Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
trabajo-afectivo/spec/fixtures/smime/generate/docker-entrypoint.sh

163 lines
6.5 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
echo "Zammad S/MIME test certificate generation"
if [[ ! -e "$CERT_DIR/RootCA.key" ]] || [[ ! -e "$CERT_DIR/RootCA.crt" ]]
then
echo "Generating RootCA.key and RootCA.csr"
openssl req -new -newkey rsa:4096 -nodes -out $CERT_DIR/RootCA.csr -keyout $CERT_DIR/RootCA.key -extensions v3_ca -subj "/emailAddress=RootCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating RootCA.crt"
openssl x509 -signkey $CERT_DIR/RootCA.key -days 73000 -req -in $CERT_DIR/RootCA.csr -set_serial 01 -out $CERT_DIR/RootCA.crt
echo "Generating RootCA.secret"
cp pass.secret $CERT_DIR/RootCA.secret
fi
if [[ ! -e "$CERT_DIR/IntermediateCA.key" ]] || [[ ! -e "$CERT_DIR/IntermediateCA.crt" ]]
then
echo "Generating IntermediateCA.key and IntermediateCA.csr"
openssl req -new -newkey rsa:4096 -nodes -out $CERT_DIR/IntermediateCA.csr -keyout $CERT_DIR/IntermediateCA.key -subj "/emailAddress=IntermediateCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating IntermediateCA.crt"
openssl x509 -CA $CERT_DIR/RootCA.crt -CAkey $CERT_DIR/RootCA.key -passin file:pass.secret -days 73000 -req -in $CERT_DIR/IntermediateCA.csr -set_serial 02 -out $CERT_DIR/IntermediateCA.crt
echo "Generating IntermediateCA.secret"
cp pass.secret $CERT_DIR/IntermediateCA.secret
fi
if [[ ! -e "$CERT_DIR/ChainCA.key" ]] || [[ ! -e "$CERT_DIR/ChainCA.crt" ]]
then
echo "Generating ChainCA.key and ChainCA.csr"
openssl req -new -newkey rsa:4096 -nodes -out $CERT_DIR/ChainCA.csr -keyout $CERT_DIR/ChainCA.key -subj "/emailAddress=ChainCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating ChainCA.crt"
openssl x509 -CA $CERT_DIR/IntermediateCA.crt -CAkey $CERT_DIR/IntermediateCA.key -passin file:pass.secret -days 73000 -req -in $CERT_DIR/ChainCA.csr -set_serial 03 -out $CERT_DIR/ChainCA.crt
echo "Generating ChainCA.secret"
cp pass.secret $CERT_DIR/ChainCA.secret
fi
for EMAIL_ADDRESS in smime1@example.com smime2@example.com smime3@example.com smimedouble@example.com CaseInsenstive@eXample.COM
do
if [[ ! -e "$CERT_DIR/$EMAIL_ADDRESS.crt" ]]
then
echo "Generating $EMAIL_ADDRESS.key"
openssl genrsa -aes256 -passout file:pass.secret -out $CERT_DIR/$EMAIL_ADDRESS.key 4096
echo "Generating $EMAIL_ADDRESS.csr (certificate signing request)"
openssl req -new -key $CERT_DIR/$EMAIL_ADDRESS.key -passin file:pass.secret -out $CERT_DIR/$EMAIL_ADDRESS.csr -subj "/emailAddress=$EMAIL_ADDRESS/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating $EMAIL_ADDRESS.crt (certificate)"
if [ "$EMAIL_ADDRESS" != "smimedouble@example.com" ]
then
extfile="config.cnf"
else
# special config that contains two email addresses in one certificate
extfile="double.cnf"
fi
openssl x509 -req \
-days 73000 \
-in $CERT_DIR/$EMAIL_ADDRESS.csr \
-CA $CERT_DIR/RootCA.crt \
-CAkey $CERT_DIR/RootCA.key \
-out $CERT_DIR/$EMAIL_ADDRESS.crt \
-addtrust emailProtection \
-addreject clientAuth \
-addreject serverAuth \
-trustout \
-CAcreateserial -CAserial /tmp/RootCA.seq \
-extensions smime \
-extfile "$extfile" \
-passin file:pass.secret
echo "Generating $EMAIL_ADDRESS.secret"
cp pass.secret $CERT_DIR/$EMAIL_ADDRESS.secret
fi
done
echo "Generating from CA chain"
# shellcheck disable=SC2043
for EMAIL_ADDRESS in chain@example.com
do
if [[ ! -e "$CERT_DIR/$EMAIL_ADDRESS.crt" ]]
then
echo "Generating $EMAIL_ADDRESS.key"
openssl genrsa -aes256 -passout file:pass.secret -out $CERT_DIR/$EMAIL_ADDRESS.key 4096
echo "Generating $EMAIL_ADDRESS.csr (certificate signing request)"
openssl req -new -key $CERT_DIR/$EMAIL_ADDRESS.key -passin file:pass.secret -out $CERT_DIR/$EMAIL_ADDRESS.csr -subj "/emailAddress=$EMAIL_ADDRESS/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating $EMAIL_ADDRESS.crt (certificate)"
openssl x509 -req \
-days 73000 \
-in $CERT_DIR/$EMAIL_ADDRESS.csr \
-CA $CERT_DIR/ChainCA.crt \
-CAkey $CERT_DIR/ChainCA.key \
-out $CERT_DIR/$EMAIL_ADDRESS.crt \
-addtrust emailProtection \
-addreject clientAuth \
-addreject serverAuth \
-trustout \
-CAcreateserial -CAserial /tmp/ChainCA.seq \
-extensions smime \
-extfile "config.cnf" \
-passin file:pass.secret
echo "Generating $EMAIL_ADDRESS.secret"
cp pass.secret $CERT_DIR/$EMAIL_ADDRESS.secret
fi
done
echo "Generating expired"
FAKETIME=-10y date
if [[ ! -e "$CERT_DIR/ExpiredCA.key" ]] || [[ ! -e "$CERT_DIR/ExpiredCA.crt" ]]
then
echo "Generating ExpiredCA.key"
FAKETIME=-10y openssl genrsa -aes256 -passout file:pass.secret -out $CERT_DIR/ExpiredCA.key 4096
echo "Generating ExpiredCA.crt"
FAKETIME=-10y openssl req -new -x509 -days 1 -key $CERT_DIR/ExpiredCA.key -passin file:pass.secret -out $CERT_DIR/ExpiredCA.crt -subj "/emailAddress=ExpiredCA@example.com/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating ExpiredCA.secret"
cp pass.secret $CERT_DIR/ExpiredCA.secret
fi
for EMAIL_ADDRESS in expiredsmime1@example.com expiredsmime2@example.com
do
if [[ ! -e "$CERT_DIR/$EMAIL_ADDRESS.crt" ]]
then
echo "Generating $EMAIL_ADDRESS.key"
FAKETIME=-10y openssl genrsa -aes256 -passout file:pass.secret -out $CERT_DIR/$EMAIL_ADDRESS.key 4096
echo "Generating $EMAIL_ADDRESS.csr (certificate signing request)"
FAKETIME=-10y openssl req -new -key $CERT_DIR/$EMAIL_ADDRESS.key -passin file:pass.secret -out $CERT_DIR/$EMAIL_ADDRESS.csr -subj "/emailAddress=$EMAIL_ADDRESS/C=DE/ST=Berlin/L=Berlin/O=Example Security/OU=IT Department/CN=example.com"
echo "Generating $EMAIL_ADDRESS.crt (certificate)"
FAKETIME=-10y openssl x509 -req \
-days 1 \
-in $CERT_DIR/$EMAIL_ADDRESS.csr \
-CA $CERT_DIR/ExpiredCA.crt \
-CAkey $CERT_DIR/ExpiredCA.key \
-out $CERT_DIR/$EMAIL_ADDRESS.crt \
-addtrust emailProtection \
-addreject clientAuth \
-addreject serverAuth \
-trustout \
-CAcreateserial -CAserial /tmp/ExpiredCA.seq \
-extensions smime \
-extfile config.cnf \
-passin file:pass.secret
echo "Generating $EMAIL_ADDRESS.secret"
cp pass.secret $CERT_DIR/$EMAIL_ADDRESS.secret
fi
done
# run command passed to docker run
exec "$@"
Reference in a new issue View git blame Copy permalink