chore: relocate cert-gen script

2021-06-21 20:00:22 +01:00 · 2021-06-21 20:00:22 +01:00 · ae3aaa8258
commit ae3aaa8258
parent 75e8bf0b15
3 changed files with 2 additions and 2 deletions
--- a/tools/cert-gen.sh
+++ b/tools/cert-gen.sh
@ -0,0 +1,122 @@
+#!/usr/bin/env bash
+# This is for setting up cryptographic certificates for a development environment
+set -e
+
+DOMAIN=localhost
+[ ! -z "$1" ] && DOMAIN=$1
+
+CONFIG_DIR=$HOME/.lamassu
+LOG_FILE=/tmp/cert-gen.log
+CERT_DIR=$PWD/certs
+KEY_DIR=$PWD/certs
+LAMASSU_CA_PATH=$PWD/Lamassu_CA.pem
+MIGRATE_STATE_PATH=$CONFIG_DIR/.migrate
+POSTGRES_PASS=postgres123
+OFAC_DATA_DIR=$CONFIG_DIR/ofac
+IDPHOTOCARD_DIR=$CONFIG_DIR/idphotocard
+FRONTCAMERA_DIR=$CONFIG_DIR/frontcamera
+OPERATOR_DIR=$CONFIG_DIR/operatordata
+
+mkdir -p $CERT_DIR
+mkdir -p $CONFIG_DIR >> $LOG_FILE 2>&1
+
+echo "Generating mnemonic..."
+MNEMONIC_DIR=$CONFIG_DIR/mnemonics
+MNEMONIC_FILE=$MNEMONIC_DIR/mnemonic.txt
+mkdir -p $MNEMONIC_DIR >> $LOG_FILE 2>&1
+SEED=$(openssl rand -hex 32)
+MNEMONIC=$($PWD/bin/bip39 $SEED)
+echo "$MNEMONIC" > $MNEMONIC_FILE
+
+echo "Generating SSL certificates..."
+
+CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
+CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
+SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
+SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
+red=`tput setaf 1`
+reset=`tput sgr0`
+OPENSSL_ERROR_HINT="Make sure that you have installed openssl 1.0 version"
+
+print_error () {
+  echo "${red}Error: ${reset} $1"
+  echo $2 # hint
+}
+
+{
+  openssl genrsa \
+    -out $CA_KEY_PATH \
+    4096 >> $LOG_FILE 2>&1
+} || { print_error "openssl genrsa to CA_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
+
+{
+  openssl req \
+    -x509 \
+    -sha256 \
+    -new \
+    -nodes \
+    -key $CA_KEY_PATH \
+    -days 3560 \
+    -out $CA_PATH \
+    -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
+    >> $LOG_FILE 2>&1
+} || { print_error "openssl req with CA_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
+
+{
+  openssl genrsa \
+    -out $SERVER_KEY_PATH \
+    4096 >> $LOG_FILE 2>&1
+} || { print_error "openssl genrsa SERVER_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
+
+{
+  openssl req -new \
+    -key $SERVER_KEY_PATH \
+    -out /tmp/Lamassu_OP.csr.pem \
+    -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$DOMAIN" \
+    >> $LOG_FILE 2>&1
+} || { print_error "openssl req with SERVER_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
+
+{
+  openssl x509 \
+    -req -in /tmp/Lamassu_OP.csr.pem \
+    -CA $CA_PATH \
+    -CAkey $CA_KEY_PATH \
+    -CAcreateserial \
+    -out $SERVER_CERT_PATH \
+    -days 3650 >> $LOG_FILE 2>&1
+} || { print_error "openssl x509 failed" "$OPENSSL_ERROR_HINT"; exit 1; }
+
+rm /tmp/Lamassu_OP.csr.pem
+
+mkdir -p $OFAC_DATA_DIR/sources
+touch $OFAC_DATA_DIR/etags.json
+
+cat <<EOF > $CONFIG_DIR/lamassu.json
+{
+  "postgresql": "psql://postgres:$POSTGRES_PASS@localhost/lamassu",
+  "mnemonicPath": "$MNEMONIC_FILE",
+  "caPath": "$CA_PATH",
+  "certPath": "$SERVER_CERT_PATH",
+  "keyPath": "$SERVER_KEY_PATH",
+  "hostname": "$DOMAIN",
+  "logLevel": "debug",
+  "lamassuCaPath": "$LAMASSU_CA_PATH",
+  "migrateStatePath": "$MIGRATE_STATE_PATH",
+  "ofacDataDir": "$OFAC_DATA_DIR",
+  "ofacSources": [
+    {
+      "name": "sdn_advanced",
+      "url": "https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml"
+    },
+    {
+      "name": "cons_advanced",
+      "url": "https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml"
+    }
+  ],
+  "idPhotoCardDir": "$IDPHOTOCARD_DIR",
+  "frontCameraDir": "$FRONTCAMERA_DIR",
+  "operatorDataDir": "$OPERATOR_DIR"
+}
+EOF
+
+echo "Done."