Add script for certificate generation · hauleth.dev/dotfiles@a0243d4

+3

certs/.gitignore

··· 1 + *.key 2 + *.csr 3 + *.pem

+18

certs/Makefile

··· 1 + PRIV_KEY = private.key 2 + CERT = cert.csr 3 + 4 + all: ${CERT} 5 + 6 + clean: 7 + $(RM) -rf ${PRIV_KEY} ${CERT} 8 + 9 + verify: ${CERT} 10 + openssl x509 -noout -text -in $< 11 + 12 + ${PRIV_KEY}: 13 + openssl genrsa -out $@ 2048 14 + 15 + ${CERT}: self-signed.conf ${PRIV_KEY} 16 + openssl req -config $< -new -x509 -sha256 -key ${PRIV_KEY} -days 3650 -out $@ -subj "/C=US/ST=California/L=San Francisco/O=My Company, Inc./CN=localhost/" 17 + 18 + .PHONY: all clean verify

+355

certs/self-signed.conf

··· 1 + # 2 + # OpenSSL example configuration file. 3 + # This is mostly being used for generation of certificate requests. 4 + # 5 + 6 + # This definition stops the following lines choking if HOME isn't 7 + # defined. 8 + HOME = . 9 + RANDFILE = $ENV::HOME/.rnd 10 + 11 + # Extra OBJECT IDENTIFIER info: 12 + #oid_file = $ENV::HOME/.oid 13 + oid_section = new_oids 14 + 15 + # To use this configuration file with the "-extfile" option of the 16 + # "openssl x509" utility, name here the section containing the 17 + # X.509v3 extensions to use: 18 + # extensions = 19 + # (Alternatively, use a configuration file that has only 20 + # X.509v3 extensions in its main [= default] section.) 21 + 22 + [ new_oids ] 23 + 24 + # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. 25 + # Add a simple OID like this: 26 + # testoid1=1.2.3.4 27 + # Or use config file substitution like this: 28 + # testoid2=${testoid1}.5.6 29 + 30 + # Policies used by the TSA examples. 31 + tsa_policy1 = 1.2.3.4.1 32 + tsa_policy2 = 1.2.3.4.5.6 33 + tsa_policy3 = 1.2.3.4.5.7 34 + 35 + #################################################################### 36 + [ ca ] 37 + default_ca = CA_default # The default ca section 38 + 39 + #################################################################### 40 + [ CA_default ] 41 + 42 + dir = ./demoCA # Where everything is kept 43 + certs = $dir/certs # Where the issued certs are kept 44 + crl_dir = $dir/crl # Where the issued crl are kept 45 + database = $dir/index.txt # database index file. 46 + #unique_subject = no # Set to 'no' to allow creation of 47 + # several ctificates with same subject. 48 + new_certs_dir = $dir/newcerts # default place for new certs. 49 + 50 + certificate = $dir/cacert.pem # The CA certificate 51 + serial = $dir/serial # The current serial number 52 + crlnumber = $dir/crlnumber # the current crl number 53 + # must be commented out to leave a V1 CRL 54 + crl = $dir/crl.pem # The current CRL 55 + private_key = $dir/private/cakey.pem# The private key 56 + RANDFILE = $dir/private/.rand # private random number file 57 + 58 + x509_extensions = usr_cert # The extentions to add to the cert 59 + 60 + # Comment out the following two lines for the "traditional" 61 + # (and highly broken) format. 62 + name_opt = ca_default # Subject Name options 63 + cert_opt = ca_default # Certificate field options 64 + 65 + # Extension copying option: use with caution. 66 + # copy_extensions = copy 67 + 68 + # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 69 + # so this is commented out by default to leave a V1 CRL. 70 + # crlnumber must also be commented out to leave a V1 CRL. 71 + # crl_extensions = crl_ext 72 + 73 + default_days = 365 # how long to certify for 74 + default_crl_days= 30 # how long before next CRL 75 + default_md = default # use public key default MD 76 + preserve = no # keep passed DN ordering 77 + 78 + # A few difference way of specifying how similar the request should look 79 + # For type CA, the listed attributes must be the same, and the optional 80 + # and supplied fields are just that :-) 81 + policy = policy_match 82 + 83 + # For the CA policy 84 + [ policy_match ] 85 + countryName = match 86 + stateOrProvinceName = match 87 + organizationName = match 88 + organizationalUnitName = optional 89 + commonName = supplied 90 + emailAddress = optional 91 + 92 + # For the 'anything' policy 93 + # At this point in time, you must list all acceptable 'object' 94 + # types. 95 + [ policy_anything ] 96 + countryName = optional 97 + stateOrProvinceName = optional 98 + localityName = optional 99 + organizationName = optional 100 + organizationalUnitName = optional 101 + commonName = supplied 102 + emailAddress = optional 103 + 104 + #################################################################### 105 + [ req ] 106 + default_bits = 2048 107 + default_keyfile = privkey.pem 108 + distinguished_name = req_distinguished_name 109 + attributes = req_attributes 110 + x509_extensions = v3_ca # The extentions to add to the self signed cert 111 + 112 + # Passwords for private keys if not present they will be prompted for 113 + # input_password = secret 114 + # output_password = secret 115 + 116 + # This sets a mask for permitted string types. There are several options. 117 + # default: PrintableString, T61String, BMPString. 118 + # pkix : PrintableString, BMPString (PKIX recommendation before 2004) 119 + # utf8only: only UTF8Strings (PKIX recommendation after 2004). 120 + # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 121 + # MASK:XXXX a literal mask value. 122 + # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. 123 + string_mask = utf8only 124 + 125 + # req_extensions = v3_req # The extensions to add to a certificate request 126 + 127 + [ req_distinguished_name ] 128 + countryName = Country Name (2 letter code) 129 + countryName_default = AU 130 + countryName_min = 2 131 + countryName_max = 2 132 + 133 + stateOrProvinceName = State or Province Name (full name) 134 + stateOrProvinceName_default = Some-State 135 + 136 + localityName = Locality Name (eg, city) 137 + 138 + 0.organizationName = Organization Name (eg, company) 139 + 0.organizationName_default = Internet Widgits Pty Ltd 140 + 141 + # we can do this but it is not needed normally :-) 142 + #1.organizationName = Second Organization Name (eg, company) 143 + #1.organizationName_default = World Wide Web Pty Ltd 144 + 145 + organizationalUnitName = Organizational Unit Name (eg, section) 146 + #organizationalUnitName_default = 147 + 148 + commonName = Common Name (e.g. server FQDN or YOUR name) 149 + commonName_max = 64 150 + 151 + emailAddress = Email Address 152 + emailAddress_max = 64 153 + 154 + # SET-ex3 = SET extension number 3 155 + 156 + [ req_attributes ] 157 + challengePassword = A challenge password 158 + challengePassword_min = 4 159 + challengePassword_max = 20 160 + 161 + unstructuredName = An optional company name 162 + 163 + [ usr_cert ] 164 + 165 + # These extensions are added when 'ca' signs a request. 166 + 167 + # This goes against PKIX guidelines but some CAs do it and some software 168 + # requires this to avoid interpreting an end user certificate as a CA. 169 + 170 + basicConstraints=CA:FALSE 171 + 172 + # Here are some examples of the usage of nsCertType. If it is omitted 173 + # the certificate can be used for anything *except* object signing. 174 + 175 + # This is OK for an SSL server. 176 + # nsCertType = server 177 + 178 + # For an object signing certificate this would be used. 179 + # nsCertType = objsign 180 + 181 + # For normal client use this is typical 182 + # nsCertType = client, email 183 + 184 + # and for everything including object signing: 185 + # nsCertType = client, email, objsign 186 + 187 + # This is typical in keyUsage for a client certificate. 188 + # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 189 + 190 + # This will be displayed in Netscape's comment listbox. 191 + nsComment = "OpenSSL Generated Certificate" 192 + 193 + # PKIX recommendations harmless if included in all certificates. 194 + subjectKeyIdentifier=hash 195 + authorityKeyIdentifier=keyid,issuer 196 + 197 + # This stuff is for subjectAltName and issuerAltname. 198 + # Import the email address. 199 + # subjectAltName=email:copy 200 + # An alternative to produce certificates that aren't 201 + # deprecated according to PKIX. 202 + # subjectAltName=email:move 203 + 204 + # Copy subject details 205 + # issuerAltName=issuer:copy 206 + 207 + #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 208 + #nsBaseUrl 209 + #nsRevocationUrl 210 + #nsRenewalUrl 211 + #nsCaPolicyUrl 212 + #nsSslServerName 213 + 214 + # This is required for TSA certificates. 215 + # extendedKeyUsage = critical,timeStamping 216 + 217 + [ v3_req ] 218 + 219 + # Extensions to add to a certificate request 220 + 221 + basicConstraints = CA:FALSE 222 + keyUsage = nonRepudiation, digitalSignature, keyEncipherment 223 + 224 + [ v3_ca ] 225 + 226 + 227 + # Extensions for a typical CA 228 + 229 + 230 + # PKIX recommendation. 231 + 232 + subjectKeyIdentifier=hash 233 + 234 + authorityKeyIdentifier=keyid:always,issuer 235 + 236 + # This is what PKIX recommends but some broken software chokes on critical 237 + # extensions. 238 + #basicConstraints = critical,CA:true 239 + # So we do this instead. 240 + basicConstraints = CA:true 241 + 242 + # Key usage: this is typical for a CA certificate. However since it will 243 + # prevent it being used as an test self-signed certificate it is best 244 + # left out by default. 245 + # keyUsage = cRLSign, keyCertSign 246 + 247 + # Some might want this also 248 + # nsCertType = sslCA, emailCA 249 + 250 + # Include email address in subject alt name: another PKIX recommendation 251 + # subjectAltName=email:copy 252 + # Copy issuer details 253 + # issuerAltName=issuer:copy 254 + 255 + # DER hex encoding of an extension: beware experts only! 256 + # obj=DER:02:03 257 + # Where 'obj' is a standard or added object 258 + # You can even override a supported extension: 259 + # basicConstraints= critical, DER:30:03:01:01:FF 260 + 261 + subjectAltName = @alt_names 262 + [alt_names] 263 + DNS.1 = *.localhost 264 + DNS.2 = *.*.localhost 265 + 266 + [ crl_ext ] 267 + 268 + # CRL extensions. 269 + # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 270 + 271 + # issuerAltName=issuer:copy 272 + authorityKeyIdentifier=keyid:always 273 + 274 + [ proxy_cert_ext ] 275 + # These extensions should be added when creating a proxy certificate 276 + 277 + # This goes against PKIX guidelines but some CAs do it and some software 278 + # requires this to avoid interpreting an end user certificate as a CA. 279 + 280 + basicConstraints=CA:FALSE 281 + 282 + # Here are some examples of the usage of nsCertType. If it is omitted 283 + # the certificate can be used for anything *except* object signing. 284 + 285 + # This is OK for an SSL server. 286 + # nsCertType = server 287 + 288 + # For an object signing certificate this would be used. 289 + # nsCertType = objsign 290 + 291 + # For normal client use this is typical 292 + # nsCertType = client, email 293 + 294 + # and for everything including object signing: 295 + # nsCertType = client, email, objsign 296 + 297 + # This is typical in keyUsage for a client certificate. 298 + # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 299 + 300 + # This will be displayed in Netscape's comment listbox. 301 + nsComment = "OpenSSL Generated Certificate" 302 + 303 + # PKIX recommendations harmless if included in all certificates. 304 + subjectKeyIdentifier=hash 305 + authorityKeyIdentifier=keyid,issuer 306 + 307 + # This stuff is for subjectAltName and issuerAltname. 308 + # Import the email address. 309 + # subjectAltName=email:copy 310 + # An alternative to produce certificates that aren't 311 + # deprecated according to PKIX. 312 + # subjectAltName=email:move 313 + 314 + # Copy subject details 315 + # issuerAltName=issuer:copy 316 + 317 + #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 318 + #nsBaseUrl 319 + #nsRevocationUrl 320 + #nsRenewalUrl 321 + #nsCaPolicyUrl 322 + #nsSslServerName 323 + 324 + # This really needs to be in place for it to be a proxy certificate. 325 + proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo 326 + 327 + #################################################################### 328 + [ tsa ] 329 + 330 + default_tsa = tsa_config1 # the default TSA section 331 + 332 + [ tsa_config1 ] 333 + 334 + # These are used by the TSA reply generation only. 335 + dir = ./demoCA # TSA root directory 336 + serial = $dir/tsaserial # The current serial number (mandatory) 337 + crypto_device = builtin # OpenSSL engine to use for signing 338 + signer_cert = $dir/tsacert.pem # The TSA signing certificate 339 + # (optional) 340 + certs = $dir/cacert.pem # Certificate chain to include in reply 341 + # (optional) 342 + signer_key = $dir/private/tsakey.pem # The TSA private key (optional) 343 + 344 + default_policy = tsa_policy1 # Policy if request did not specify it 345 + # (optional) 346 + other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) 347 + digests = md5, sha1 # Acceptable message digests (mandatory) 348 + accuracy = secs:1, millisecs:500, microsecs:100 # (optional) 349 + clock_precision_digits = 0 # number of digits after dot. (optional) 350 + ordering = yes # Is ordering defined for timestamps? 351 + # (optional, default: no) 352 + tsa_name = yes # Must the TSA name be included in the reply? 353 + # (optional, default: no) 354 + ess_cert_id_chain = no # Must the ESS cert id chain be included? 355 + # (optional, default: no)

+8 -1

fish/config.fish

··· 9 9 enable direnv hook fish 10 10 enable rbenv init - 11 11 12 + set fish_user_paths ~/Workspace/hauleth/dotfiles/bin \ 13 + ~/.bin \ 14 + ~/.cargo/bin \ 15 + ~/go/bin \ 16 + ~/.mix \ 17 + /usr/local/opt/gettext/bin 18 + 12 19 if status --is-interactive 13 20 if not functions -q fundle 14 21 eval (curl -sfL https://git.io/fundle-install) ··· 27 34 28 35 enable jump shell fish 29 36 30 - ssh-add -K ^/dev/null 37 + ssh-add -K ^/dev/null & 31 38 end

+6 -6

iterm2/com.googlecode.iterm2.plist

··· 647 647 gAKACoAN0xAJChEVGVdOUy5rZXlzoxITFIADgASABaMWFxiABoAHgAiACVpJZGVudGlm 648 648 aWVyVVdpZHRoVkhpZGRlblEwI0BowAAAAAAACNIhIiMkWiRjbGFzc25hbWVYJGNsYXNz 649 649 ZXNcTlNEaWN0aW9uYXJ5oiMlWE5TT2JqZWN00xAJCicrGaMSExSAA4AEgAWjLC0YgAuA 650 - DIAIgAlRMSNAczGdsi0OVtIhIjM0Xk5TTXV0YWJsZUFycmF5ozM1JVdOU0FycmF5XxAP 650 + DIAIgAlRMSNAdCGdsi0OVtIhIjM0Xk5TTXV0YWJsZUFycmF5ozM1JVdOU0FycmF5XxAP 651 651 TlNLZXllZEFyY2hpdmVy0Tg5VUFycmF5gAEACAARABoAIwAtADIANwBGAEwAUQBcAGMA 652 652 ZgBoAGoAbABzAHsAfwCBAIMAhQCJAIsAjQCPAJEAnACiAKkAqwC0ALUAugDFAM4A2wDe 653 653 AOcA7gDyAPQA9gD4APwA/gEAAQIBBAEGAQ8BFAEjAScBLwFBAUQBSgAAAAAAAAIBAAAA ··· 670 670 <key>NSWindow Frame SessionsPreferences</key> 671 671 <string>269 126 606 469 0 0 1440 900 </string> 672 672 <key>NSWindow Frame SharedPreferences</key> 673 - <string>469 564 796 473 0 0 1920 1080 </string> 673 + <string>269 490 918 381 0 0 1440 900 </string> 674 674 <key>NSWindow Frame UKCrashReporter</key> 675 675 <string>99 316 592 584 0 0 1440 900 </string> 676 676 <key>NSWindow Frame com.apple.typography_panel_Hasklig-Regular</key> 677 677 <string>-1620 731 260 310 -1920 0 1920 1080 </string> 678 678 <key>NSWindow Frame iTerm Window 0</key> 679 - <string>390 133 665 476 0 0 1920 1080 </string> 679 + <string>390 133 665 476 0 0 1440 900 </string> 680 680 <key>NSWindow Frame iTerm Window 1</key> 681 - <string>628 420 665 477 0 0 1920 1080 </string> 681 + <string>389 295 650 476 0 0 1440 900 </string> 682 682 <key>New Bookmarks</key> 683 683 <array> 684 684 <dict> ··· 1393 1393 <key>Silence Bell</key> 1394 1394 <true/> 1395 1395 <key>Smart Cursor Color</key> 1396 - <true/> 1396 + <false/> 1397 1397 <key>Sync Title</key> 1398 1398 <false/> 1399 1399 <key>Tab Color</key> ··· 2251 2251 <key>SUHasLaunchedBefore</key> 2252 2252 <true/> 2253 2253 <key>SULastCheckTime</key> 2254 - <date>2017-10-17T10:14:55Z</date> 2254 + <date>2017-10-24T20:34:26Z</date> 2255 2255 <key>SUSendProfileInfo</key> 2256 2256 <false/> 2257 2257 <key>ShowFullScreenTabBar</key>

+3 -3

nvim/autoload/plugins.vim

··· 1 1 " vi: foldmethod=marker 2 - let s:current_file = expand("<sfile>") 2 + let s:current_file = expand('<sfile>') 3 3 4 - if !exists("*plugins#reload") 4 + if !exists('*plugins#reload') 5 5 func! plugins#reload() abort 6 6 exec 'source ' . s:current_file 7 7 ··· 76 76 77 77 " Helpers 78 78 79 - func! s:install_skim() abort 79 + func! s:install_skim(...) abort 80 80 if has(':AsyncRun') 81 81 noautocmd AsyncRun! ./install --bin 82 82 else

+7 -12

nvim/init.vim

··· 20 20 set nowrap linebreak formatoptions+=l 21 21 " }}} 22 22 " User interface {{{ 23 + set lazyredraw 24 + 25 + " Ignore case. If your code uses different casing to differentiate files, then 26 + " you need mental help 27 + set wildignorecase fileignorecase 23 28 " Colors {{{ 24 29 set termguicolors 25 30 colorscheme blame ··· 75 80 set undofile 76 81 " }}} 77 82 " Custom configurations {{{ 83 + let g:vue_disable_pre_processors = 1 78 84 " Fuzzy file search {{{ 79 85 nnoremap <Space><Space> :<C-u>SK<CR> 80 86 " }}} ··· 93 99 cabbr Gita! Gina! 94 100 cabbr G Gina 95 101 cabbr G! Gina! 96 - cabbr git Gina 97 - cabbr git! Gina! 98 102 cabbr Git Gina 99 103 cabbr Git! Gina! 100 104 " }}} 101 - " Sad changes {{{ 102 - " nmap c <Plug>(sad-change-forward) 103 - " vmap c <Plug>(sad-change-forward) 104 - " nmap C <Plug>(sad-change-forward)$ 105 - " nnoremap cc cc 106 - " nnoremap <Space>c c 107 - " nnoremap <Space>C C 108 - " vnoremap <Space>c c 109 - " }}} 110 105 " Asynchronous commands {{{ 111 106 command! -bang -nargs=* -complete=file Make AsyncRun -program=make @ <args> 112 107 command! -bang -nargs=* -complete=file Grep AsyncRun -program=grep @ <args> ··· 177 172 tnoremap <C-q> <C-\><C-n> 178 173 179 174 if executable('nvr') 180 - let $EDITOR = 'nvr -cc split --remote-wait' 175 + let $EDITOR = 'nvr -cc split -c "set bufhidden=delete" --remote-wait' 181 176 endif 182 177 endif 183 178 " }}}

Configure Feed

Configure Feed