github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
6ffb0183e3775615d67eba1146108c0543973381
zot/test/scripts/gen_certs.sh
T
Evan d465690630 [feat]: add support for EC/ED25519 public keys for token authentication (#2998) 
* feat: rework token auth to allow ED25519/EC public keys

Signed-off-by: evanebb <git@evanus.nl>

* fix: shadow err variable to hopefully avoid data race

Signed-off-by: evanebb <git@evanus.nl>

* fix: apply golangci-lint feedback

Signed-off-by: evanebb <git@evanus.nl>

* fix: simplify public key loading by only supporting certificates, fixes ED25519 certificate handling

Signed-off-by: evanebb <git@evanus.nl>

* test: add golang-jwt based test auth server and test RSA/EC/ED25519 keys

Signed-off-by: evanebb <git@evanus.nl>

* fix: restrict allowed signing algorithms as recommended by library

Signed-off-by: evanebb <git@evanus.nl>

* test: add more bearer authorizer tests

Signed-off-by: evanebb <git@evanus.nl>

* fix: apply more golangci-lint feedback

Signed-off-by: evanebb <git@evanus.nl>

* test: ensure chmod calls run on test failure for authn errors test

Signed-off-by: evanebb <git@evanus.nl>

* fix: verify issued-at in given token if present
Pulls the validation in-line with the old library

Signed-off-by: evanebb <git@evanus.nl>

---------

Signed-off-by: evanebb <git@evanus.nl>
2025-03-06 14:32:13 -08:00

124 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -xe
# RSA
openssl req \
-newkey rsa:2048 \
-nodes \
-days 3650 \
-x509 \
-keyout ca.key \
-out ca.crt \
-subj "/CN=*"
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout server.key \
-out server.csr \
-subj "/OU=TestServer/CN=*"
openssl x509 \
-req \
-days 3650 \
-sha256 \
-in server.csr \
-CA ca.crt \
-CAkey ca.key \
-CAcreateserial \
-out server.cert \
-extfile <(echo subjectAltName = IP:127.0.0.1)
openssl req \
-newkey rsa:2048 \
-nodes \
-keyout client.key \
-out client.csr \
-subj "/OU=TestClient/CN=*"
openssl x509 \
-req \
-days 3650 \
-sha256 \
-in client.csr \
-CA ca.crt \
-CAkey ca.key \
-CAcreateserial \
-out client.cert
# ECDSA
openssl ecparam \
-name prime256v1 \
-genkey \
-noout \
-out ca-ecdsa.key
openssl req \
-new \
-key ca-ecdsa.key \
-nodes \
-days 3650 \
-x509 \
-out ca-ecdsa.crt \
-subj "/CN=*"
openssl ecparam \
-name prime256v1 \
-genkey \
-noout \
-out server-ecdsa.key
openssl req \
-new \
-key server-ecdsa.key \
-nodes \
-out server-ecdsa.csr \
-subj "/OU=TestServer/CN=*"
openssl x509 \
-req \
-days 3650 \
-sha256 \
-in server-ecdsa.csr \
-CA ca-ecdsa.crt \
-CAkey ca-ecdsa.key \
-CAcreateserial \
-out server-ecdsa.cert \
-extfile <(echo subjectAltName = IP:127.0.0.1)
# ED25519
openssl genpkey \
-algorithm ed25519 \
-out ca-ed25519.key
openssl req \
-new \
-key ca-ed25519.key \
-nodes \
-days 3650 \
-x509 \
-out ca-ed25519.crt \
-subj "/CN=*"
openssl genpkey \
-algorithm ed25519 \
-out server-ed25519.key
openssl req \
-new \
-key server-ed25519.key \
-nodes \
-out server-ed25519.csr \
-subj "/OU=TestServer/CN=*"
openssl x509 \
-req \
-days 3650 \
-in server-ed25519.csr \
-CA ca-ed25519.crt \
-CAkey ca-ed25519.key \
-CAcreateserial \
-out server-ed25519.cert \
-extfile <(echo subjectAltName = IP:127.0.0.1)
Reference in New Issue View Git Blame Copy Permalink