hickory-dns/scripts/gen_certs.sh

# !/bin/bash

set -euxo pipefail

OPENSSL=openssl

hickory_dns_dir=$(dirname $0)/..

pushd $hickory_dns_dir/tests/test-data

for i in ca.key ca.pem cert.key cert.csr cert.pem cert.p12 ; do
    [ -f $i ] && echo "$i exists" && exit 1;
done

echo 

cat <<-EOF > /tmp/ca.conf
[req]
prompt = no
req_extensions = req_ext
distinguished_name = dn

[dn]
C = US
ST = California
L = San Francisco
O = Hickory DNS
CN = root.example.com

[req_ext]
basicConstraints = critical,CA:TRUE
subjectAltName = @alt_names
 
[alt_names]
DNS.1 = root.example.com
EOF

# CA
echo "----> Generating CA <----"
${OPENSSL:?} req -x509 -new -nodes -newkey rsa:4096 -days 365 -keyout ca.key -out ca.pem -config /tmp/ca.conf
${OPENSSL:?} x509 -in ca.pem -out ca.der -outform der  

cat <<-EOF > /tmp/cert.conf
[req]
prompt = no
req_extensions = req_ext
distinguished_name = dn

[dn]

C = US
ST = California
L = San Francisco
O = Hickory DNS
CN = ns.example.com

[req_ext]

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
 
[alt_names]
DNS.1 = ns.example.com
EOF

# Cert
echo "----> Generating CERT  <----"
${OPENSSL:?} req -new -nodes -newkey rsa:4096 -keyout cert.key -out cert.csr \
             -verify \
             -config /tmp/cert.conf

${OPENSSL:?} pkcs8 -in cert.key -inform pem -out cert-key.pk8 -topk8 -nocrypt

${OPENSSL:?} x509 -in ca.pem -inform pem -pubkey -noout > ca.pubkey

echo "----> Signing Cert <----"
${OPENSSL:?} x509 -req -days 365 -in cert.csr -CA ca.pem -CAkey ca.key  -set_serial 0x8771f7bdee982fa6 -out cert.pem -extfile /tmp/cert.conf -extensions req_ext

echo "----> Verifying Cert <----"
${OPENSSL:?} verify -CAfile ca.pem cert.pem

echo "----> Createing PCKS12 <----"
${OPENSSL:?} pkcs12 -export -inkey cert.key -in cert.pem -out cert.p12 -passout pass:mypass -name ns.example.com -chain -CAfile ca.pem


popd
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`# !/bin/bash`

add gen_certs task to justfile 2023-06-02 04:37:58 +00:00			`set -euxo pipefail`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
add gen_certs task to justfile 2023-06-02 04:37:58 +00:00			`OPENSSL=openssl`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
Prepare 0.24 release with branding change to Hickory DNS (#2054) * update all READMEs with notices about the name change * update changelog for 0.24 * bump crate versions to 0.24 * update version notice information * update readmes to back reference trust-dns * rename all crates to hickory counterparts * replace all Trust-DNS references in code and comments with Hickory DNS * rename all Trust-DNS references to Hickory DNS in non-code * rename all trust-dns-resolver references to hickory-resolver * rename all trust-dns-client references to hickory-client * rename all trust-dns-proto references to hickory-proto * rename all trust-dns-server references to hickory-server * rename all trust-dns-compatibility references to hickory-compatability * rename all trust-dns-integration references to hickory-integration * rename all trust-dns-util references to hickory-util * Update MIT licenses to reference Hickory DNS * update all trust-dns references to hickory-dns * update all bluejekyll github references to hickorydns org * Update name in Changelog * make sure hickory-dns logs during tests * add changelogs for recent main additions * fix references to trust-dns and hickory in architecture * update a few trust-dns references in READMEs * fixup some dangling trust_dns references * replace fka with formerly in change log * replace all hickoydns org references to hickory-dns * replace all http links with https * update logos * update hickorydns to hickory-dns for all other org references * fix Notices of Trust-DNS to Hickory in each Readme 2023-10-14 01:39:28 +00:00			`hickory_dns_dir=$(dirname $0)/..`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
Prepare 0.24 release with branding change to Hickory DNS (#2054) * update all READMEs with notices about the name change * update changelog for 0.24 * bump crate versions to 0.24 * update version notice information * update readmes to back reference trust-dns * rename all crates to hickory counterparts * replace all Trust-DNS references in code and comments with Hickory DNS * rename all Trust-DNS references to Hickory DNS in non-code * rename all trust-dns-resolver references to hickory-resolver * rename all trust-dns-client references to hickory-client * rename all trust-dns-proto references to hickory-proto * rename all trust-dns-server references to hickory-server * rename all trust-dns-compatibility references to hickory-compatability * rename all trust-dns-integration references to hickory-integration * rename all trust-dns-util references to hickory-util * Update MIT licenses to reference Hickory DNS * update all trust-dns references to hickory-dns * update all bluejekyll github references to hickorydns org * Update name in Changelog * make sure hickory-dns logs during tests * add changelogs for recent main additions * fix references to trust-dns and hickory in architecture * update a few trust-dns references in READMEs * fixup some dangling trust_dns references * replace fka with formerly in change log * replace all hickoydns org references to hickory-dns * replace all http links with https * update logos * update hickorydns to hickory-dns for all other org references * fix Notices of Trust-DNS to Hickory in each Readme 2023-10-14 01:39:28 +00:00			`pushd $hickory_dns_dir/tests/test-data`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
OpenSSL 3.0 compliant 2022-11-28 12:57:16 +00:00			`for i in ca.key ca.pem cert.key cert.csr cert.pem cert.p12 ; do`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`[ -f $i ] && echo "$i exists" && exit 1;`
			`done`

			`echo`

			`cat <<-EOF > /tmp/ca.conf`
			`[req]`
			`prompt = no`
			`req_extensions = req_ext`
			`distinguished_name = dn`

			`[dn]`
			`C = US`
			`ST = California`
			`L = San Francisco`
Prepare 0.24 release with branding change to Hickory DNS (#2054) * update all READMEs with notices about the name change * update changelog for 0.24 * bump crate versions to 0.24 * update version notice information * update readmes to back reference trust-dns * rename all crates to hickory counterparts * replace all Trust-DNS references in code and comments with Hickory DNS * rename all Trust-DNS references to Hickory DNS in non-code * rename all trust-dns-resolver references to hickory-resolver * rename all trust-dns-client references to hickory-client * rename all trust-dns-proto references to hickory-proto * rename all trust-dns-server references to hickory-server * rename all trust-dns-compatibility references to hickory-compatability * rename all trust-dns-integration references to hickory-integration * rename all trust-dns-util references to hickory-util * Update MIT licenses to reference Hickory DNS * update all trust-dns references to hickory-dns * update all bluejekyll github references to hickorydns org * Update name in Changelog * make sure hickory-dns logs during tests * add changelogs for recent main additions * fix references to trust-dns and hickory in architecture * update a few trust-dns references in READMEs * fixup some dangling trust_dns references * replace fka with formerly in change log * replace all hickoydns org references to hickory-dns * replace all http links with https * update logos * update hickorydns to hickory-dns for all other org references * fix Notices of Trust-DNS to Hickory in each Readme 2023-10-14 01:39:28 +00:00			`O = Hickory DNS`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`CN = root.example.com`

			`[req_ext]`
OpenSSL 3.0 compliant 2022-11-28 12:57:16 +00:00			`basicConstraints = critical,CA:TRUE`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`subjectAltName = @alt_names`

			`[alt_names]`
			`DNS.1 = root.example.com`
			`EOF`

			`# CA`
			`echo "----> Generating CA <----"`
OpenSSL 3.0 compliant 2022-11-28 12:57:16 +00:00			`${OPENSSL:?} req -x509 -new -nodes -newkey rsa:4096 -days 365 -keyout ca.key -out ca.pem -config /tmp/ca.conf`
get cert generation and tests passing 2017-04-07 05:53:09 +00:00			`${OPENSSL:?} x509 -in ca.pem -out ca.der -outform der`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
			`cat <<-EOF > /tmp/cert.conf`
			`[req]`
			`prompt = no`
			`req_extensions = req_ext`
			`distinguished_name = dn`

			`[dn]`

			`C = US`
			`ST = California`
			`L = San Francisco`
Prepare 0.24 release with branding change to Hickory DNS (#2054) * update all READMEs with notices about the name change * update changelog for 0.24 * bump crate versions to 0.24 * update version notice information * update readmes to back reference trust-dns * rename all crates to hickory counterparts * replace all Trust-DNS references in code and comments with Hickory DNS * rename all Trust-DNS references to Hickory DNS in non-code * rename all trust-dns-resolver references to hickory-resolver * rename all trust-dns-client references to hickory-client * rename all trust-dns-proto references to hickory-proto * rename all trust-dns-server references to hickory-server * rename all trust-dns-compatibility references to hickory-compatability * rename all trust-dns-integration references to hickory-integration * rename all trust-dns-util references to hickory-util * Update MIT licenses to reference Hickory DNS * update all trust-dns references to hickory-dns * update all bluejekyll github references to hickorydns org * Update name in Changelog * make sure hickory-dns logs during tests * add changelogs for recent main additions * fix references to trust-dns and hickory in architecture * update a few trust-dns references in READMEs * fixup some dangling trust_dns references * replace fka with formerly in change log * replace all hickoydns org references to hickory-dns * replace all http links with https * update logos * update hickorydns to hickory-dns for all other org references * fix Notices of Trust-DNS to Hickory in each Readme 2023-10-14 01:39:28 +00:00			`O = Hickory DNS`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`CN = ns.example.com`

			`[req_ext]`

			`basicConstraints = CA:FALSE`
			`keyUsage = nonRepudiation, digitalSignature, keyEncipherment`
			`subjectAltName = @alt_names`

			`[alt_names]`
			`DNS.1 = ns.example.com`
			`EOF`

			`# Cert`
			`echo "----> Generating CERT <----"`
OpenSSL 3.0 compliant 2022-11-28 12:57:16 +00:00			`${OPENSSL:?} req -new -nodes -newkey rsa:4096 -keyout cert.key -out cert.csr \`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`-verify \`
			`-config /tmp/cert.conf`
update certs 2023-12-02 20:09:51 +00:00
			`${OPENSSL:?} pkcs8 -in cert.key -inform pem -out cert-key.pk8 -topk8 -nocrypt`

update test certificates 2019-04-09 12:36:20 +00:00			`${OPENSSL:?} x509 -in ca.pem -inform pem -pubkey -noout > ca.pubkey`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
			`echo "----> Signing Cert <----"`
			`${OPENSSL:?} x509 -req -days 365 -in cert.csr -CA ca.pem -CAkey ca.key -set_serial 0x8771f7bdee982fa6 -out cert.pem -extfile /tmp/cert.conf -extensions req_ext`

get cert generation and tests passing 2017-04-07 05:53:09 +00:00			`echo "----> Verifying Cert <----"`
			`${OPENSSL:?} verify -CAfile ca.pem cert.pem`

scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00			`echo "----> Createing PCKS12 <----"`
OpenSSL 3.0 compliant 2022-11-28 12:57:16 +00:00			`${OPENSSL:?} pkcs12 -export -inkey cert.key -in cert.pem -out cert.p12 -passout pass:mypass -name ns.example.com -chain -CAfile ca.pem`
scripts etc and tests for native-tls 2017-04-06 07:08:43 +00:00
get cert generation and tests passing 2017-04-07 05:53:09 +00:00
OpenSSL 3.0 compliant 2022-11-28 12:57:16 +00:00			`popd`