script pour générer des certifs autosignés

script/self_signed/conf/_conf.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+CERTIFICATE_PATH="files"
+ROOT_CA_KEY="${CERTIFICATE_PATH}/rootCA.key"
+ROOT_CA_CRT="${CERTIFICATE_PATH}/rootCA.crt"
+TRAEFIK_DEST_CERT="../../roles/traefik/files/etc/certs/"
+LOCAL_KEY="${TRAEFIK_DEST_CERT}/local.fr.key"
+LOCAL_CRT="${TRAEFIK_DEST_CERT}/local.fr.crt"
+LOCAL_CSR="${TRAEFIK_DEST_CERT}/local.fr.csr"

script/self_signed/files/local.cnf

@@ -0,0 +1,12 @@
+[ req ]
+prompt = no
+distinguished_name = req_distinguished_name
+
+[ req_distinguished_name ]
+C = FR
+ST = France
+L = Toulouse
+O = local.fr
+OU = local
+CN = local
+emailAddress = local.fr

script/self_signed/files/local.fr.v3.ext

@@ -0,0 +1,7 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = *.local.fr

script/self_signed/files/rootCA.crt

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFZTCCA02gAwIBAgIUATlkPDpIjH7jaqObcTtQNMHtNt4wDQYJKoZIhvcNAQEL
+BQAwQjELMAkGA1UEBhMCRlIxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
+CgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMjEwMDgxNTA5MTBaFw0yNTA3Mjgx
+NTA5MTBaMEIxCzAJBgNVBAYTAkZSMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAa
+BgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDcmqdBzfvljjqp/80+7Uzb8lZ9xJeJTsWcDddHVlT/XzW9nUO8
+PMjdef39aMLXzO3tsMCoJ+ch9E9zKYi37usizoec5tj3IYLganlJykYgJPeT8SKr
+mxv2lJbtsllUpB3+surv0NvCMOK5r8GNSOKU/pB3+MD2o23JR1XkBoSXDubU3Dtv
+ealann/zUNFrolFOPDxzBD5U0x8SOD+s7ZdLjlpz7kqLOWrL0DHrBRmpvCAJNQLU
+mWH87kaALstvTR47be0X5+YOwcys3k26vQCxoDXtV0PaRrJCc1CLDllGmeI8mxLa
+hs7EkkpndkmnMFNK8YQVyeWJQ70+m+fa07AdH7ZFztMf1lk06Z0i1LfMYpZ+pWYi
+w2BDebAmYc5Y7E32jQTlixZrrq2lmDrsBZLdwv7FjAUv3sM4w9ynjRJ49dmoxTwq
++78rHWhr6HzH2Gvv41Hajdr0caBJAlLaVya9UL7FbTmHku91BGQ3vxjS16c0oXMd
+tBabCf5Uk7CFZYu0icLDRq1I+C7nOyggPuB5wWHH6h/AVQA/s5BYhqgfb7S0kegp
+DHjjur7yhMTv5j3iJpM9n9qPiXGT0Jo6nqeIXO8z/FuRSBUd3Q649ceSlEFBnGyu
+EmnRcnozSqszwNJa90ipsGRU1M7ArUk5GTQvToooqRCTsj8F8r5yXAkv1QIDAQAB
+o1MwUTAdBgNVHQ4EFgQUZEj1ZQDuf7yPxxLCp0JqiSOM7oUwHwYDVR0jBBgwFoAU
+ZEj1ZQDuf7yPxxLCp0JqiSOM7oUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAgEAW+lZATkVFybRHLtBx+02pHNJ8H7HYA/4+kMu7AaqENKn/pmryy6N
+UJ61CKcY/UXUPNeAysa4Q+6/JDCXOIQSLlPuxlMimq2kpOiGOzEtzWG2MqTOK1hk
+vkJweXxrh1AVYSBLVOGl2DrgKILPIVwvMFQjMQAz4QKMz6C0sNQ52Pth2sEQtmnx
+1mY0c4b3MfnDtrEQIQqjydjqjUZ26Q1xq34uGCZchXKCax9H1QwPHusF0BvRJyJU
+AT/QSBXoz1qS98uwQ6dkm/LBfUSjx4OKC7Eiauo9FspUDBoRvK1tM4smJxdGay9l
+z7fAZ082lHGaByyOEk2wopsEXfwxUXv+ZYx+9zFKZthP1Tnc+jyHwFAyMm2WP/T4
+y3dEraTeNKx4VqhRBdGmygYVxuiCP9a+Yks9ZU6xBGgvJmOiMmL2ZJ6UBa77xnld
+v1864p4P4Dw3y2mZwmAElmABuKVvW2OblOSG+m75735s62cQFfD0O/28S0gEAqYO
+z6wiJ1hLlR4ssjhzlk8ZnS74SsCLnrtwvV+jOsOSxQLxcVxvZsgEPjY2vF/nU73Y
+e2XhlxpK9uzB2vEPr/K3Bc1Lm8BV0JfOtWsou1UkYl7M8yQ1FkXu2afWeuGWMMvb
+O5u8ZUg9lEE9sq/vP9ChKyhJHRpSfNPd7pPxh6cA5NZBYxHmQ0TmVUM=
+-----END CERTIFICATE-----

script/self_signed/files/rootCA.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDcmqdBzfvljjqp
+/80+7Uzb8lZ9xJeJTsWcDddHVlT/XzW9nUO8PMjdef39aMLXzO3tsMCoJ+ch9E9z
+KYi37usizoec5tj3IYLganlJykYgJPeT8SKrmxv2lJbtsllUpB3+surv0NvCMOK5
+r8GNSOKU/pB3+MD2o23JR1XkBoSXDubU3Dtvealann/zUNFrolFOPDxzBD5U0x8S
+OD+s7ZdLjlpz7kqLOWrL0DHrBRmpvCAJNQLUmWH87kaALstvTR47be0X5+YOwcys
+3k26vQCxoDXtV0PaRrJCc1CLDllGmeI8mxLahs7EkkpndkmnMFNK8YQVyeWJQ70+
+m+fa07AdH7ZFztMf1lk06Z0i1LfMYpZ+pWYiw2BDebAmYc5Y7E32jQTlixZrrq2l
+mDrsBZLdwv7FjAUv3sM4w9ynjRJ49dmoxTwq+78rHWhr6HzH2Gvv41Hajdr0caBJ
+AlLaVya9UL7FbTmHku91BGQ3vxjS16c0oXMdtBabCf5Uk7CFZYu0icLDRq1I+C7n
+OyggPuB5wWHH6h/AVQA/s5BYhqgfb7S0kegpDHjjur7yhMTv5j3iJpM9n9qPiXGT
+0Jo6nqeIXO8z/FuRSBUd3Q649ceSlEFBnGyuEmnRcnozSqszwNJa90ipsGRU1M7A
+rUk5GTQvToooqRCTsj8F8r5yXAkv1QIDAQABAoICAAfsou3JX+85jOBBbkErQLO1
+QKfI5uae8UNEo1iOgIQh3+on8DXJUIUq1isDAd4YSu2wXTiid6TabqYvi5fhLwoe
+NXSMkvuhn7QUWbdYWuzZrG5giZh00cF+9JhPlpzkk6fsC7tsmxBJNZkU9/9tavzj
+fhNeg1P4v+oB3tMk7CC0VNS4SobxGFpxz3J76IyUv+tEXP7cBqnWYaCDwRR4U73P
+kcPl/0CBYgA17NfJOZ2awo3Xcnq/kxZaWtGiR1rVVYIuAIfMzpCgzouL0BVRUmk5
+sjuMgxqf/Smc6dDs8DEJ4xIT7KPz7BEsmMae/aX8pZP6GVQNChVEXSkWwZ00iyLC
+QbC+68sbExlBTF/3Cs+XTdky9xn0JISO9v0vgFbqON7oeEpvrRl/1v/uJ4B0jnAQ
+yHRetFey9f4yTzBe58p17qJTuYpo40xUGdoV5448Yeb/bp5tdVkCEKxajMB5h1l3
+FC7bzmwtdNqH18UOK/M51HJy/ljLQJlj/cGZFnKbhf4v1mlifDwzg78HvBKtv6hZ
+Tsz8o8NA0eCxfBhmsTOvNk5WZsJaD1wt6c0W7eeaxkUm+KMDg7vuNdnXnG7QjJIh
+bVgXqORNg8ldA7kNkEnRwHMefsQ5mz3I7FQGNH0Og0WOaad0CTIw16ucK0/KngVI
+gALWBMANbnaqGIJglVNxAoIBAQD6XSBiT8rHLmhDEi+FjDm6K/U4o/gPdMvODgyz
+qxGrGBTthvx0dbgdWE2GzyoS7OT7lf0k8lpCL2gVnSWvyjcsXsMvAwKNgH8Lb/Hw
+CCrfrqQKPabYOE5c1+HVi8BGYLmmwKsywLxpjyYMig8RATdAVOCIIa7C77zNHWVQ
+bnp9fQsBEG9h31/YE9tg81VvjeYhOnGdCqvN2TshFCijZgW/ZZsW6YvZul+em9WZ
+jSbHhowNhvgawouhnJs9ThtZ2LRqAa1f3/IBzU+vzAxhpvsAz7atFepr8i9jd3Ii
+aZns1t03zK4Uv3I4SSAGmf8gqVqhmujW29iQw7cWxph7Wyw5AoIBAQDhkgTJ61el
+rpjF5q7dRI0eGec8euBQXkv1HtSqXYT/AlKkkCKeAmNk6WxQVhsTJ/YSlcSPqoYW
+VLoVYq8ulisEbUHxgnRXXjPK+lKrDRekEVTo6BFEBeF27A/B2nk9ZUBjCiAaCSb0
+RRHVQdtVaVJJJw33RHGKgnyqxBb9OOex5GSAGFvztQ+FWfezX6WDHHv+7ORKSEFu
+EqUqNIBYPJqmSZpDsCV0h238tmMtn94R4UPNfoa2lNKGJldwofcJI23I5rosXsXj
+ejifNtBS8/KSWE9nZ26zA0DS/YEakkKPtdDA5Km0HPxX2PdkMkjbukWVy2sGd0Yx
+nDXqEVq12Vh9AoIBAC1Lxf0jdIt+0Ow5kRF3YkZVh6M8vzeEqQ7ZqeCjtamfzMGA
+p5Imbi4Y+MXIG1ObOn5uD4OsuTm6O/mVGelpC3xilKufvsl9Ev8tvLbxs1gOz6zu
+pI3/+eWARWKOSzYwb8ZEm3SuPChY9shT/g/UiXuBH7Jhba3lE+KES/02T8D+a4xA
+vfYWJNACH7G1tKJfKOCgI0gHUzgF8lW0wPl3Dtkm9904Wc4FkyEuDoIecIKuzA3y
+elbVFdAidk+sHvStaU64iPaMnMtIqv8iSqcsP8NQ0TsVePkYswwq4yJouqmH4jQj
+OueUD4UxbbLkD62IFlagoTmmQtNGJYzgV1wSDbkCggEAEuf/OMFd/kgNDAFSxL77
+KPu40uvlozbUHP5xirn97LXQIXTnQeEnXYznBDDDYi6mRFaDPBtp07NUSXiVAE2b
+22og7dImWDBQHQIwLaASTDEbsc3JrK7lf+c3RuM96DR1Whe+KxB7UFv9q6cycA08
+1V7Nn9z/u0FGm7WFy8GaQeHHvqjMBDg3zdCFn2Yz5DJd/jbyx3sY6NXtPAVcgIjL
+2YYvxN6dtQ+o21aaJ3fP0CXWXgHt3p3Iq2/JQmqA3yY2DHGyRwfGhFN5LXcVrO4/
+dZ6rQRp9P8nVBBo1WPnLVGpDzfccdjk7uU05Jw/D5Y7OSEjddpRGsN/L8Qt1U+qc
+rQKCAQAaKqbkfnf7JtEpcynxYNwMpxzlGP24kK/POZMBzW9RpERlTtH5pWhlj7OJ
+WxSkL7FBq//Tpju9gW/lFeLJWPoEykrW8ETLznlkEHZM2LocNHNQeCJcyStGFgsg
+y2Iw2sEJt5I/cVu1LYFfTrD1Ho+gjIunLqOHR5KcFeiZm83QwUuEt4d0hH7S6ay2
+4hrmSy2J3sNsl7d6Q7lmN2Z1Q8XoJqds16UOzm6qw0KuYs8L60AdvG3nsoI1dTmC
+lFLd4QvIuDoN4rq4pB26efg2JmZtA5m/WpU2VJsHNiBFp29R6EWJdH37mhH0rIWw
+lVPNis5NWoqUCgec9+i8AD/sLAcV
+-----END PRIVATE KEY-----

script/self_signed/selfsigned.sh

@@ -0,0 +1,127 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+
+#/ Usage:       selfsigned.sh
+#/ Version:     1.0
+#/ Description: Script de génération automatique de certificat
+#/ Examples:
+#/   selfsigned.sh
+
+#/
+#/ Options:
+#/   -h|--help              : Display this help message
+#/   -g|--generate-rootca : regenerate root ca, if present clean it
+#/   -v|--verbose : verbose mode default: false
+
+
+
+
+function usage() { grep '^#/' "$0" | cut -c4- ; exit 0 ; }
+
+#######################################################
+## LOGGING FRAMEWORK
+readonly NORMAL="\\e[0m"
+readonly RED="\\e[1;31m"
+readonly BOLD="\\e[1m"
+readonly YELLOW="\\e[1;33m"
+readonly GREEN="\\e[32m"
+readonly DIM="\\e[2m"
+LOG_FILE="/tmp/$(basename "$0").log"; readonly LOG_FILE
+function log() {
+  ( flock -n 200
+    color="$1"; level="$2"; message="$3"
+    printf "${color}%-9s %s\\e[m\\n" "[${level}]" "$message" | tee -a "$LOG_FILE" >&2 
+  ) 200>"/var/lock/.$(basename "$0").log.lock"
+}
+function debug() { if [ "$verbose" = true ]; then log "$DIM"    "DEBUG  "   "$*"; fi }
+function info()  { log "$NORMAL" "INFO   " "$*"; }
+function important()  { log "$YELLOW" "IMPORTANT   " "$*"; }
+function warn()  { log "$YELLOW" "WARNING" "$*"; }
+function error() { log "$RED"    "ERROR  " "$*"; }
+function fatal() { log "$RED"    "FATAL  " "$*"; exit 1 ; }
+function source_defs {
+    resource=$1
+    if [ -f "$resource" ]; then
+        # shellcheck source=_functions.sh
+        # shellcheck disable=SC1091
+        source "$resource"
+    else
+        # shellcheck source=_functions.sh
+        # shellcheck disable=SC1091
+        source "${0%/*}/.irun-resources/$resource"
+    fi
+}
+
+#######################################################
+
+function cleanup() {
+    # Remove temporary files
+    # Restart services
+    # ...
+    return
+}
+
+function check_prerequisites() {
+    if ! command -v openssl > /dev/null; then
+        echo "Missing openssl: install it "
+        return
+    fi
+}
+
+function cleaning_files() {
+  local files; files="$1"
+  if [[ -f "${files}" ]]; then
+    debug "${files} exists."
+    info "cleaning..${files}"
+    rm -f "${files}"
+  else
+    info "${files} doesn't exist no need clean"
+  fi
+}
+
+if [[ "${BASH_SOURCE[0]}" = "$0" ]]; then
+    trap cleanup EXIT
+
+    # Parse command line arguments
+    # All entry parameters quand be used globally
+    POSITIONAL=()
+    verbose=false
+    generate_root_ca=false
+    while [[ $# -gt 0 ]]; do
+        key="$1"
+        case $key in
+            -h|--help)
+            usage
+            ;;
+            -v|--verbose)
+            declare -r verbose=true
+            shift
+            ;;
+            -g|--generate-rootca)
+            declare -r generate_root_ca=true
+            shift
+            ;;
+            *)    # unknown option
+            POSITIONAL+=("$1") # save it in an array for later
+            shift # past argument
+            ;;
+        esac
+    done
+    set -- "${POSITIONAL[@]}" # restore positional parameters
+
+    source_defs conf/_conf.sh
+    check_prerequisites
+    if [ "${generate_root_ca}" = "true" ]; then
+      cleaning_files "${ROOT_CA_KEY}"
+      cleaning_files "${ROOT_CA_CRT}"
+      openssl genrsa -out "${ROOT_CA_KEY}" 4096
+      openssl req -x509 -new -nodes -key "${ROOT_CA_KEY}" -sha256 -days 1024 -out "${ROOT_CA_CRT}"
+      openssl genrsa -out "${LOCAL_KEY}"
+    fi
+    openssl genrsa -out "${LOCAL_KEY}"
+    openssl req -config "${CERTIFICATE_PATH}/local.cnf" -new -key "${LOCAL_KEY}" -out "${LOCAL_CSR}"
+    openssl x509 -req -in "${LOCAL_CSR}" \
+    -CA "${ROOT_CA_CRT}" -CAkey "${ROOT_CA_KEY}" -CAcreateserial \
+    -out "${LOCAL_CRT}" -extfile "${CERTIFICATE_PATH}/local.fr.v3.ext" -days 365 -sha256
+fi