Skip to content

Commit

Permalink
Generate ssl certs in a genrule instead of checking them in (digital-…
Browse files Browse the repository at this point in the history
…asset#4950)

changelog_begin
changelog_end

For now this is only used for the daml-helper tests. I’ll shuffle
things around and use it for all tests in a separate PR.
  • Loading branch information
cocreature authored Mar 12, 2020
1 parent 4c55a67 commit e0d652d
Show file tree
Hide file tree
Showing 20 changed files with 130 additions and 425 deletions.
1 change: 1 addition & 0 deletions .dadew
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"vcredist-14.0.23026",
"bazel",
"nodejs-10.16.3",
"openssl",
"python-3.6.7",
"nsis-3.04",
"maven-3.6.1",
Expand Down
20 changes: 20 additions & 0 deletions WORKSPACE
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,26 @@ dev_env_tool(
win_tool = "msys2",
)

nixpkgs_package(
name = "openssl_nix",
attribute_path = "openssl",
fail_not_supported = False,
nix_file = "//nix:bazel.nix",
nix_file_deps = common_nix_file_deps,
repositories = dev_env_nix_repos,
)

dev_env_tool(
name = "openssl_dev_env",
nix_include = ["bin/openssl"],
nix_label = "@openssl_nix",
nix_paths = ["bin/openssl"],
tools = ["openssl"],
win_include = ["bin"],
win_paths = ["bin/openssl.exe"],
win_tool = "openssl",
)

# Tar & gzip dependency
nixpkgs_package(
name = "tar_nix",
Expand Down
55 changes: 50 additions & 5 deletions daml-assistant/daml-helper/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

load("//bazel_tools:haskell.bzl", "da_haskell_binary", "da_haskell_library", "da_haskell_test")
load("//bazel_tools/packaging:packaging.bzl", "package_app")
load("@os_info//:os_info.bzl", "is_windows")

da_haskell_library(
name = "daml-helper-lib",
Expand Down Expand Up @@ -63,16 +64,60 @@ package_app(
visibility = ["//visibility:public"],
)

genrule(
name = "test-certificates",
srcs = [":openssl-extensions.cnf"],
outs = [
"ca.key",
"ca.crt",
"client.csr",
"client.crt",
"client.key",
"client.pem",
"server.csr",
"server.crt",
"server.key",
"server.pem",
],
cmd = """
set -eou pipefail
{openssl_conf}
# Generate CA key and crt
$(location @openssl_dev_env//:openssl) genrsa -out $(location ca.key) 4096
$(location @openssl_dev_env//:openssl) req -new -x509 -key $(location ca.key) -out $(location ca.crt) -subj '{cn}=0.0.0.0.ca' -days 3650
# Generate server key, csr and crt
$(location @openssl_dev_env//:openssl) genrsa -out $(location server.key) 4096
$(location @openssl_dev_env//:openssl) pkey -in $(location server.key) -out $(location server.pem)
$(location @openssl_dev_env//:openssl) req -new -key $(location server.key) -out $(location server.csr) -subj '{cn}=0.0.0.0.server'
$(location @openssl_dev_env//:openssl) x509 -req -in $(location server.csr) -CA $(location ca.crt) -CAkey $(location ca.key) -CAcreateserial -out $(location server.crt) -extfile $(location openssl-extensions.cnf) -extensions req_ext -days 3650
# Generate client key, csr and crt
$(location @openssl_dev_env//:openssl) genrsa -out $(location client.key) 4096
$(location @openssl_dev_env//:openssl) pkey -in $(location client.key) -out $(location client.pem)
$(location @openssl_dev_env//:openssl) req -new -key $(location client.key) -out $(location client.csr) -subj '{cn}=0.0.0.0.client'
$(location @openssl_dev_env//:openssl) x509 -req -in $(location client.csr) -CA $(location ca.crt) -CAkey $(location ca.key) -CAcreateserial -out $(location client.crt) -extfile $(location openssl-extensions.cnf) -extensions req_ext -days 3650
""".format(
openssl_conf =
"export OPENSSL_CONF=$$(dirname $(location @openssl_dev_env//:openssl))/cnf/openssl.cnf" if is_windows else "",
cn = "//CN" if is_windows else "/CN",
),
tools = [
"@openssl_dev_env//:openssl",
],
)

da_haskell_test(
name = "ledger-tls",
srcs = glob(["test/**/*.hs"]),
data = [
"daml-helper",
"test-certificates/ca.crt",
"test-certificates/client.crt",
"test-certificates/client.pem",
"test-certificates/server.crt",
"test-certificates/server.pem",
":ca.crt",
":client.crt",
":client.pem",
":server.crt",
":server.pem",
"//ledger/sandbox:sandbox-binary",
],
hackage_deps = [
Expand Down
29 changes: 0 additions & 29 deletions daml-assistant/daml-helper/test-certificates/ca.crt

This file was deleted.

51 changes: 0 additions & 51 deletions daml-assistant/daml-helper/test-certificates/ca.key

This file was deleted.

1 change: 0 additions & 1 deletion daml-assistant/daml-helper/test-certificates/ca.srl

This file was deleted.

28 changes: 0 additions & 28 deletions daml-assistant/daml-helper/test-certificates/client.crt

This file was deleted.

26 changes: 0 additions & 26 deletions daml-assistant/daml-helper/test-certificates/client.csr

This file was deleted.

51 changes: 0 additions & 51 deletions daml-assistant/daml-helper/test-certificates/client.key

This file was deleted.

52 changes: 0 additions & 52 deletions daml-assistant/daml-helper/test-certificates/client.pem

This file was deleted.

24 changes: 0 additions & 24 deletions daml-assistant/daml-helper/test-certificates/generate-certs.sh

This file was deleted.

Loading

0 comments on commit e0d652d

Please sign in to comment.