From c430d8eaf1d091ad27e842c0000b77d87d791da6 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Thu, 21 Apr 2022 22:57:55 +0200
Subject: Start refactor

---
 gen_pki | 118 ----------------------------------------------------------------
 1 file changed, 118 deletions(-)
 delete mode 100755 gen_pki

(limited to 'gen_pki')

diff --git a/gen_pki b/gen_pki
deleted file mode 100755
index 57da699..0000000
--- a/gen_pki
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/usr/bin/env sh
-
-set -ex
-
-cd $(dirname $0)
-
-CLUSTER="$1"
-if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then
-	echo "Usage: $0 <cluster name>"
-	echo "The cluster name must be the name of a subdirectory of cluster/"
-	exit 1
-fi
-
-PREFIX="deuxfleurs/cluster/$CLUSTER"
-
-YEAR=$(date +%Y)
-for APP in consul nomad; do
-	# 1. Create certificate authority
-	if ! pass $PREFIX/$APP-ca.key >/dev/null; then
-		echo "Generating $APP CA keys..."
-		openssl genrsa 4096 | pass insert -m $PREFIX/$APP-ca.key
-
-		openssl req -x509 -new -nodes \
-			-key <(pass $PREFIX/$APP-ca.key) -sha256 \
-			-days 3650 -subj "/C=FR/O=Deuxfleurs/CN=$APP" \
-			| pass insert -m -f $PREFIX/$APP-ca.crt
-	fi
-
-	CERT="${APP}${YEAR}"
-
-	# 2. Create and sign certificates for inter-node communication
-	if ! pass $PREFIX/$CERT.crt >/dev/null; then
-		echo "Generating $CERT agent keys..."
-		if ! pass $PREFIX/$CERT.key >/dev/null; then
-			openssl genrsa 4096 | pass insert -m $PREFIX/$CERT.key
-		fi
-		openssl req -new -sha256 -key <(pass $PREFIX/$CERT.key) \
-			-subj "/C=FR/O=Deuxfleurs/CN=$APP" \
-			-out /tmp/tmp-$CLUSTER-$CERT.csr
-		openssl req -in /tmp/tmp-$CLUSTER-$CERT.csr  -noout -text
-		openssl x509 -req -in /tmp/tmp-$CLUSTER-$CERT.csr \
-			-extensions v3_req \
-			-extfile <(cat <<EOF
-[req]
-distinguished_name = req_distinguished_name
-req_extensions = v3_req
-prompt = no
-
-[req_distinguished_name]
-C = FR
-O = Deuxfleurs
-CN = $APP
-
-[v3_req]
-keyUsage = keyEncipherment, keyCertSign, dataEncipherment
-extendedKeyUsage = serverAuth, clientAuth
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = server.$CLUSTER.$APP
-DNS.2 = client.$CLUSTER.$APP
-DNS.3 = localhost
-DNS.4 = 127.0.0.1
-EOF
-	) \
-			-CA <(pass $PREFIX/$APP-ca.crt) \
-			-CAkey <(pass $PREFIX/$APP-ca.key) -CAcreateserial \
-			-CAserial /tmp/tmp-$CLUSTER-$CERT.srl \
-			-days 700 \
-			| pass insert -m $PREFIX/$CERT.crt
-		rm /tmp/tmp-$CLUSTER-$CERT.{csr,srl}
-	fi
-
-	# 3. Create client-only certificate used for the CLI
-	if ! pass $PREFIX/$CERT-client.crt >/dev/null; then
-		echo "Generating $CERT client keys..."
-		if ! pass $PREFIX/$CERT-client.key >/dev/null; then
-			openssl genrsa 4096 | pass insert -m $PREFIX/$CERT-client.key
-		fi
-		openssl req -new -sha256 -key <(pass $PREFIX/$CERT-client.key) \
-			-subj "/C=FR/O=Deuxfleurs/CN=$APP-client" \
-			-out /tmp/tmp-$CLUSTER-$CERT-client.csr
-		openssl req -in /tmp/tmp-$CLUSTER-$CERT-client.csr -noout -text
-		openssl x509 -req -in /tmp/tmp-$CLUSTER-$CERT-client.csr \
-			-extensions v3_req \
-			-extfile <(cat <<EOF
-[req]
-distinguished_name = req_distinguished_name
-req_extensions = v3_req
-prompt = no
-
-[req_distinguished_name]
-C = FR
-O = Deuxfleurs
-CN = $APP-client
-
-[v3_req]
-keyUsage = keyEncipherment, keyCertSign, dataEncipherment
-extendedKeyUsage = clientAuth
-subjectAltName = @alt_names
-
-[alt_names]
-DNS.1 = client.$CLUSTER.$APP
-EOF
-	) \
-			-CA <(pass $PREFIX/$APP-ca.crt) \
-			-CAkey <(pass $PREFIX/$APP-ca.key) \
-			-CAcreateserial -days 700 \
-			-CAserial /tmp/tmp-$CLUSTER-$CERT-client.srl \
-			| pass insert -m $PREFIX/$CERT-client.crt
-		rm /tmp/tmp-$CLUSTER-$CERT-client.{csr,srl}
-	fi
-
-	#if [ ! -f $CERT-client.p12 ]; then
-	#	openssl pkcs12 -export -out $CERT-client.p12 \
-	#		-in $APP-ca.pem -in $CERT-client.crt -inkey $CERT-client.key
-	#fi
-done
-- 
cgit v1.2.3