harbor/tests/generateCerts.sh

50 lines
2.3 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
# These certs file is only for Harbor testing.
CN='127.0.0.1'
IPV4_REGEX='((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
IPV6_REGEX='(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
TEMP_FILENAME='temp'
if [ ! -z "$1" ]; then CN=$1; fi
OPENSSLCNF=
DATA_VOL='/data'
CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
for path in /etc/openssl/openssl.cnf /etc/ssl/openssl.cnf /usr/local/etc/openssl/openssl.cnf; do
if [[ -e ${path} ]]; then
OPENSSLCNF=${path}
fi
done
if [[ -z ${OPENSSLCNF} ]]; then
printf "Could not find openssl.cnf"
exit 1
fi
# Create CA certificate
# openssl req \
# -newkey rsa:4096 -nodes -sha256 -keyout $CUR_DIR/harbor_ca.key \
# -x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
# Generate a Certificate Signing Request
if [[ $CN =~ $IPV4_REGEX ]] || [[ $CN =~ $IPV6_REGEX ]] ; then
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $TEMP_FILENAME.key \
-out $TEMP_FILENAME.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
echo subjectAltName = IP:$CN > extfile.cnf
else
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $TEMP_FILENAME.key \
-out $TEMP_FILENAME.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$CN"
echo subjectAltName = DNS.1:$CN > extfile.cnf
fi
# Generate the certificate of local registry host
openssl x509 -req -days 365 -sha256 -in $TEMP_FILENAME.csr -CA $CUR_DIR/harbor_ca.crt \
-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $TEMP_FILENAME.crt
# Copy to harbor default location
mkdir -p $DATA_VOL/cert
cp $TEMP_FILENAME.crt $DATA_VOL/cert/server.crt
cp $TEMP_FILENAME.key $DATA_VOL/cert/server.key