Update it/dep document to include cherry release details
[it/dep.git] / ci / tiller-secret-gen / bin / cert-gen.sh
1 #!/bin/sh
3 #   Copyright (c) 2019 AT&T Intellectual Property.
4 #   Copyright (c) 2019 Nokia.
5 #
6 #   Licensed under the Apache License, Version 2.0 (the "License");
7 #   you may not use this file except in compliance with the License.
8 #   You may obtain a copy of the License at
9 #
10 #       http://www.apache.org/licenses/LICENSE-2.0
11 #
12 #   Unless required by applicable law or agreed to in writing, software
13 #   distributed under the License is distributed on an "AS IS" BASIS,
14 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 #   See the License for the specific language governing permissions and
16 #   limitations under the License.
18 dnBase=${CERT_DN:-'/C=US/O=O-RAN Alliance/OU=O-RAN Software Community'}
19 keyBits=${KEY_BITS:-4096}
21 CAHome=${CA_DIR:-'/pki'}
22 CADays=${CA_CERT_EXPIRY:-9125}
23 CAKey=${CAHome}/${CA_KEY_NAME:-ca.key.pem}
24 CACert=${CAHome}/${CA_CERT_NAME:-ca.cert.pem}
25 #
26 CertHome=${CERT_DIR:-$CAHome}
27 #
28 TillerDays=${TILLER_CERT_EXPIRY:-3650}
29 TillerKey=${CertHome}/${TILLER_KEY_NAME:-tiller.key.pem}
30 TillerCert=${CertHome}/${TILLER_CERT_NAME:-tiller.cert.pem}
31 TillerCN=${TILLER_CN:-tiller}
32 #
33 HelmDays=${HELM_CERT_EXPIRY:-3650}
34 HelmKey=${CertHome}/${HELM_KEY_NAME:-helm.key.pem}
35 HelmCert=${CertHome}/${HELM_CERT_NAME:-helm.cert.pem}
36 HelmCN=${HELM_CN:-helm}
38 # 1. CA
39 if [ ! -d ${CAHome} ]; then
40   mkdir -p ${CAHome}
41 fi
42 if [ ! -f ${CAKey} ]; then
43   openssl genrsa -out ${CAKey} ${keyBits}
44 fi
45 if [ ! -f ${CACert} ]; then
46  openssl req -new -x509 -extensions v3_ca -sha256 -days ${CADays} \
47   -key ${CAKey} \
48   -out ${CACert} \
49   -subj "${dnBase}" 
50 fi
52 # 2. tiller server cert
53 if [ ! -f ${TillerKey} ]; then
54  openssl genrsa -out ${TillerKey} ${keyBits}
55 fi
56 if [ ! -f ${TillerCert} ]; then
57  CSR=`mktemp`
58  openssl req -new -sha256 \
59   -key ${TillerKey} \
60   -out ${CSR} \
61   -subj "${dnBase}/CN=${TillerCN}"
62  openssl x509 -req -CAcreateserial -days ${TillerDays} \
63   -CA ${CACert} \
64   -CAkey ${CAKey} \
65   -in ${CSR} \
66   -out ${TillerCert}
67 fi
69 # 3. helm client cert
70 if [ ! -f ${HelmKey} ]; then
71  openssl genrsa -out ${HelmKey} ${keyBits}
72 fi
73 if [ ! -f ${HelmCert} ]; then
74  CSR=`mktemp`
75  openssl req -new -sha256 \
76   -key ${HelmKey} \
77   -out ${CSR} \
78   -subj "${dnBase}/CN=${HelmCN}"
79  openssl x509 -req -CAcreateserial -days ${HelmDays} \
80   -CA ${CACert} \
81   -CAkey ${CAKey} \
82   -in ${CSR} \
83   -out ${HelmCert}
84 fi