Mirrors/Checkmate
1
0
Fork 0
mirror of https://github.com/bluewave-labs/Checkmate.git synced 2025-12-22 10:47:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f381b0ce4a3424586d58f37137ea87e1de6f870b
Checkmate/scripts/dev/setup-custom-ca.sh

144 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Dev/Test only: Not required in production
# This script generates test certificates for development and testing purposes
set -euo pipefail
# Colors for output
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Configuration
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
CERTS_DIR="$REPO_ROOT/docker/dev/certs"
# Function to print colored output
print_status() {
local status=$1
local message=$2
case $status in
"PASS")
echo -e "${GREEN}[PASS]${NC} $message"
;;
"INFO")
echo -e "${BLUE}[INFO]${NC} $message"
;;
"WARN")
echo -e "${YELLOW}[WARN]${NC} $message"
;;
esac
}
# Function to check if a command exists
command_exists() {
command -v "$1" >/dev/null 2>&1
}
# Function to generate certificates using mkcert
generate_certs_mkcert() {
print_status "INFO" "Generating certificates using mkcert..."
# Install mkcert CA (ignore if already done)
mkcert -install 2>/dev/null || true
# Copy root CA
local ca_root
ca_root=$(mkcert -CAROOT)
cp "$ca_root/rootCA.pem" "$CERTS_DIR/custom-ca.pem"
# Generate server certificate
mkcert -key-file "$CERTS_DIR/host-int-key.pem" \
-cert-file "$CERTS_DIR/host-int-cert.pem" \
host.docker.internal
print_status "PASS" "Certificates generated using mkcert"
}
# Function to generate certificates using OpenSSL
generate_certs_openssl() {
print_status "INFO" "Generating certificates using OpenSSL..."
# Create CA private key
openssl genrsa -out "$CERTS_DIR/ca.key" 2048
# Create CA certificate
openssl req -new -x509 -days 365 -key "$CERTS_DIR/ca.key" \
-out "$CERTS_DIR/custom-ca.pem" \
-subj "/C=US/ST=Test/L=Test/O=Test CA/CN=Test Root CA"
# Create server private key
openssl genrsa -out "$CERTS_DIR/host-int-key.pem" 2048
# Create server certificate signing request
openssl req -new -key "$CERTS_DIR/host-int-key.pem" \
-out "$CERTS_DIR/host-int-cert.csr" \
-subj "/C=US/ST=Test/L=Test/O=Test/CN=host.docker.internal"
# Create extfile for SAN
cat > "$CERTS_DIR/san.ext" << EOF
subjectAltName=DNS:host.docker.internal,IP:127.0.0.1
EOF
# Sign server certificate with CA
openssl x509 -req -days 365 \
-in "$CERTS_DIR/host-int-cert.csr" \
-CA "$CERTS_DIR/custom-ca.pem" \
-CAkey "$CERTS_DIR/ca.key" \
-CAcreateserial \
-out "$CERTS_DIR/host-int-cert.pem" \
-extfile "$CERTS_DIR/san.ext"
# Clean up temporary files
rm -f "$CERTS_DIR/ca.key" "$CERTS_DIR/host-int-cert.csr" "$CERTS_DIR/san.ext" "$CERTS_DIR/.srl"
print_status "PASS" "Certificates generated using OpenSSL"
}
# Main function
main() {
print_status "INFO" "Setting up custom CA certificates for Checkmate testing"
echo "================================================================"
# Create certs directory if missing
print_status "INFO" "Creating certificates directory..."
mkdir -p "$CERTS_DIR"
# Generate certificates
if command_exists mkcert; then
generate_certs_mkcert
else
print_status "WARN" "mkcert not found, falling back to OpenSSL"
generate_certs_openssl
fi
# Create duplicate for compatibility with existing overrides
print_status "INFO" "Creating duplicate CA file for compatibility..."
cp "$CERTS_DIR/custom-ca.pem" "$CERTS_DIR/smallstep-root-ca.pem"
# Verify certificates exist
if [ ! -f "$CERTS_DIR/custom-ca.pem" ] || [ ! -f "$CERTS_DIR/host-int-cert.pem" ] || [ ! -f "$CERTS_DIR/host-int-key.pem" ]; then
echo "Error: Failed to generate required certificates"
exit 1
fi
# Print summary
echo ""
print_status "PASS" "All required certificates generated successfully"
echo ""
echo "Certificate summary:"
echo "===================="
ls -l "$CERTS_DIR"
echo ""
echo "CA certificate preview:"
echo "======================"
head -3 "$CERTS_DIR/custom-ca.pem"
echo ""
print_status "INFO" "Certificates are ready for use with Checkmate custom CA trust"
}
# Run main function
main "$@"
Reference in New Issue View Git Blame Copy Permalink