97 lines
2.5 KiB
Bash
Executable file
97 lines
2.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# This is for setting up cryptographic certificates for a development environment
|
|
set -e
|
|
|
|
DOMAIN=localhost
|
|
[ ! -z "$1" ] && DOMAIN=$1
|
|
|
|
SERVER_DIR="$(cd "$(dirname "$0")/.." && pwd)"
|
|
|
|
CONFIG_DIR=$SERVER_DIR/.lamassu
|
|
LOG_FILE=/tmp/cert-gen.log
|
|
CERT_DIR=$SERVER_DIR/certs
|
|
KEY_DIR=$SERVER_DIR/certs
|
|
LAMASSU_CA_PATH=$SERVER_DIR/Lamassu_CA.pem
|
|
POSTGRES_PASS=postgres123
|
|
OFAC_DATA_DIR=$CONFIG_DIR/ofac
|
|
IDPHOTOCARD_DIR=$CONFIG_DIR/idphotocard
|
|
FRONTCAMERA_DIR=$CONFIG_DIR/frontcamera
|
|
OPERATOR_DIR=$CONFIG_DIR/operatordata
|
|
|
|
mkdir -p $CERT_DIR
|
|
mkdir -p $CONFIG_DIR >> $LOG_FILE 2>&1
|
|
|
|
echo "Generating mnemonic..."
|
|
MNEMONIC_DIR=$CONFIG_DIR/mnemonics
|
|
MNEMONIC_FILE=$MNEMONIC_DIR/mnemonic.txt
|
|
mkdir -p $MNEMONIC_DIR >> $LOG_FILE 2>&1
|
|
SEED=$(openssl rand -hex 32)
|
|
MNEMONIC=$($SERVER_DIR/bin/bip39 $SEED)
|
|
echo "$MNEMONIC" > $MNEMONIC_FILE
|
|
|
|
echo "Generating SSL certificates..."
|
|
|
|
CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
|
|
CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
|
|
SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
|
|
SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
|
|
red=`tput setaf 1`
|
|
reset=`tput sgr0`
|
|
OPENSSL_ERROR_HINT="Make sure that you have installed openssl 1.0 version"
|
|
|
|
print_error () {
|
|
echo "${red}Error: ${reset} $1"
|
|
echo $2 # hint
|
|
}
|
|
|
|
{
|
|
openssl genrsa \
|
|
-out $CA_KEY_PATH \
|
|
4096 >> $LOG_FILE 2>&1
|
|
} || { print_error "openssl genrsa to CA_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
|
|
|
|
{
|
|
openssl req \
|
|
-x509 \
|
|
-sha256 \
|
|
-new \
|
|
-nodes \
|
|
-key $CA_KEY_PATH \
|
|
-days 3560 \
|
|
-out $CA_PATH \
|
|
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
|
|
>> $LOG_FILE 2>&1
|
|
} || { print_error "openssl req with CA_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
|
|
|
|
{
|
|
openssl genrsa \
|
|
-out $SERVER_KEY_PATH \
|
|
4096 >> $LOG_FILE 2>&1
|
|
} || { print_error "openssl genrsa SERVER_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
|
|
|
|
{
|
|
openssl req -new \
|
|
-key $SERVER_KEY_PATH \
|
|
-out /tmp/Lamassu_OP.csr.pem \
|
|
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$DOMAIN" \
|
|
>> $LOG_FILE 2>&1
|
|
} || { print_error "openssl req with SERVER_KEY_PATH failed" "$OPENSSL_ERROR_HINT"; exit 1; }
|
|
|
|
{
|
|
openssl x509 \
|
|
-req -in /tmp/Lamassu_OP.csr.pem \
|
|
-CA $CA_PATH \
|
|
-CAkey $CA_KEY_PATH \
|
|
-CAcreateserial \
|
|
-out $SERVER_CERT_PATH \
|
|
-days 3650 >> $LOG_FILE 2>&1
|
|
} || { print_error "openssl x509 failed" "$OPENSSL_ERROR_HINT"; exit 1; }
|
|
|
|
rm /tmp/Lamassu_OP.csr.pem
|
|
|
|
mkdir -p $OFAC_DATA_DIR/sources
|
|
touch $OFAC_DATA_DIR/etags.json
|
|
|
|
(cd $SERVER_DIR && node tools/build-dev-env.js)
|
|
|
|
echo "Done."
|