mirror of
https://github.com/genuinetools/reg.git
synced 2024-09-28 11:46:20 -04:00
cleanup
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
This commit is contained in:
parent
74ab433f76
commit
d69fce34a7
5 changed files with 1 additions and 291 deletions
|
@ -1,85 +0,0 @@
|
|||
HOME = /etc/docker/ssl
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
####################################################################
|
||||
[ ca ]
|
||||
default_ca = CA_default # The default ca section
|
||||
|
||||
[ CA_default ]
|
||||
|
||||
default_days = 365 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha256 # use public key default MD
|
||||
preserve = no # keep passed DN ordering
|
||||
|
||||
x509_extensions = ca_extensions # The extensions to add to the cert
|
||||
|
||||
email_in_dn = no # Don't concat the email in the DN
|
||||
copy_extensions = copy # Required to copy SANs from CSR to cert
|
||||
|
||||
base_dir = /etc/docker/ssl
|
||||
certificate = $base_dir/ca.pem # The CA certifcate
|
||||
private_key = $base_dir/cakey.pem # The CA private key
|
||||
new_certs_dir = $base_dir # Location for new certs after signing
|
||||
database = $base_dir/index.txt # Database index file
|
||||
serial = $base_dir/serial.txt # The current serial number
|
||||
|
||||
unique_subject = no # Set to 'no' to allow creation of
|
||||
# several certificates with same subject.
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 4096
|
||||
default_keyfile = $HOME/cakey.pem
|
||||
distinguished_name = ca_distinguished_name
|
||||
x509_extensions = ca_extensions
|
||||
string_mask = utf8only
|
||||
|
||||
####################################################################
|
||||
[ ca_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = US
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = New York
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = New York City
|
||||
|
||||
organizationName = Organization Name (eg, company)
|
||||
organizationName_default = Contained.AF
|
||||
|
||||
organizationalUnitName = Organizational Unit (eg, division)
|
||||
organizationalUnitName_default = Tupperware Hackers
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_default = Contained.AF CA
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = no-reply@contained.af
|
||||
|
||||
####################################################################
|
||||
[ ca_extensions ]
|
||||
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid:always, issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = keyCertSign, cRLSign
|
||||
|
||||
####################################################################
|
||||
[ signing_policy ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
[ signing_req ]
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid,issuer
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment
|
|
@ -1,49 +0,0 @@
|
|||
HOME = /etc/docker/ssl
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = $HOME/client.key
|
||||
distinguished_name = server_distinguished_name
|
||||
req_extensions = server_req_extensions
|
||||
string_mask = utf8only
|
||||
|
||||
####################################################################
|
||||
[ server_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = US
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = New York
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = New York City
|
||||
|
||||
organizationName = Organization Name (eg, company)
|
||||
organizationName_default = Contained.AF
|
||||
|
||||
organizationalUnitName = Organizational Unit (eg, division)
|
||||
organizationalUnitName_default = Tupperware Hackers
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_default = Contained.AF CA
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = no-reply@contained.af
|
||||
|
||||
####################################################################
|
||||
[ server_req_extensions ]
|
||||
|
||||
subjectKeyIdentifier = hash
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth
|
||||
subjectAltName = @alternate_names
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
####################################################################
|
||||
[ alternate_names ]
|
||||
|
||||
DNS.1 = localhost
|
||||
IP.1 = 127.0.0.1
|
|
@ -1,48 +0,0 @@
|
|||
HOME = /etc/docker/ssl
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
|
||||
####################################################################
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = $HOME/key.pem
|
||||
distinguished_name = server_distinguished_name
|
||||
req_extensions = server_req_extensions
|
||||
string_mask = utf8only
|
||||
|
||||
####################################################################
|
||||
[ server_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = US
|
||||
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
stateOrProvinceName_default = New York
|
||||
|
||||
localityName = Locality Name (eg, city)
|
||||
localityName_default = New York City
|
||||
|
||||
organizationName = Organization Name (eg, company)
|
||||
organizationName_default = Contained.AF
|
||||
|
||||
organizationalUnitName = Organizational Unit (eg, division)
|
||||
organizationalUnitName_default = Tupperware Hackers
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_default = Contained.AF CA
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_default = no-reply@contained.af
|
||||
|
||||
####################################################################
|
||||
[ server_req_extensions ]
|
||||
|
||||
subjectKeyIdentifier = hash
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @alternate_names
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
|
||||
####################################################################
|
||||
[ alternate_names ]
|
||||
|
||||
DNS.1 = localhost
|
||||
IP.1 = 127.0.0.1
|
|
@ -1,65 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
CONFIGS_DIR=/etc/docker/daemon/config
|
||||
CERT_DIR=/etc/docker/ssl
|
||||
|
||||
CERT_SUBJ="/C=US/ST=New York/L=New York City/O=Contained.AF/CN=Contained.AF CA"
|
||||
|
||||
if [ ! -f "${CERT_DIR}/ca.pem" ]; then
|
||||
mkdir -p "${CERT_DIR}"
|
||||
|
||||
# create the root CA
|
||||
openssl req -x509 \
|
||||
-config "${CONFIGS_DIR}/openssl-ca.cnf" \
|
||||
-newkey rsa:4096 -sha256 \
|
||||
-subj "${CERT_SUBJ}" \
|
||||
-nodes -out "${CERT_DIR}/ca.pem" -outform PEM
|
||||
|
||||
openssl x509 -noout -text -in "${CERT_DIR}/ca.pem"
|
||||
|
||||
# create the server certificate signing request
|
||||
openssl req \
|
||||
-config "${CONFIGS_DIR}/openssl-server.cnf" \
|
||||
-newkey rsa:2048 -sha256 \
|
||||
-subj "/CN=localhost" \
|
||||
-nodes -out "${CERT_DIR}/server.csr" -outform PEM
|
||||
openssl req -text -noout -verify -in "${CERT_DIR}/server.csr"
|
||||
|
||||
touch "${CERT_DIR}/index.txt"
|
||||
echo 01 > "${CERT_DIR}/serial.txt"
|
||||
|
||||
# create the server cert
|
||||
openssl ca -batch \
|
||||
-config "${CONFIGS_DIR}/openssl-ca.cnf" \
|
||||
-policy signing_policy -extensions signing_req \
|
||||
-out "${CERT_DIR}/cert.pem" -infiles "${CERT_DIR}/server.csr"
|
||||
|
||||
openssl x509 -noout -text -in "${CERT_DIR}/cert.pem"
|
||||
|
||||
# create the client certificate signing request
|
||||
openssl req \
|
||||
-config "${CONFIGS_DIR}/openssl-client.cnf" \
|
||||
-newkey rsa:2048 -sha256 \
|
||||
-subj "/CN=client" \
|
||||
-nodes -out "${CERT_DIR}/client.csr" -outform PEM
|
||||
openssl req -text -noout -verify -in "${CERT_DIR}/client.csr"
|
||||
|
||||
touch "${CERT_DIR}/index.txt"
|
||||
echo 02 > "${CERT_DIR}/serial.txt"
|
||||
|
||||
# create the client cert
|
||||
openssl ca -batch \
|
||||
-config "${CONFIGS_DIR}/openssl-ca.cnf" \
|
||||
-policy signing_policy -extensions signing_req \
|
||||
-out "${CERT_DIR}/client.cert" -infiles "${CERT_DIR}/client.csr"
|
||||
|
||||
openssl x509 -noout -text -in "${CERT_DIR}/client.cert"
|
||||
|
||||
|
||||
# remove the signing requests
|
||||
rm -rf "${CERT_DIR}/client.csr" "${CERT_DIR}/server.csr" "${CERT_DIR}/"*.attr "${CERT_DIR}/"*.old
|
||||
|
||||
fi
|
||||
|
||||
set -- sh "$(which dind)" "$@"
|
||||
exec "$@"
|
45
main_test.go
45
main_test.go
|
@ -4,16 +4,12 @@ import (
|
|||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/docker/api"
|
||||
"github.com/docker/docker/client"
|
||||
"github.com/docker/go-connections/tlsconfig"
|
||||
"github.com/jessfraz/reg/testutils"
|
||||
)
|
||||
|
||||
|
@ -61,7 +57,7 @@ func TestMain(m *testing.M) {
|
|||
defer os.Remove("testreg" + exeSuffix)
|
||||
|
||||
// create the docker client
|
||||
dcli, err := newEnvDockerClient()
|
||||
dcli, err := client.NewEnvClient()
|
||||
if err != nil {
|
||||
panic(fmt.Errorf("could not connect to docker: %v", err))
|
||||
}
|
||||
|
@ -113,42 +109,3 @@ alpine latest
|
|||
t.Fatalf("expected: %s\ngot: %s", expected, out)
|
||||
}
|
||||
}
|
||||
|
||||
func newEnvDockerClient() (*client.Client, error) {
|
||||
var hc *http.Client
|
||||
|
||||
if dockerCertPath := os.Getenv("DOCKER_CERT_PATH"); dockerCertPath != "" {
|
||||
options := tlsconfig.Options{
|
||||
CAFile: filepath.Join(dockerCertPath, "cacert.pem"),
|
||||
CertFile: filepath.Join(dockerCertPath, "server.cert"),
|
||||
KeyFile: filepath.Join(dockerCertPath, "server.key"),
|
||||
InsecureSkipVerify: os.Getenv("DOCKER_TLS_VERIFY") == "",
|
||||
}
|
||||
tlsc, err := tlsconfig.Client(options)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
hc = &http.Client{
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: tlsc,
|
||||
},
|
||||
CheckRedirect: client.CheckRedirect,
|
||||
}
|
||||
}
|
||||
|
||||
host := os.Getenv("DOCKER_HOST")
|
||||
if host == "" {
|
||||
host = client.DefaultDockerHost
|
||||
}
|
||||
version := os.Getenv("DOCKER_API_VERSION")
|
||||
if version == "" {
|
||||
version = api.DefaultVersion
|
||||
}
|
||||
|
||||
cli, err := client.NewClient(host, version, hc, nil)
|
||||
if err != nil {
|
||||
return cli, err
|
||||
}
|
||||
return cli, nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue