QuiCC/Dockerfile at main · nuvious/QuiCC · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
FROM python:3.9-slim-bookworm

WORKDIR /app

RUN apt-get update && apt-get install openssl libssl-dev build-essential -y && \
    pip3 install dnslib jinja2 starlette wsproto

SHELL ["/bin/bash", "-c"]

COPY . .

# 4096 bit key is only for demonstration purposes
RUN pip3 install aioquic/ && \
    openssl genpkey -algorithm RSA -out server_key.pem -pkeyopt rsa_keygen_bits:4096 && \
    openssl genpkey -algorithm RSA -out client_key.pem -pkeyopt rsa_keygen_bits:4096 && \
    openssl rsa -in client_key.pem -pubout -out client_public_key.pem && \
    openssl rsa -in server_key.pem -pubout -out server_public_key.pem && \
    openssl genrsa -out ca-key.pem 4096 && \
    openssl req -new -x509 -days 365 -key ca-key.pem -out aioquic/tests/pycacert.pem -subj '/CN=QuiCCA' && \
    openssl genrsa -out aioquic/tests/ssl_key.pem 4096 && \
    openssl req -new -key aioquic/tests/ssl_key.pem -out csr.pem -subj '/CN=quicc' -nodes && \
    openssl x509 -req -in csr.pem -out aioquic/tests/ssl_cert.pem \
      -CA aioquic/tests/pycacert.pem -CAkey ca-key.pem -CAcreateserial -days 3650 \
      -extfile <(printf "subjectAltName=DNS:quicc\nkeyUsage=digitalSignature,keyEncipherment\nextendedKeyUsage=serverAuth,clientAuth\nbasicConstraints=CA:FALSE\nsubjectKeyIdentifier=hash\nauthorityKeyIdentifier=keyid,issuer\nauthorityInfoAccess=caIssuers;URI:http://testca.pythontest.net/testca/pycacert.cer,OCSP;URI:http://testca.pythontest.net/testca/ocsp/\ncrlDistributionPoints=URI:http://testca.pythontest.net/testca/revocation.crl")

  SHELL [ "/bin/sh" ]