infra/op-signer/gen-local-tls.sh

#!/usr/bin/env bash

set -euo pipefail

SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
TLS_DIR=$SCRIPT_DIR/tls

version=$(openssl version)

if [[ "$version" != "LibreSSL"* ]] && [[ "$version" != "OpenSSL 1.1"* ]]; then
  echo "openssl version: $version"
  echo "script only works with LibreSSL (darwin) or OpenSSL 1.1*"
  exit 1
fi

echo "Generating mTLS credentials for local development..."
echo ""

mkdir -p "$TLS_DIR"

if [ ! -f "$TLS_DIR/ca.crt" ]; then
  echo 'Generating CA'
  openssl req -newkey rsa:2048 \
    -new -nodes -x509 \
    -days 365 \
    -sha256 \
    -out "$TLS_DIR/ca.crt" \
    -keyout "$TLS_DIR/ca.key" \
    -subj "/O=OP Labs/CN=root"
fi

echo 'Generating TLS certificate request'
openssl genrsa -out "$TLS_DIR/tls.key" 2048
openssl req -new -key "$TLS_DIR/tls.key" \
  -days 1 \
  -sha256 \
  -out "$TLS_DIR/tls.csr" \
  -keyout "$TLS_DIR/tls.key" \
  -subj "/O=OP Labs/CN=localhost" \
  -extensions san \
  -config <(echo '[req]'; echo 'distinguished_name=req'; \
            echo '[san]'; echo 'subjectAltName=DNS:localhost')

openssl x509 -req -in "$TLS_DIR/tls.csr" \
  -sha256 \
  -CA "$TLS_DIR/ca.crt" \
  -CAkey "$TLS_DIR/ca.key" \
  -CAcreateserial \
  -out "$TLS_DIR/tls.crt" \
  -days 3 \
  -extfile <(echo 'subjectAltName=DNS:localhost')
op-signer: add to this repo (#51) * op-signer: add to this repo * circleci: add op-signer jobs/workflows * ops: update tag service to include op-signer * readme: add op-signer one sentence description * ci: add op-signer option to github action * ops: add op-signer min version 2024-09-10 22:01:09 +03:00			`#!/usr/bin/env bash`

			`set -euo pipefail`

			`SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )`
			`TLS_DIR=$SCRIPT_DIR/tls`

			`version=$(openssl version)`

			`if [[ "$version" != "LibreSSL"* ]] && [[ "$version" != "OpenSSL 1.1"* ]]; then`
			`echo "openssl version: $version"`
			`echo "script only works with LibreSSL (darwin) or OpenSSL 1.1*"`
			`exit 1`
			`fi`

			`echo "Generating mTLS credentials for local development..."`
			`echo ""`

			`mkdir -p "$TLS_DIR"`

			`if [ ! -f "$TLS_DIR/ca.crt" ]; then`
			`echo 'Generating CA'`
			`openssl req -newkey rsa:2048 \`
			`-new -nodes -x509 \`
			`-days 365 \`
			`-sha256 \`
			`-out "$TLS_DIR/ca.crt" \`
			`-keyout "$TLS_DIR/ca.key" \`
			`-subj "/O=OP Labs/CN=root"`
			`fi`

			`echo 'Generating TLS certificate request'`
			`openssl genrsa -out "$TLS_DIR/tls.key" 2048`
			`openssl req -new -key "$TLS_DIR/tls.key" \`
			`-days 1 \`
			`-sha256 \`
			`-out "$TLS_DIR/tls.csr" \`
			`-keyout "$TLS_DIR/tls.key" \`
			`-subj "/O=OP Labs/CN=localhost" \`
			`-extensions san \`
			`-config <(echo '[req]'; echo 'distinguished_name=req'; \`
			`echo '[san]'; echo 'subjectAltName=DNS:localhost')`

			`openssl x509 -req -in "$TLS_DIR/tls.csr" \`
			`-sha256 \`
			`-CA "$TLS_DIR/ca.crt" \`
			`-CAkey "$TLS_DIR/ca.key" \`
			`-CAcreateserial \`
			`-out "$TLS_DIR/tls.crt" \`
			`-days 3 \`
			`-extfile <(echo 'subjectAltName=DNS:localhost')`