openpkg-packages/verdaccio/verdaccio-tls.sh

#!@l_bash@
##
##  verdaccio-tls -- Verdaccio TLS certificate/key generation
##

cd @l_prefix@/etc/verdaccio || exit $?

#   generate CA certificate/key pair
if [ ! -f ca.crt ]; then
    (   echo "{"
        echo "    \"key\": {"
        echo "        \"algo\": \"rsa\","
        echo "        \"size\": 4096"
        echo "    },"
        echo "    \"ca\": {"
        echo "        \"expiry\": \"87600h\","
        echo "        \"pathlen\": 1"
        echo "    },"
        echo "    \"CN\": \"CA\","
        echo "    \"names\": ["
        echo "        {"
        echo "            \"OU\": \"Certificate Authority\""
        echo "        }"
        echo "    ]"
        echo "}"
    ) | \
    @l_prefix@/bin/cfssl genkey -loglevel=4 -initca - | \
    @l_prefix@/bin/cfssl-json -bare ca
    rm -f ca.csr
    chmod 600 ca.key
    chmod 644 ca.crt
    chown @l_rusr@:@l_rgrp@ ca.crt
    chown @l_rusr@:@l_rgrp@ ca.key
    (   echo "{"
        echo "    \"signing\": {"
        echo "        \"profiles\": {"
        echo "            \"peer\": {"
        echo "                \"expiry\": \"87600h\","
        echo "                \"usages\": ["
        echo "                    \"signing\","
        echo "                    \"key encipherment\","
        echo "                    \"server auth\","
        echo "                    \"client auth\""
        echo "                ]"
        echo "            }"
        echo "        }"
        echo "    }"
        echo "}"
    ) >ca.json
    chmod 644 ca.json
    chown @l_rusr@:@l_rgrp@ ca.json
fi

#   generate server certificate/key pair
(   echo "{"
    echo "    \"key\": {"
    echo "        \"algo\": \"rsa\","
    echo "        \"size\": 4096"
    echo "    },"
    echo "    \"CN\": \"$1\","
    echo "    \"hosts\": ["
    i=0
    for host in "$@"; do
        echo -n "        \"$host\""
        i=`expr $i + 1`
        if [ $i -lt $# ]; then
            echo -n ","
        fi
        echo ""
    done
    echo "    ]"
    echo "}"
) | \
@l_prefix@/bin/cfssl gencert -loglevel=4 -ca ca.crt -ca-key ca.key -config ca.json -profile=peer - | \
@l_prefix@/bin/cfssl-json -bare server
rm -f server.csr
chmod 600 server.key
chmod 644 server.crt
chown @l_rusr@:@l_rgrp@ server.crt
chown @l_rusr@:@l_rgrp@ server.key