| blob | 4f38ca309b05bc2507ea92a321515f9849a0839c |
1 # Minica can provide a CA key and cert, plus a key
2 # and cert for our fake CA server's Web Front End (WFE).
3 {
4 pkgs ? import <nixpkgs> {},
5 minica ? pkgs.minica,
6 mkDerivation ? pkgs.stdenv.mkDerivation
7 }:
8 let
9 conf = import ./snakeoil-certs.nix;
10 domain = conf.domain;
11 in mkDerivation {
12 name = "test-certs";
13 buildInputs = [ (minica.overrideAttrs (old: {
14 prePatch = ''
15 sed -i 's_NotAfter: time.Now().AddDate(2, 0, 30),_NotAfter: time.Now().AddDate(20, 0, 0),_' main.go
16 '';
17 })) ];
18 dontUnpack = true;
20 buildPhase = ''
21 minica \
22 --ca-key ca.key.pem \
23 --ca-cert ca.cert.pem \
24 --domains ${domain}
25 '';
27 installPhase = ''
28 mkdir -p $out
29 mv ca.*.pem $out/
30 mv ${domain}/key.pem $out/${domain}.key.pem
31 mv ${domain}/cert.pem $out/${domain}.cert.pem
32 '';
33 }