From bd80d1213fcfd6c0d17044fd46d3f6be09a10bf0 Mon Sep 17 00:00:00 2001
From: oscar <oscarzhou0727@icloud.com>
Date: Thu, 11 Aug 2022 15:56:25 +1200
Subject: [PATCH] feat(certgen/tls): add the script to generate custom tls
 certificate in an easier way

---
 .gitignore                                 |  2 +
 custom_tls_cert_gen/generate-custom-tls.sh | 60 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 mode change 100644 => 100755 .gitignore
 create mode 100755 custom_tls_cert_gen/generate-custom-tls.sh

diff --git a/.gitignore b/.gitignore
old mode 100644
new mode 100755
index 82a033c..aedf62e
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 /node_modules
+/output
+/custom_tls_cert_gen/output
 
 yarn.lock
\ No newline at end of file
diff --git a/custom_tls_cert_gen/generate-custom-tls.sh b/custom_tls_cert_gen/generate-custom-tls.sh
new file mode 100755
index 0000000..787524b
--- /dev/null
+++ b/custom_tls_cert_gen/generate-custom-tls.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -eu
+
+read -p "Specify the output path: " OUTPUT_PATH
+
+if [ -z "$OUTPUT_PATH" ]; then
+  OUTPUT_PATH="$(pwd)/output"
+
+  if [[ ! -e "$OUTPUT_PATH" ]]; then 
+    mkdir "$OUTPUT_PATH"
+  fi 
+fi
+
+if [[ ! -e "$OUTPUT_PATH" ]]; then 
+  printf "$OUTPUT_PATH doesn't exist" 
+  exit;
+fi
+
+read -p "Specify the path where the cfssl and cfssljson are placed: " TOOL_PATH
+
+CFSSLEXE=${TOOL_PATH}/cfssl
+CFSSLJSONEXE=${TOOL_PATH}/cfssljson
+
+echo ${CFSSLEXE}
+if [ ! -e "$CFSSLEXE" ]; then
+    printf "no cfssl found"
+    exit;
+fi
+
+if [ ! -e "$CFSSLJSONEXE" ]; then
+    printf "no cfssljson found"
+    exit;
+fi
+
+
+cd $OUTPUT_PATH
+
+${CFSSLEXE} print-defaults csr | ${CFSSLEXE} gencert -initca - | ${CFSSLJSONEXE} -bare ldap-ca 
+
+CONFIG_CFSSL_JSON=${OUTPUT_PATH}/cfssl.json
+
+cat <<EOF >> ${CONFIG_CFSSL_JSON}
+{
+  "signing": {
+    "default": {
+      "expiry": "87600h",
+      "usages": ["signing", "key encipherment", "server auth"]
+    }
+  }
+}
+
+EOF
+
+read -p "Give a name to the certificate: " CERT_NAME
+
+read -p "Input the hostname(example.org,127.0.0.1): " CERT_HOSTNAME
+
+echo '{}' | ${CFSSLEXE} gencert -ca=ldap-ca.pem -ca-key=ldap-ca-key.pem -config=${CONFIG_CFSSL_JSON} \
+    -hostname="${CERT_HOSTNAME}" - | ${CFSSLJSONEXE} -bare ${CERT_NAME}
\ No newline at end of file