test: improve https_renew_cert.sh script

tniessen · tniessen · commit 509afd4a61af · 2022-03-15T13:59:15.000Z
- To avoid unnecessarily large diffs, only generate a new private key if necessary. Otherwise, reuse the existing private key and only issue a new certificate. - Remove an unnecessary conversion step using openssl rsa. - Extend the certificate validity from 1 year to 10 years. - Show a text representation of the issued certificate upon completion such that the user can verify the validity. - Make the script executable. - Use "#!/usr/bin/env bash" instead of "#!/bin/bash". - Allow the script to be called from any directory. Refs: nodejs#42342 Refs: nodejs#37990
diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore b/test/fixtures/keys/selfsigned-no-keycertsign/.gitignore
@@ -0,0 +1 @@
+csr.pem
diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem b/test/fixtures/keys/selfsigned-no-keycertsign/cert.pem
@@ -1,18 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIC9jCCAd6gAwIBAgIJANHflGRpZM1IMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
-BAMMCWxvY2FsaG9zdDAeFw0yMTAzMTUwOTEzMjdaFw0yMjAzMTUwOTEzMjdaMBQx
-EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANMt6TLw9gIxucRgZBn8owavEIMAddxMTjkHiR7jGfaBrvvVTB8ymsIizw/Q
-KTANmu2r3EOqeR9Ht25KZFKxOKCDMd3aKHht38HInXIF6CQe8c5P0xsVKZAWkell
-8ohL05EsFpcrJODIdHfaovODrtX8w1WexqDsUoPQdEk7pISJ2HhmXzpf7QmV00Ux
-8J+64v2pTg8/C9VgpSgxE4oXlfJEqdSIAzGDT+VX96GWXTh7QqLjiQ9T96QHUJEn
-Bx0Sr4rO9mY2lOQG408QuCLR/ng2J+lYx+03SC8Lq7lrtt4M06Ffr8TQRgpDAjkU
-0YitbuysD5XgtCeFq0Fi3v1z700CAwEAAaNLMEkwCwYDVR0PBAQDAgWgMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMBMCUGA1UdEQQeMByCCTEyNy4wLjAuMYIJbG9jYWxob3N0
-hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQDAUCt/8Le2EO0ONOkQYUcPmSut6Siz
-UIQrJ8Lwfs0fb+Zk9ElNGLwYTzooKDgzK8cLQ8g8F2WkolBEPXDsy1Ab+e66WkJH
-NH/zAgEyG6cXXRNc+ObM5KbjY0YuDGiajKcndknuuCB+onlC1Pv5oFUSNa3/06+S
-sziFloGbg5S0AHT6lYnwZSM6G7Pre8mcRNRxL6Yw1FOOUpQZKPd7juy4GBRlCucn
-wmp/Fl0wIBDs91Vprig2TO+U6GvtqJ3n/RKXUz1ykUKETtRneSkqa6hFYjwRzawd
-ANpjy/orrVkqXriAbI/1xvBMInWdcMpXNeiOkxQeQdy8TLBk0ZViSJnf
+MIIDATCCAemgAwIBAgIUTXpOy9qjVlzqq0ydD1iX+DyTstIwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDMxNTEzNTAxNloXDTMyMDMx
+MjEzNTAxNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA0y3pMvD2AjG5xGBkGfyjBq8QgwB13ExOOQeJHuMZ9oGu
++9VMHzKawiLPD9ApMA2a7avcQ6p5H0e3bkpkUrE4oIMx3dooeG3fwcidcgXoJB7x
+zk/TGxUpkBaR6WXyiEvTkSwWlysk4Mh0d9qi84Ou1fzDVZ7GoOxSg9B0STukhInY
+eGZfOl/tCZXTRTHwn7ri/alODz8L1WClKDETiheV8kSp1IgDMYNP5Vf3oZZdOHtC
+ouOJD1P3pAdQkScHHRKvis72ZjaU5AbjTxC4ItH+eDYn6VjH7TdILwuruWu23gzT
+oV+vxNBGCkMCORTRiK1u7KwPleC0J4WrQWLe/XPvTQIDAQABo0swSTALBgNVHQ8E
+BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwJQYDVR0RBB4wHIIJMTI3LjAuMC4x
+gglsb2NhbGhvc3SHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAEhs8bBvvUmnwb04
+U814MSZO1zU9Bj0+iGqgpLIcaG8V+UxhK2m+QSh2HrBN2ROKpziU2VlmoPLrrVuA
+CPvFWwWuA3+OJlcQzkKxbje4S3cZ6tEzloYFvE9aXbiGnxMhzgA94F6JbJzIEX9g
+ibxG6HueDTxV6LjsjQUQZApEp1yPDObdLYjOPzgRTWHJHhyaEDucT5IBdWAxA0f7
+kqEQQFuHIXoH9d4Sl1GSnUEural5lHKBrVgVywLDdayrCDhSDJAlchG7gtbYDCne
+BNw+Z51nBu+3SJtGpwK0QyLCuqRouIC1c+urUFnXooRfpjcnmoW9XumqKV0PBi8e
+uhHh3CM=
 -----END CERTIFICATE-----
diff --git a/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh b/test/fixtures/keys/selfsigned-no-keycertsign/https_renew_cert.sh
@@ -1,6 +1,12 @@
-#!/bin/bash
-openssl genrsa -out rsa.pem 2048
-openssl rsa -in rsa.pem -out key.pem
-openssl req -sha256 -new -key key.pem -out csr.pem -subj "/CN=localhost"
-openssl x509 -req -extfile cert.conf -extensions v3_req -days 365 -in csr.pem -signkey key.pem -out cert.pem
+#!/usr/bin/env bash
+set -euo pipefail
+shopt -s inherit_errexit
+
+cd -- "$(dirname -- "${BASH_SOURCE[0]}")"
 
+if [ ! -f key.pem ]; then
+  openssl genrsa -out key.pem 2048
+fi
+openssl req -sha256 -new -key key.pem -out csr.pem -subj "/CN=localhost"
+openssl x509 -req -extfile cert.conf -extensions v3_req -days 3650 -in csr.pem -signkey key.pem -out cert.pem
+openssl x509 -in cert.pem -noout -text
