-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcreate-cookie-keys.sh
executable file
·67 lines (59 loc) · 1.98 KB
/
create-cookie-keys.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
cd "$(dirname "${BASH_SOURCE[0]}")"
rm -rf cookie-encryption 2>/dev/null
mkdir cookie-encryption
cd cookie-encryption
#
# The session cookie is encrypted using the system's symmetric key
#
echo 'Creating keys for cookie encryption ...'
export SYMMETRIC_KEY=$(openssl rand 32 | xxd -p -c 64)
#
# Generate proxy cookie keys
#
export TH_COOKIE_KEY_PASS='Password1'
openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem
openssl ec -in private-key.pem -pubout -out public-key.pem
openssl pkcs8 -topk8 -in private-key.pem -out private-key.pkcs8 -passout pass:"$TH_COOKIE_KEY_PASS"
rm private-key.pem
if [ $? -ne 0 ]; then
echo 'Problem encountered generating cookie encryption keys'
exit 1
fi
cd ..
#
# Get the proxy private key into a single line format to supply to API gateways
#
export TH_COOKIE_KEY="$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ./cookie-encryption/private-key.pkcs8)"
if [ $? -ne 0 ]; then
echo 'Problem encountered producing the TH_COOKIE_KEY parameter'
exit 1
fi
#
# Get the proxy public key into a single line format recognized by the Curity Identity Server
#
export TH_COOKIE_CERT="$(openssl base64 -in ./cookie-encryption/public-key.pem | tr -d '\n')"
if [ $? -ne 0 ]; then
echo 'Problem encountered producing the TH_COOKIE_CERT parameter'
exit 1
fi
#
# Finalize the SPA's API gateway routes
#
cd ./deployments/$DEPLOYMENT/apigateway
if [ "$OAUTH_PROXY_TYPE" == 'nginx' ]; then
envsubst '$TH_COOKIE_KEY,$TH_COOKIE_KEY_PASS' < ./nginx/default.conf.template > ./nginx/default.conf
elif [ "$OAUTH_PROXY_TYPE" == 'openresty' ]; then
envsubst '$TH_COOKIE_KEY,$TH_COOKIE_KEY_PASS' < ./openresty/default.conf.template > ./openresty/default.conf
else
envsubst '$TH_COOKIE_KEY,$TH_COOKIE_KEY_PASS' < ./kong/kong.yml.template > ./kong/kong.yml
fi
if [ $? -ne 0 ]; then
echo 'Problem encountered updating API gateway configuration with cookie encryption keys'
exit 1
fi
cd ../../..
#
# Indicate success
#
echo 'Cookie encryption keys configured successfully ...'