-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
85b2d3e
commit 68a0c29
Showing
8 changed files
with
214 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
local utils = require "kong.tools.utils" | ||
local pl_path = require "pl.path" | ||
local pl_utils = require "pl.utils" | ||
local pl_dir = require "pl.dir" | ||
local log = require "kong.cmd.utils.log" | ||
local fmt = string.format | ||
|
||
local _M = {} | ||
|
||
local SSL_FOLDER = "ssl" | ||
local SSL_CERT = "kong-default.crt" | ||
local SSL_CERT_KEY = "kong-default.key" | ||
local SSL_CERT_CSR = "kong-default.csr" | ||
|
||
function _M.get_ssl_cert_and_key(kong_config, nginx_prefix) | ||
local ssl_cert, ssl_cert_key | ||
if kong_config.ssl_cert and kong_config.ssl_cert_key then | ||
ssl_cert = kong_config.ssl_cert | ||
ssl_cert_key = kong_config.ssl_cert_key | ||
else | ||
ssl_cert = pl_path.join(nginx_prefix, SSL_FOLDER, SSL_CERT) | ||
ssl_cert_key = pl_path.join(nginx_prefix, SSL_FOLDER, SSL_CERT_KEY) | ||
end | ||
|
||
-- Check that the files exist | ||
if ssl_cert and not pl_path.exists(ssl_cert) then | ||
return false, "Can't find SSL certificate at: "..ssl_cert | ||
end | ||
if ssl_cert_key and not pl_path.exists(ssl_cert_key) then | ||
return false, "Can't find SSL key at: "..ssl_cert_key | ||
end | ||
|
||
return { ssl_cert = ssl_cert, ssl_cert_key = ssl_cert_key } | ||
end | ||
|
||
function _M.prepare_ssl_cert_and_key(prefix) | ||
-- Create SSL directory | ||
local ssl_path = pl_path.join(prefix, SSL_FOLDER) | ||
local ok, err = pl_dir.makepath(ssl_path) | ||
if not ok then return nil, err end | ||
|
||
local ssl_cert = pl_path.join(prefix, SSL_FOLDER, SSL_CERT) | ||
local ssl_cert_key = pl_path.join(prefix, SSL_FOLDER, SSL_CERT_KEY) | ||
local ssl_cert_csr = pl_path.join(prefix, SSL_FOLDER, SSL_CERT_CSR) | ||
|
||
if not (pl_path.exists(ssl_cert) and pl_path.exists(ssl_cert_key)) then | ||
-- Autogenerating the certificates for the first time | ||
log.verbose("Auto-generating the default SSL certificate and key..") | ||
|
||
local passphrase = utils.random_string() | ||
local commands = { | ||
fmt("openssl genrsa -des3 -out %s -passout pass:%s 1024", ssl_cert_key, passphrase), | ||
fmt("openssl req -new -key %s -out %s -subj \"/C=US/ST=California/L=San Francisco/O=Kong/OU=IT Department/CN=localhost\" -passin pass:%s", ssl_cert_key, ssl_cert_csr, passphrase), | ||
fmt("cp %s %s.org", ssl_cert_key, ssl_cert_key), | ||
fmt("openssl rsa -in %s.org -out %s -passin pass:%s", ssl_cert_key, ssl_cert_key, passphrase), | ||
fmt("openssl x509 -req -in %s -signkey %s -out %s", ssl_cert_csr, ssl_cert_key, ssl_cert), | ||
fmt("rm %s", ssl_cert_csr), | ||
fmt("rm %s.org", ssl_cert_key) | ||
} | ||
for _, cmd in ipairs(commands) do | ||
local ok, _, _, stderr = pl_utils.executeex(cmd) | ||
if not ok then | ||
return nil, "There was an error when auto-generating the default SSL certificate: "..stderr | ||
end | ||
end | ||
|
||
return true | ||
end | ||
end | ||
|
||
return _M |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
local pl_path = require "pl.path" | ||
local pl_dir = require "pl.dir" | ||
local ssl = require "kong.cmd.utils.ssl" | ||
|
||
describe("SSL Utils", function() | ||
|
||
setup(function() | ||
pcall(pl_dir.rmtree, "/tmp/ssl") | ||
end) | ||
|
||
it("should auto-generate an SSL certificate and key", function() | ||
assert(ssl.prepare_ssl_cert_and_key("/tmp")) | ||
assert(pl_path.exists("/tmp/ssl/kong-default.crt")) | ||
assert(pl_path.exists("/tmp/ssl/kong-default.key")) | ||
end) | ||
|
||
it("retrieve the default SSL certificate and key", function() | ||
local ssl_data, err = ssl.get_ssl_cert_and_key({}, "/tmp") | ||
assert.is_table(ssl_data) | ||
assert.is_nil(err) | ||
|
||
assert.is_string(ssl_data.ssl_cert) | ||
assert.is_string(ssl_data.ssl_cert_key) | ||
end) | ||
|
||
end) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters