update certs

Signed-off-by: May Rosenbaum <mayro1595@gmail.com>
hyperledger-labs · Aug 15, 2023 · 874b168 · 874b168
1 parent 987524f
commit 874b168
Show file tree

Hide file tree

Showing 15 changed files with 90 additions and 62 deletions.
diff --git a/deployment/crypto/CA/CA.key b/deployment/crypto/CA/CA.key
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIFtY6+wyCNu7U2OUoe4q6hUP8eWH9kn5UF31yiEwJqWcoAoGCCqGSM49
-AwEHoUQDQgAEXMP1pAbjLzs+2l8mKAcT54iMxA/jtyOgxPoEIbIsj0CHzuGOYsjj
-XqkdFfZs4KIs5bnEKF3tYBWzZsbjIEkTPA==
+MHcCAQEEIGUsDhRKOiFAh6XFUf6/x5U/ASmqTHK48B3SYYH7vS0YoAoGCCqGSM49
+AwEHoUQDQgAExkt0GIeYarv/1rNGFyd5p72C+WDLFXwCOisInkmSc7Tu0zRQA3Di
+XNryteFB7j3jghyObj5E2daP8REMvHphHw==
 -----END EC PRIVATE KEY-----
diff --git a/deployment/crypto/CA/CA.pem b/deployment/crypto/CA/CA.pem
@@ -1,11 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIBrDCCAVOgAwIBAgIUZsNZO+cqCoqC9ymMpFb1bijoIqUwCgYIKoZIzj0EAwIw
+MIIBrjCCAVOgAwIBAgIUSw7fbkDu+nx97O39JUYHQfBoFngwCgYIKoZIzj0EAwIw
 LDELMAkGA1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4X
-DTIyMDcxMTA1MDUyNloXDTIzMDcxMTA1MDUyNlowLDELMAkGA1UEBhMCSUwxDjAM
+DTIzMDgxNTExMTAzM1oXDTI4MDgxMzExMTAzM1owLDELMAkGA1UEBhMCSUwxDjAM
 BgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0D
-AQcDQgAEXMP1pAbjLzs+2l8mKAcT54iMxA/jtyOgxPoEIbIsj0CHzuGOYsjjXqkd
-FfZs4KIs5bnEKF3tYBWzZsbjIEkTPKNTMFEwHQYDVR0OBBYEFAuEb7A7PrW1mQMA
-B6hPjyOMsxR2MB8GA1UdIwQYMBaAFAuEb7A7PrW1mQMAB6hPjyOMsxR2MA8GA1Ud
-EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgXKxaESXbrhgM1jeXC17iccAY
-AimMdDTtRfT+MxpAZzkCIHX0MTp7FHL6STnomhoAM2tTgrUSOIzqFPwCSZ3ZsW39
+AQcDQgAExkt0GIeYarv/1rNGFyd5p72C+WDLFXwCOisInkmSc7Tu0zRQA3DiXNry
+teFB7j3jghyObj5E2daP8REMvHphH6NTMFEwHQYDVR0OBBYEFLOBDYmHGI9R3Zjb
+AhVCaCyCAyh0MB8GA1UdIwQYMBaAFLOBDYmHGI9R3ZjbAhVCaCyCAyh0MA8GA1Ud
+EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAILCEE8eBycJxkTsu5j0YUuZ
+upInvfOD+wo8xePgfcOWAiEAmd3kY7lE9PZW5n11TrkzK3ZzNdqltxQdHk26QWi0
+4Sw=
 -----END CERTIFICATE-----
diff --git a/deployment/crypto/README.md b/deployment/crypto/README.md
@@ -0,0 +1,14 @@
+This folder contains the crypto materials, including root CA private key, self-signed root CA certificate, and private keys and certificates per user.
+
+### creating private keys and certificates and using them in configuration
+Run from `orion-server` root folder:
+
+Run `./scripts/cryptoGen.sh deployment [args]`,
+replace `[args]` with any optional user.
+
+
+Example:
+
+Create keys and certs for CA, admin, server, user, alice anb bob by: `./scripts/cryptoGen.sh deployment alice bob`
+
+The generated crypto materials are stored inside deployment.
diff --git a/deployment/crypto/admin/admin.key b/deployment/crypto/admin/admin.key
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIFYjQF5mSL+oRcOdGPxULl44mbPxETiPWt/hY/cHFHuvoAoGCCqGSM49
-AwEHoUQDQgAE7BRSToz4fudVAIFP2sFSkCgC+9AXzuIAVJxmV5deHIyXBsN1Jy45
-ZHcEVSjU1waQVk4ntSRUZVAW0SyuptBG7A==
+MHcCAQEEIAvsUgUBcRggQL11GNeSHHc1uxtw1SS06KJ++8p99xo7oAoGCCqGSM49
+AwEHoUQDQgAE61ICL+iyVjOWbtB+HvKOhrvr7ZVRlzUoijCQ/1YCILNjNuEz/2zO
+n71YT7FbmIrw2hkkOWJOWVcwUN9Pq+SxiQ==
 -----END EC PRIVATE KEY-----
diff --git a/deployment/crypto/admin/admin.pem b/deployment/crypto/admin/admin.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PMwCgYIKoZIzj0EAwIwLDELMAkG
-A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
-MTA1MDUzNVoXDTIzMDcxMTA1MDUzNVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
+MIIBUTCB+QIUKKzjaaD7M42PbORuyLdj4hiYPbkwCgYIKoZIzj0EAwIwLDELMAkG
+A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
+NTExMTAzNloXDTI4MDgxMzExMTAzNlowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
 BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-7BRSToz4fudVAIFP2sFSkCgC+9AXzuIAVJxmV5deHIyXBsN1Jy45ZHcEVSjU1waQ
-Vk4ntSRUZVAW0SyuptBG7DAKBggqhkjOPQQDAgNIADBFAiEAzHjvH+aSHO+sB1zG
-KbhxRKuPtXUB9uFQIcfktbbvfjoCIHzm61WF8cvVBuANYNrBzPnnzoBh6GMboCji
-ZEXvay6v
+61ICL+iyVjOWbtB+HvKOhrvr7ZVRlzUoijCQ/1YCILNjNuEz/2zOn71YT7FbmIrw
+2hkkOWJOWVcwUN9Pq+SxiTAKBggqhkjOPQQDAgNHADBEAiAr+moYKnQRWaMY+oc9
+PRyNo8NvH0KtDGtOHAbeeixAYQIgGAgO+DikDu48tJsrpepiOaQlpecaJxegvPDq
+jFbxZgI=
 -----END CERTIFICATE-----
diff --git a/deployment/crypto/alice/alice.key b/deployment/crypto/alice/alice.key
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIE7iiJ6BYFvWpaE9HksUTw8KsZh4DJWXEqtCQLIxJjNEoAoGCCqGSM49
-AwEHoUQDQgAE2yRLpMrFMBmpg4WOSGJZ1QKuL7V53AeWx1DAInM2zX6oMA5b4u7G
-euR6ZLdq34ie2vxzoG4VwIgkm9CtCUboig==
+MHcCAQEEILqn8X+9beiLlaWwJUYpel9RRrVqdrV08TkhwvVPcTjEoAoGCCqGSM49
+AwEHoUQDQgAERPIvzg+/GJxAr4uRwrcZHOMVwMBZCRLBDbFIqAb1ssOHpy4pc4Ou
+loy19xbUMYIqmHogj4fxYP+4yYHkCZpB6Q==
 -----END EC PRIVATE KEY-----
diff --git a/deployment/crypto/alice/alice.pem b/deployment/crypto/alice/alice.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBUTCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PQwCgYIKoZIzj0EAwIwLDELMAkG
-A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
-MTA1MDUzOFoXDTIzMDcxMTA1MDUzOFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
+MIIBUTCB+QIUKKzjaaD7M42PbORuyLdj4hiYPbswCgYIKoZIzj0EAwIwLDELMAkG
+A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
+NTExMTAzOVoXDTI4MDgxMzExMTAzOVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
 BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-2yRLpMrFMBmpg4WOSGJZ1QKuL7V53AeWx1DAInM2zX6oMA5b4u7GeuR6ZLdq34ie
-2vxzoG4VwIgkm9CtCUboijAKBggqhkjOPQQDAgNHADBEAiBWyumslZ0m+FBnYg5x
-NHnypqZ3KJRvZgjJ90lNdXtJqgIgCinkNcW2nWRmmhJRFv0tE1OHfhPadLWmkQIm
-Bz16v1E=
+RPIvzg+/GJxAr4uRwrcZHOMVwMBZCRLBDbFIqAb1ssOHpy4pc4Ouloy19xbUMYIq
+mHogj4fxYP+4yYHkCZpB6TAKBggqhkjOPQQDAgNHADBEAiB5L1uiSClq23hg7doM
+39yS4bF0jrm4RFtwhZThMzk6JwIgXLvsMt2GUqI5BbeIoOhAD8pe36/xo+rQvr5L
+NHNxGTA=
 -----END CERTIFICATE-----
diff --git a/deployment/crypto/bob/bob.key b/deployment/crypto/bob/bob.key
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIA2FWUZubCKMGGUplWjtO8hWd15jFqxJx5N6DBTbMFTtoAoGCCqGSM49
-AwEHoUQDQgAESP280QzxHawRA5XQdsVMWz37SYU6e57fLwFQoRX+n7WwveK1J4CY
-T/gbTGxln+D/y2S8rXl4mLlTmwUFPxek4Q==
+MHcCAQEEIM1bno3o4CGWOF1bCG1yoUzVpXshqm0OhQjLPvpK+Xi7oAoGCCqGSM49
+AwEHoUQDQgAEF5n4V9ssnDF2X9zyTlBYYc8Gk/nLsDLwoWkivE7yvjLFntzwjxd7
+d2eghjg6A5jziZc0pwKPV8uxWB2Lo58pHQ==
 -----END EC PRIVATE KEY-----
diff --git a/deployment/crypto/bob/bob.pem b/deployment/crypto/bob/bob.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PUwCgYIKoZIzj0EAwIwLDELMAkG
-A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
-MTA1MDU0MFoXDTIzMDcxMTA1MDU0MFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
+MIIBUjCB+QIUKKzjaaD7M42PbORuyLdj4hiYPbwwCgYIKoZIzj0EAwIwLDELMAkG
+A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
+NTExMTA0MVoXDTI4MDgxMzExMTA0MVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
 BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-SP280QzxHawRA5XQdsVMWz37SYU6e57fLwFQoRX+n7WwveK1J4CYT/gbTGxln+D/
-y2S8rXl4mLlTmwUFPxek4TAKBggqhkjOPQQDAgNIADBFAiA0Xxc7rMz69ktd2rml
-7EG48cyzeNJv/k7nH2EaV0nLsQIhAN7xymmo08WywNuHA5TvZhRj/W6bR+ctIiS1
-1YSKhniA
+F5n4V9ssnDF2X9zyTlBYYc8Gk/nLsDLwoWkivE7yvjLFntzwjxd7d2eghjg6A5jz
+iZc0pwKPV8uxWB2Lo58pHTAKBggqhkjOPQQDAgNIADBFAiBIXstNmxSomEW4JbqP
+gmLq7xx+8lsOXuPfIt6zfrsObQIhALCFnuuvKgPNQdABIOAWkkUb+4SP9/Ug+5wf
+M+RjZEe6
 -----END CERTIFICATE-----
diff --git a/deployment/crypto/server/server.key b/deployment/crypto/server/server.key
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIPqLeZILGI3zKzmc7ett9WHo+Ca95CDt/aVSbbX0nnCjoAoGCCqGSM49
-AwEHoUQDQgAE9jOfe69sfESPKOnAT7t9wjgzhSr/hoAyNsqL7A3Ws12dQlx1N59g
-s40UhJ6Z5/XA91JtDvM25gVJ+w+VC8ErBg==
+MHcCAQEEIBP61HSKvKxnUna0avdlC6bXTiDSSRnqLtpB0jDOoLppoAoGCCqGSM49
+AwEHoUQDQgAEGRFEgxhNRRKEZCEOZEafGjUAxaRptFZ2ykyp4CMYzxBkGNFyTTV6
+/bokrlOmt+nINP9yLyzVdkdAZwUgiqjPcg==
 -----END EC PRIVATE KEY-----
diff --git a/deployment/crypto/server/server.pem b/deployment/crypto/server/server.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBUjCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PYwCgYIKoZIzj0EAwIwLDELMAkG
-A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
-MTA1MDU0MloXDTIzMDcxMTA1MDU0MlowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
+MIIBUjCB+QIUKKzjaaD7M42PbORuyLdj4hiYPbgwCgYIKoZIzj0EAwIwLDELMAkG
+A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
+NTExMTAzNVoXDTI4MDgxMzExMTAzNVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
 BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-9jOfe69sfESPKOnAT7t9wjgzhSr/hoAyNsqL7A3Ws12dQlx1N59gs40UhJ6Z5/XA
-91JtDvM25gVJ+w+VC8ErBjAKBggqhkjOPQQDAgNIADBFAiEAiQReX/+Jzid1cV0Y
-CRcAjJUOwsCl0BbW7NHL1oYRfqwCIGulWxoTZHC/dUZJXb/qhxa2YXqsaJTdzmxV
-hK8XstZ2
+GRFEgxhNRRKEZCEOZEafGjUAxaRptFZ2ykyp4CMYzxBkGNFyTTV6/bokrlOmt+nI
+NP9yLyzVdkdAZwUgiqjPcjAKBggqhkjOPQQDAgNIADBFAiEAxbS+eeATmcl76zR9
+SZ1/N0NxQstC7naI4VQxQSUWCysCIFx5skwiTZzFtlVRuvhytU/x/iw880MLwa6x
+TJgahAQh
 -----END CERTIFICATE-----
diff --git a/deployment/crypto/user/user.key b/deployment/crypto/user/user.key
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHs7ATWFT8R1INM5kXA2GC+Skh8xIijDaFNbPxIcmLVkoAoGCCqGSM49
-AwEHoUQDQgAEIWlXtC/ASjXgDujTcJ5fi2SMMJ7PaQ72yedRndHj+amA0m+ymWCx
-TifIuo3ZOaoL7YYQGMh3+CfUMR/LVKNQyA==
+MHcCAQEEIGp8OxlyV/yl3hcwYhs++KXCtT0M3A70ck66eurCK2QooAoGCCqGSM49
+AwEHoUQDQgAEHyVPgc5EyZna9Sf777lNrRJ6L9+J254hl8YpH6ya+S04DXXFOkSL
+iEHCJPWY0KB/1KmWv75YzmHliBSRqflLUg==
 -----END EC PRIVATE KEY-----
diff --git a/deployment/crypto/user/user.pem b/deployment/crypto/user/user.pem
@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIIBUTCB+QIUI3x97xqJfU4HlSJpSe4M6zo88PcwCgYIKoZIzj0EAwIwLDELMAkG
-A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIyMDcx
-MTA1MDU0NVoXDTIzMDcxMTA1MDU0NVowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
+MIIBUjCB+QIUKKzjaaD7M42PbORuyLdj4hiYPbowCgYIKoZIzj0EAwIwLDELMAkG
+A1UEBhMCSUwxDjAMBgNVBAgMBUhhaWZhMQ0wCwYDVQQKDARCQ0RCMB4XDTIzMDgx
+NTExMTAzOFoXDTI4MDgxMzExMTAzOFowLDELMAkGA1UEBhMCSUwxDjAMBgNVBAgM
 BUhhaWZhMQ0wCwYDVQQKDARCQ0RCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-IWlXtC/ASjXgDujTcJ5fi2SMMJ7PaQ72yedRndHj+amA0m+ymWCxTifIuo3ZOaoL
-7YYQGMh3+CfUMR/LVKNQyDAKBggqhkjOPQQDAgNHADBEAiBjtVCjcq7uP8OVbcJ+
-lwjmVL1VrmzxMwP/TWlXbZgwjAIgQmTJeTsmS/VOEMtaZxi/TGDB48NqKcM5pTdP
-fBvwmec=
+HyVPgc5EyZna9Sf777lNrRJ6L9+J254hl8YpH6ya+S04DXXFOkSLiEHCJPWY0KB/
+1KmWv75YzmHliBSRqflLUjAKBggqhkjOPQQDAgNIADBFAiAhS96L6Ieea5hq4XbJ
+5/WUFNtbqzFpKgbIyeWRB+uHxQIhAOlJO5Gqr+F8BKZwckBdjEmHo25mqH1UnOZX
+nwjXtnrk
 -----END CERTIFICATE-----
diff --git a/scripts/README.md b/scripts/README.md
@@ -1 +1,14 @@
 It holds the scripts to perform various build, and install.
+
+### creating private keys and certificates and using them in configuration
+Run from `orion-server` root folder:
+
+Run `./scripts/cryptoGen.sh deployment [args]`,
+replace `[args]` with any optional user.
+
+
+Example:
+
+Create keys and certs for CA, admin, server, user, alice anb bob by: `./scripts/cryptoGen.sh deployment alice bob`
+
+The generated crypto materials are stored inside deployment.
diff --git a/scripts/cryptoGen.sh b/scripts/cryptoGen.sh
@@ -12,7 +12,7 @@ create_pki() {
         docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -key "/export/$1/$1.key" -out "/export/$1/$1.csr" -subj "/C=IL/ST=Haifa/O=BCDB"
 
         echo "Generate node certificate"
-        docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl x509 -req -in "/export/$1/$1.csr" -CA "/export/CA/CA.pem" -CAkey "/export/CA/CA.key" -CAcreateserial -out "/export/$1/$1.pem" -days 365 -sha256
+        docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl x509 -req -in "/export/$1/$1.csr" -CA "/export/CA/CA.pem" -CAkey "/export/CA/CA.key" -CAcreateserial -out "/export/$1/$1.pem" -days 1825 -sha256
 }
 
 if [ -z "$1" ]
@@ -39,7 +39,7 @@ docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl ecparam -name prim
 docker run -it --rm -v $BASE_DIR/crypto:/export nginx chmod ga+r "/export/CA/CA.key"
 
 echo "Generating self-signed root CA certificate"
-docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -x509 -nodes -key "/export/CA/CA.key" -sha256 -days 365 -out "/export/CA/CA.pem" -subj "/C=IL/ST=Haifa/O=BCDB" -extensions v3_ca
+docker run -it --rm -v $BASE_DIR/crypto:/export nginx openssl req -new -x509 -nodes -key "/export/CA/CA.key" -sha256 -days 1825 -out "/export/CA/CA.pem" -subj "/C=IL/ST=Haifa/O=BCDB" -extensions v3_ca
 
 for f in "server" "admin" "user"
 do