-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate_DoS_app_keys.sh
More file actions
executable file
·60 lines (50 loc) · 1.14 KB
/
generate_DoS_app_keys.sh
File metadata and controls
executable file
·60 lines (50 loc) · 1.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/usr/bin/env bash
set -euo pipefail
usage() {
echo "Usage: $0 <KID> [output-directory]"
exit 1
}
# check args
if [[ $# -lt 1 || $# -gt 2 ]]; then
usage
fi
KID="$1"
OUTDIR="${2:-./data/keys}/${KID}"
# create output dir if needed
mkdir -p "$OUTDIR"
# paths
KEY_PRIVATE="$OUTDIR/${KID}.pem"
KEY_PUBLIC="$OUTDIR/${KID}.pem.pub"
JWK_JSON="$OUTDIR/${KID}.json"
openssl genrsa -out "$KEY_PRIVATE" 4096
openssl rsa -in "$KEY_PRIVATE" -pubout -outform PEM -out "$KEY_PUBLIC"
MODULUS=$(
openssl rsa -pubin -in "$KEY_PUBLIC" -noout -modulus \
| cut -d '=' -f2 \
| xxd -r -p \
| openssl base64 -A \
| sed 's|+|-|g; s|/|_|g; s|=||g'
)
cat > "$JWK_JSON" <<EOF
{
"keys": [
{
"kty": "RSA",
"n": "${MODULUS}",
"e": "AQAB",
"alg": "RS512",
"kid": "${KID}",
"use": "sig"
}
]
}
EOF
# Base64-encode the JSON and print the mock-JWKS URL
ENCODED_JWK=$(openssl base64 -A < "$JWK_JSON")
echo "✔ Generated:"
echo " • Private key: $KEY_PRIVATE"
echo " • Public key: $KEY_PUBLIC"
echo " • JWK JSON: $JWK_JSON"
echo
echo "Mock JWKS URL:"
echo "https://api.service.nhs.uk/mock-jwks/${ENCODED_JWK}"