Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
lusa
/
gd32450i-eval
1
0
Çatalla 0
Dosyalar Sorunlar 0 Değişiklik İstekleri 0 Wiki
Dal: master
Dallar Biçim İmleri
gd32450i-eval
/
app
/
goahead-5.1.0
/
paks
/
certs
/
certs.me

certs.me 6.3 KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. /*
    2. 

  2.     certs.me -- Test certificate generation
    3. 

  3.  
    4. 

  4.     This file provides targets to generate SSL test certificates using OpenSSL.
    5. 

  5.     WARNING: All these certificates are for internal use only.
    6. 

  6. 

  7.     To generate a certificate request to send to a certificate authority like Verisign, do:
    8. 

  8.     This will create a certificate request file in "server.csr" and a private key in "server.key"
    9. 

  9. 

  10.         me cert-request
    11. 

  11.  
    12. 

  12.     To use appweb with HTTP, you need a server certificate. 
    13. 

  13.     This command will generate a self-signed test certificate called "self.crt" with a private key "self.key".
    14. 

  14.  
    15. 

  15.         me self-signed-cert
    16. 

  16.  
    17. 

  17.     To create a CA and then a server cert based on this CA.
    18. 

  18.     This command will generate a CA certificate in ca.crt with a CA private key in ca.key. The last minted certificate
    19. 

  19.     serial number is in ca.srl.
    20. 

  20.  
    21. 

  21.         me ca-cert
    22. 

  22. 

  23.     To generate a certificate signed by the test CA.
    24. 

  24.     This will generate a certificate in "test.crt" with a private key in "test.key".
    25. 

  25. 

  26.         me test-cert
    27. 

  27. 

  28.     To generate an Elliptic Curve certificate signed by the test CA.
    29. 

  29.     This will generate a certificate in "ec.crt" with a private key in "ec.key".
    30. 

  30. 

  31.         me ec-cert
    32. 

  32. 

  33.     For all cert targets:
    34. 

  34. 

  35.         me generate-certs
    36. 

  36.  */
    37. 

  37. 

  38. Me.load({
    39. 

  39.     settings: {
    40. 

  40.         certs: {
    41. 

  41.             days: 3650,
    42. 

  42.             bits: 2048,
    43. 

  43.             gendh: false,
    44. 

  44.         }
    45. 

  45.     },
    46. 

  46.     mixin: `
    47. 

  47.         function ossl(command, input) {
    48. 

  48.             trace('Run', 'openssl ' + command)
    49. 

  49.             let cmd = Cmd()
    50. 

  50.             cmd.env = {BIN: me.dir.bin}
    51. 

  51.             let result = cmd.start('openssl ' + command, {detach: true})
    52. 

  52.             if (input) {
    53. 

  53.                 cmd.write(Path(input).readString())
    54. 

  54.             }
    55. 

  55.             cmd.finalize()
    56. 

  56.             cmd.wait()
    57. 

  57.             if (cmd.status != 0) {
    58. 

  58.                 throw new IOError('Command failed, status ' + cmd.status + '\n' + cmd.error)
    59. 

  59.             }
    60. 

  60.             return cmd.response
    61. 

  61.         }
    62. 

  62.     `,
    63. 

  63.     targets: {
    64. 

  64.         'install-certs': {
    65. 

  65.             type: 'file',
    66. 

  66.             path: '${BIN}/',
    67. 

  67.             files: [ 'samples/**' ],
    68. 

  68.         },
    69. 

  69. 

  70.         'generate-certs': {
    71. 

  71.             depends: [ 'ca-cert', 'self-signed-cert', 'test-cert', 'ec-cert' ],
    72. 

  72.         },
    73. 

  73. 

  74.         'generate-samples': {
    75. 

  75.             depends: [ 'generate-certs', 'get-roots' ]
    76. 

  76.             action: `
    77. 

  77.                 for each (f in Path('samples').files('**')) {
    78. 

  78.                     trace('Generate', f)
    79. 

  79.                     f.remove()
    80. 

  80.                     Path(f.basename).rename(f)
    81. 

  81.                 }
    82. 

  82.                 rm(['*.old', '*.csr', 'ca.db', 'ca.db.attr', '*.pem'])
    83. 

  83.             `
    84. 

  84.         },
    85. 

  85. 

  86.         'get-roots': {
    87. 

  87.             action: `
    88. 

  88.                 let http = Http()
    89. 

  89.                 http.verify = false
    90. 

  90.                 // http.get('https://pki.google.com/roots.pem')
    91. 

  91.                 http.get('https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt')
    92. 

  92.                 let dest = Path('${BIN}/roots.crt')
    93. 

  93.                 trace('Create', dest)
    94. 

  94.                 dest.write(http.response)
    95. 

  95.             `
    96. 

  96.         },
    97. 

  97. 

  98.         /*
    99. 

  99.             WARNING: Self-signed server certificate for testing ONLY.
    100. 

  100.             Use a self-signed certificate when you just want quick and dirty testing.
    101. 

  101.             The browser will say it doesn't recognize this certificate, but that is ok for testing only.
    102. 

  102.             Creates a private key in self.key.
    103. 

  103. 

  104.             See: http://www.sslshopper.com/article-most-common-openssl-commands.html
    105. 

  105.          */
    106. 

  106.         'self-signed-cert': {
    107. 

  107.             message: 'Make: Self-signed Certificate: self.crt',
    108. 

  108.             action: `
    109. 

  109.                 ossl('genrsa -out ${BIN}/self.key ${settings.certs.bits}')
    110. 

  110.                 ossl('req -new -x509 -days ${settings.certs.days} -key ${BIN}/self.key -out ${BIN}/self.crt', 'self.ans')
    111. 

  111.             `,
    112. 

  112.         },
    113. 

  113. 

  114.         /*
    115. 

  115.              Setup a test certificate authority. Use this if you will be generating multiple certificates for clients and 
    116. 

  116.              servers.  NOTE: this is only for test. The certificate authority is not a real entity!
    117. 

  117.          */
    118. 

  118.         'ca-cert': {
    119. 

  119.             message: 'Make: CA Certificate: ca.crt',
    120. 

  120.             action: `
    121. 

  121.                 ossl('genrsa -out ${BIN}/ca.key ${settings.certs.bits}')
    122. 

  122.                 ossl('req -config openssl.conf -new -x509 -days ${settings.certs.days} -key ${BIN}/ca.key -out ${BIN}/ca.crt -extensions caExtensions')
    123. 

  123.                 me.dir.bin.join('ca.srl').write('9999991000\n')
    124. 

  124.                 me.dir.bin.join('ca.db').write('')
    125. 

  125.             `,
    126. 

  126.         },
    127. 

  127. 

  128.         /*
    129. 

  129.             Test cert signed by the test CA above. This is used for test as the server cert and on the client side
    130. 

  130.             when validating client certs.
    131. 

  131.          */
    132. 

  132.         'test-cert': {
    133. 

  133.             message: 'Make: Test Certificate: test.crt',
    134. 

  134.             action: `
    135. 

  135.                 ossl('genrsa -out ${BIN}/test.key ${settings.certs.bits}')
    136. 

  136.                 ossl('req -new -key ${BIN}/test.key -out ${BIN}/test.csr', 'test.ans')
    137. 

  137.                 ossl('ca -batch -config openssl.conf -notext -in ${BIN}/test.csr -out ${BIN}/test.crt -extensions server')
    138. 

  138.             `,
    139. 

  139.         },
    140. 

  140. 

  141.         'ec-cert': {
    142. 

  142.             message: 'Make: EC Test Certificate: ec.crt',
    143. 

  143.             action: `
    144. 

  144.                 ossl('ecparam -genkey -name prime256v1 -out ${BIN}/ec.key')
    145. 

  145.                 ossl('req -new -key ${BIN}/ec.key -out ${BIN}/ec.csr', 'ec.ans')
    146. 

  146.                 ossl('req -x509 -days 365 -key ${BIN}/ec.key -in ${BIN}/ec.csr -out ${BIN}/ec.crt')
    147. 

  147.             `
    148. 

  148.         },
    149. 

  149. 

  150.         'dhparams': {
    151. 

  151.             message: 'Generate: Local DH parameters for OpenSSL ... may take a few minutes',
    152. 

  152.             action: `
    153. 

  153.                 me.dir.bin.join('dh.c').write(Cmd.run('openssl dhparam -C ${settings.certs.bits} -out ${BIN}/dh.pem') + '\n')
    154. 

  154.             `
    155. 

  155.         }
    156. 

  156. 

  157.         /*
    158. 

  158.             Generate a certificate request to send to a certificate authority like Verisign
    159. 

  159.             Generates a server key in "server.key"
    160. 

  160.          */
    161. 

  161.         'cert-request': {
    162. 

  162.             action: `
    163. 

  163.                 ossl('genrsa -out ${BIN}/server.key ${settings.certs.bits}')
    164. 

  164.                 ossl('req -new -key ${BIN}/server.key -out ${BIN}/server.csr', 'test.ans')
    165. 

  165.             `,
    166. 

  166.         },
    167. 

  167. 

  168.         'show-certs': {
    169. 

  169.             action: `
    170. 

  170.                 print(ossl('x509 -in ${BIN}/ca.crt -noout -text'))
    171. 

  171.                 print(ossl('x509 -in ${BIN}/test.crt -noout -text'))
    172. 

  172.                 print(ossl('x509 -in ${BIN}/self.crt -noout -text'))
    173. 

  173.             `
    174. 

  174.         }
    175. 

  175.     }
    176. 

  176. })
    177.