mirror of
https://github.com/balena-io/open-balena.git
synced 2024-12-25 00:11:05 +00:00
46 lines
1.1 KiB
Plaintext
46 lines
1.1 KiB
Plaintext
|
#!/bin/bash -e
|
||
|
|
||
|
usage() {
|
||
|
echo "usage: $0 COMMON_NAME [OUT]"
|
||
|
echo
|
||
|
echo " COMMON_NAME the domain name the certificate is valid for, eg. example.com"
|
||
|
echo " OUT path to output directory generated files will be placed in"
|
||
|
echo
|
||
|
}
|
||
|
|
||
|
if [ -z "$1" ]; then
|
||
|
usage
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
CMD="$(realpath "$0")"
|
||
|
DIR="$(dirname "${CMD}")"
|
||
|
|
||
|
CN="$1"
|
||
|
OUT="$(realpath "${2:-.}")"
|
||
|
|
||
|
# shellcheck source=scripts/ssl-common.sh
|
||
|
source "${DIR}/ssl-common.sh"
|
||
|
|
||
|
CERT_DIR="${OUT}/api"
|
||
|
CERT_FILE="${CERT_DIR}/api.${CN}"
|
||
|
|
||
|
keyid() {
|
||
|
nodejs "${DIR}/_keyid.js" "$1"
|
||
|
}
|
||
|
|
||
|
JWT_CRT="${CERT_FILE}.crt"
|
||
|
JWT_KEY="${CERT_FILE}.pem"
|
||
|
JWT_KID="${CERT_FILE}.kid"
|
||
|
|
||
|
mkdir -p "${CERT_DIR}"
|
||
|
openssl ecparam -name prime256v1 -genkey -noout -out "${JWT_KEY}" 2>/dev/null
|
||
|
openssl req -x509 -new -nodes -days "${CRT_EXPIRY_DAYS}" -key "${JWT_KEY}" -subj "/CN=api.${CN}" -out "${JWT_CRT}" 2>/dev/null
|
||
|
openssl ec -in "${JWT_KEY}" -pubout -outform DER -out "${CERT_FILE}.der" 2>/dev/null
|
||
|
keyid "${CERT_FILE}.der" >"${JWT_KID}" 2>/dev/null
|
||
|
rm "${CERT_FILE}.der"
|
||
|
|
||
|
echo "JWT_CRT=${JWT_CRT//$OUT/\$OUT}"
|
||
|
echo "JWT_KEY=${JWT_KEY//$OUT/\$OUT}"
|
||
|
echo "JWT_KID=${JWT_KID//$OUT/\$OUT}"
|