrSc37NSjuiaTyOTG
+-----END PRIVATE KEY-----
+Bag Attributes
+ friendlyName: client2
+ localKeyID: 54 69 6D 65 20 31 36 36 35 31 35 35 35 36 34 38 38 32
+subject=C = , ST = , L = , O = , OU = , CN = client2
+
+issuer=CN = caroot
+
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfOgAwIBAgIUIRg5w7eGA6xivHxzAmzh2PLUJq8wDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGY2Fyb290MCAXDTIyMTAwNzE1MTI0NFoYDzIwNTAwMjIx
+MTUxMjQ0WjBJMQkwBwYDVQQGEwAxCTAHBgNVBAgTADEJMAcGA1UEBxMAMQkwBwYD
+VQQKEwAxCTAHBgNVBAsTADEQMA4GA1UEAxMHY2xpZW50MjCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMysj5ArtDov1NRxWMRuXiwy7cqFeCzvUk2BCXyO
+gU9WNvc9kXpgd6BmjQUA5TUXqXKwPc02cjbUcjMtsJ7oElGiA0Uq1wW9ZLq5CiTU
+el6sM78NVCQf0BEBy+XET8jp09tvVgKLsQweuMwOV741dZXecoJ7sFwyQROSSLkG
+Pl80Dmhr+mZLSBJL8decHyvHIW/iYH9H6gYLXA5Y6+CfqKnlsp2MwQSfKpiwMIfz
+DfFiQqVnoCDnDXLGevoPjUnrgajZHrYy4utJxWv7gIz5cmXdjTz56aULPmbnC6Ho
+DfVunswVj5/caz0AjmqI3e3KNn/8TOgit9vry1C135S9Ph8CAwEAAaMhMB8wHQYD
+VR0RBBYwFIIHY2xpZW50MoIJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQBd
+d5Sl51/aLcCnc5vo2h2fyNQIVbZGbgEyWRbYdHv5a4X7JxUalipvRhXTpYLQ+0R5
+Fzgl5Mwo6dUpJjtzwXZUOAt59WhqVV5+TMe8eDHBl+lKM/YUgZ+kOlGMExEaygrh
+cG+/rVZLAgcC+HnHNaIo2guyn6RqFtBMzkRmjhH96AcygbsN5OFHY0NOzGV9WTDJ
++A9dlJIy2bEU/yYpXerdXp9lM8fKaPc0JDYwwESMS7ND70dcpGmrRa9pSTSDPUaK
+KSzzOyK+8E5mzcqEbUCrlpz0sklNYDNMIn48Qjkz52Kv8XHvcYS1gv0XvQZtIH3M
+x6X3/J+ivx6L72BOm+ar
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: CN=caroot
+subject=CN = caroot
+
+issuer=CN = caroot
+
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIUPj85Dz0tuzZERfolrR54arwFPSIwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTIyMTAwNzE1MTI0MVoXDTMyMTAwNDE1
+MTI0MVowETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxfb08Gd64ilCYePn821WJsnCC2/nEYxOHlBzT9tkx6edzpdsvIvj
+FO6Weeyb2f1vv6eJsmBaZUdV2CfOHNIhBvw5IemzUaSiCr8688jHUS6uHCxBYCXk
+daFDXKO+JhaPN/ys6wOC8SHYRRynIhp6QVNSBzoO/1WT/J3i58R8TErDi5txr+JA
+xJd3mnAW4lDiqRLSVQFq3W4jvba3Dy2zK1l4NcShzlYgfsAd9cCi6b+T2mcz9Vl4
+B1qvsOfOMi8AmVTbS77oaxLczBpLyFIrzI5OPNmMw3A7uObgws9QTyYxUfYqc/0m
+bO7bHPX0Iz+WPqrzTHZ+3k5QE/bfGIRnsQIDAQABo1MwUTAdBgNVHQ4EFgQUCgQH
+18kzzHsk3KbdDB4g+94NL70wHwYDVR0jBBgwFoAUCgQH18kzzHsk3KbdDB4g+94N
+L70wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAhKlj3zPuYaMF
+UFROvAWeOXIdDIExbHd5qukYj5UStLhoVKe/1ZKMvdAICejMs51QSJ05d22KqeHn
+KaTrq3al61rvufkNhrQo2B+qwM5dEV8qGVZGI/oSaWkk5W33FrKHqSUvwdi/saOc
+MfQDUuyS7IznLMlR8g0ZcmIPO3cyHPXQhgk80SNJODqpkfgCgHAa1kDz9PmT7VMK
+0f/6U3XEkdRdsvWyWDXMSBFx1m/pu9n7fnL8+6QLczyhoX0NhPnOICC3oSYVVuN7
+MOtCLIhwxsv5BlDFnOeBFxq+VKqZDH+z6587Wl0KQyxsJmuJKZ1kYR3XO7j5jw1e
+QHIFE8+PTQ==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: caroot
+ 2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
+subject=CN = caroot
+
+issuer=CN = caroot
+
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIUPj85Dz0tuzZERfolrR54arwFPSIwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGY2Fyb290MB4XDTIyMTAwNzE1MTI0MVoXDTMyMTAwNDE1
+MTI0MVowETEPMA0GA1UEAwwGY2Fyb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxfb08Gd64ilCYePn821WJsnCC2/nEYxOHlBzT9tkx6edzpdsvIvj
+FO6Weeyb2f1vv6eJsmBaZUdV2CfOHNIhBvw5IemzUaSiCr8688jHUS6uHCxBYCXk
+daFDXKO+JhaPN/ys6wOC8SHYRRynIhp6QVNSBzoO/1WT/J3i58R8TErDi5txr+JA
+xJd3mnAW4lDiqRLSVQFq3W4jvba3Dy2zK1l4NcShzlYgfsAd9cCi6b+T2mcz9Vl4
+B1qvsOfOMi8AmVTbS77oaxLczBpLyFIrzI5OPNmMw3A7uObgws9QTyYxUfYqc/0m
+bO7bHPX0Iz+WPqrzTHZ+3k5QE/bfGIRnsQIDAQABo1MwUTAdBgNVHQ4EFgQUCgQH
+18kzzHsk3KbdDB4g+94NL70wHwYDVR0jBBgwFoAUCgQH18kzzHsk3KbdDB4g+94N
+L70wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAhKlj3zPuYaMF
+UFROvAWeOXIdDIExbHd5qukYj5UStLhoVKe/1ZKMvdAICejMs51QSJ05d22KqeHn
+KaTrq3al61rvufkNhrQo2B+qwM5dEV8qGVZGI/oSaWkk5W33FrKHqSUvwdi/saOc
+MfQDUuyS7IznLMlR8g0ZcmIPO3cyHPXQhgk80SNJODqpkfgCgHAa1kDz9PmT7VMK
+0f/6U3XEkdRdsvWyWDXMSBFx1m/pu9n7fnL8+6QLczyhoX0NhPnOICC3oSYVVuN7
+MOtCLIhwxsv5BlDFnOeBFxq+VKqZDH+z6587Wl0KQyxsJmuJKZ1kYR3XO7j5jw1e
+QHIFE8+PTQ==
+-----END CERTIFICATE-----
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.key b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.key
new file mode 100644
index 000000000..6b0b0f87d
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/client2.key
@@ -0,0 +1,34 @@
+Bag Attributes
+ friendlyName: client2
+ localKeyID: 54 69 6D 65 20 31 36 36 35 31 35 35 35 36 34 38 38 32
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFFDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQILalIN2MbG7QCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECD+gqk7gSkEFBIIEwETSFzC1yYTM
+/O6lA8BMkl5Wzt4e7Jw7WnfWSmOFTtpXZqOgxvN9dNPsMIpxvU7nF3Iwhqw0WXMF
+lpKqCy2FLM+XWqaQYV+2++s23lH0Eqfofc0IZoYk7FB92MAO1dUI7iDJeT0kwrmU
+mgAKAqa6e4REZgDEUXYVAOiAHqszs0JjXlsxlPSws2EZQyU8kEALggy+60Jozviq
+a9fUZ9JnbtCPkuSOipC8N+erNIEkruzbXRbookTQF+qAyTyXMciL0fTqdAJB/xfO
+h66TQvr1XZorqqVPYI+yXwRBF7oVfJyk0kVfhcpo6SoedNJ3onUlyktcF2RPj1xh
+612L4ytNp/TN8jvSs5EKHTuwS2+dnYp2jTS4rcbSRe53RylhFudAn9/aZad0/C72
+JXeiax3i0071sWbvKX3YsW/2QCaeMALhiqbzx+8PcgVV9BVfjO8qxJSNjaOwmVRy
+I/22pufTDkoNL/aQSiw1NAL22IPdD0uvLCHj27nBct4KancvgSdTxMK9lfwJZet1
+D0S9ChUa2tCY0pDH7F9XUfcS7VAij+VWtlGIyEw7rPOWx6fGT15fj/QnepuJ5xON
+qiAH7IhJesWWhG7xp7c3QsdeGNowkMtoLBlz5fEKDRaauPlbLI5IoXy+ZyOO1tIo
+kH5wHDE1bn5cWn7qRy5X5HtPga1OjF11R+XquJ88+6gqmxPlsrK45/FiGdP4iLN/
+dp10cnFgAVA2kEaTXCH1LctGlR+3XQgfrwWDfvk7uMtvybqFcEEBv8vBih1UsF6v
+RFfoUYq8Zle2x9kX/cfad52FxtDWnhZAgNtT53tWRUb/oAt7fXQxJMlRXKjSV05q
+S/uwevnj49eVFdyiroPofipB8LAK4I+gzZ8AYJob5GoRTlPonC1pj/n3vKRsDMOA
+Lwy3gXoyQ+/MBUPcDG/ewdusrJncnkAlFNt0w97CmOJU0czuJJw5rRozfvZF1Hs9
+2BVcwVPmZH9Nr3+6Yb+GTCRvsM7DBuLZIEN4WzjoLYAcrjZ2XYLsC6XmnDzIp1HF
+nZwrXUROp4MhKuy+SIdFqZLoU/+AIB28WI3euIDDuERSZLff11hphRG5S9wZ8EJH
+Jyl2WgP4r8wQtHs71iT06KDFuBcNqGYPwCjnvE86WFXE3wOJ91+l9u8MYvOSVOHq
+4iUIpRFD4hlCWOIc1V9QYKf2s8Vkeoop/pUutK5NpLtMFgJpFPNYxyfBL13fo9lM
+0iVuoG3W+iDjqZyUPoDxG4rI6Q9WvkswLxVwpMgzDUbUl2aKHcm4Z215dBMm40zh
+ft+QzZEnMVzln2eTCcH91IXcsyPPACmKwraAik5ULEn4m++KtdwDZ6R1zzgRJrn9
+FI6L7C0nfKKemBdzGMCzQuciuPLIjfzXHdKr5bb0C1WS88IB0lYIs+pzpvms2P0F
+AQ2nDgFKA9xlzX2f1O/YQNKA1ctc8RH5tpZUUVfheIqd0U4udp9Rqecd+/r23ENU
+7kjeuxXfUbH83P0hrsQQFkkOeRWWz8+UYvqIEwWaSObdZCvTdIjRpNmmamWsAmsJ
+D5Q2AMMMmNwIi5fUKYJgwTfsgY0XIekk6wmugKs3gCj1RKX930b9fniiol/Gv2VS
+fJRrqds7F0s=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh
new file mode 100755
index 000000000..36e92bd30
--- /dev/null
+++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fixtures/ssl/create_keys.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+set -e
+CA_PASSWORD="${CA_PASSWORD:-use_strong_password_ca}"
+KEYSTORE_PASSWORD="${KEYSTORE_PASSWORD:-use_strong_password_keystore}"
+TRUSTSTORE_PASSWORD="${TRUSTSTORE_PASSWORD:-use_strong_password_truststore}"
+OUTPUT_FOLDER=${OUTPUT_FOLDER:-$( dirname "$0" )}
+CNS=${@:-client}
+
+cd ${OUTPUT_FOLDER}
+CA_ROOT_KEY=caroot.key
+CA_ROOT_CRT=caroot.crt
+
+echo "# Generate CA"
+openssl req -new -x509 -keyout $CA_ROOT_KEY \
+ -out $CA_ROOT_CRT -days 3650 -subj \
+ '/CN=caroot/OU=/O=/L=/ST=/C=' -passin "pass:${CA_PASSWORD}" \
+ -passout "pass:${CA_PASSWORD}"
+
+for CN in $CNS; do
+ KEYSTORE=$CN.keystore.p12
+ TRUSTSTORE=$CN.truststore.p12
+ SIGNED_CRT=$CN-ca-signed.crt
+ CERTIFICATE=$CN.certificate.pem
+ KEY=$CN.key
+ # Get specific password for this CN
+ CN_KEYSTORE_PASSWORD="$(eval echo \$${CN}_KEYSTORE_PASSWORD)"
+ if [ -z "$CN_KEYSTORE_PASSWORD" ]; then
+ CN_KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}_$CN
+ fi
+
+ echo ${CN_KEYSTORE_PASSWORD}
+
+ echo "# $CN: Generate Keystore"
+ keytool -genkey -noprompt \
+ -alias $CN \
+ -dname "CN=$CN,OU=,O=,L=,S=,C=" \
+ -ext "SAN=dns:$CN,dns:localhost" \
+ -keystore $KEYSTORE \
+ -keyalg RSA \
+ -storepass "${CN_KEYSTORE_PASSWORD}" \
+ -storetype pkcs12
+
+ echo "# $CN: Generate Truststore"
+ keytool -noprompt -keystore \
+ $TRUSTSTORE -alias caroot -import \
+ -file $CA_ROOT_CRT -storepass "${TRUSTSTORE_PASSWORD}"
+
+ echo "# $CN: Generate CSR"
+ keytool -keystore $KEYSTORE -alias $CN \
+ -certreq -file $CN.csr -storepass "${CN_KEYSTORE_PASSWORD}" \
+ -keypass "${CN_KEYSTORE_PASSWORD}" \
+ -ext "SAN=dns:$CN,dns:localhost"
+
+ echo "# $CN: Generate extfile"
+ cat << EOF > extfile
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+CN = $CN
+[v3_req]
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = $CN
+DNS.2 = localhost
+EOF
+
+ echo "# $CN: Sign the certificate with the CA"
+ openssl x509 -req -CA $CA_ROOT_CRT -CAkey $CA_ROOT_KEY \
+ -in $CN.csr \
+ -out $CN-ca-signed.crt -days 9999 \
+ -CAcreateserial -passin "pass:${CA_PASSWORD}" \
+ -extensions v3_req -extfile extfile
+
+ echo "# $CN: Import root certificate"
+ keytool -noprompt -keystore $KEYSTORE \
+ -alias caroot -import -file $CA_ROOT_CRT -storepass "${CN_KEYSTORE_PASSWORD}"
+
+ echo "# $CN: Import signed certificate"
+ keytool -noprompt -keystore $KEYSTORE -alias $CN \
+ -import -file $SIGNED_CRT -storepass "${CN_KEYSTORE_PASSWORD}" \
+ -ext "SAN=dns:$CN,dns:localhost"
+
+ echo "# $CN: Export PEM certificate"
+ openssl pkcs12 -in "$KEYSTORE" -out "$CERTIFICATE" \
+ -nodes -passin "pass:${CN_KEYSTORE_PASSWORD}"
+
+ echo "# $CN: Export PEM key"
+ openssl pkcs12 -in "$KEYSTORE" -out "$KEY" \
+ -nocerts -passin "pass:${CN_KEYSTORE_PASSWORD}" \
+ -passout "pass:${CN_KEYSTORE_PASSWORD}"
+done
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-31 08:00:44 +0000