elebedeva
/
frostfs-dev-env
forked from TrueCloudLab/frostfs-dev-env
1
0
Fork 0
Code Pull Requests Activity

[#193] Add error pretty printing for `services/nats/generate_cert.sh` 

Signed-off-by: anastasia prasolova <anastasia@nspcc.ru>
nightly
anastasia prasolova 2022-07-07 18:19:48 +03:00 committed by Anastasia Prasolova
parent b725905b39
commit ce228c10e0
1 changed files with 13 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
services/nats/generate_cert.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
source bin/helper.sh
WORKDIR=$(dirname "$0") WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1 LOCAL_DOMAIN=$1
@ -17,43 +19,30 @@ CLI_CRT=$WORKDIR/client-cert.pem
SUBJ="/O=NSPCC" SUBJ="/O=NSPCC"
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
OUT=$(openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1) || { openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
echo "CA certificate was not created" die "CA certificate was not created"
echo $OUT
exit 1
}
fi fi
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
OUT=$(openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ) || { openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
echo "Server certificate was not created" die "Server certificate was not created"
echo $OUT
exit 1
}
OUT=$(openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \ openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1)|| { -extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
echo "Server certificate was not signed by CA"
echo $OUT
rm $SRV_REQ rm $SRV_REQ
exit 1 die "Server certificate was not signed by CA"
} }
rm $SRV_REQ rm $SRV_REQ
fi fi
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
OUT=$(openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1) || { openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
echo "Client certificate was not created" die "Client certificate was not created"
echo $OUT
exit 1
}
OUT=$(openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1) || { openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
echo "Client certificate was not signed by CA"
echo $OUT
rm $CLI_REQ rm $CLI_REQ
exit 1 die "Client certificate was not signed by CA"
} }
rm $CLI_REQ rm $CLI_REQ