From 1f277db873cd2067cc24d4587e9b384c6b40b711 Mon Sep 17 00:00:00 2001
From: ghe0 <gheorghe@gheo.tech>
Date: Sat, 26 Apr 2025 22:33:03 +0300
Subject: [PATCH] added scripts

---
 .gitignore                       |  1 +
 scripts/ca_cert.pem              | 35 +++++++++++++++++++++++
 scripts/ca_cert.srl              |  1 +
 scripts/create_certs.sh          | 49 ++++++++++++++++++++++++++++++++
 scripts/deploy.sh                | 21 ++++++++++++++
 scripts/detee-brain-mock.service | 11 +++++++
 scripts/staging_brain.cnf        | 20 +++++++++++++
 scripts/staging_cert.pem         | 29 +++++++++++++++++++
 scripts/testnet_brain.cnf        | 20 +++++++++++++
 scripts/testnet_cert.pem         | 34 ++++++++++++++++++++++
 10 files changed, 221 insertions(+)
 create mode 100644 scripts/ca_cert.pem
 create mode 100644 scripts/ca_cert.srl
 create mode 100755 scripts/create_certs.sh
 create mode 100755 scripts/deploy.sh
 create mode 100644 scripts/detee-brain-mock.service
 create mode 100644 scripts/staging_brain.cnf
 create mode 100644 scripts/staging_cert.pem
 create mode 100644 scripts/testnet_brain.cnf
 create mode 100644 scripts/testnet_cert.pem

diff --git a/.gitignore b/.gitignore
index 5c919d3..ed3ad69 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /target
+secrets
 tmp
diff --git a/scripts/ca_cert.pem b/scripts/ca_cert.pem
new file mode 100644
index 0000000..d7f3199
--- /dev/null
+++ b/scripts/ca_cert.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIF/TCCA+WgAwIBAgIULPbWfncT/qhqcWgA+ryYqubND78wDQYJKoZIhvcNAQEL
+BQAwgY0xCzAJBgNVBAYTAlZHMRAwDgYDVQQIDAdUb3J0b2xhMRIwEAYDVQQHDAlS
+b2FkIFRvd24xEjAQBgNVBAoMCURlVEVFIEx0ZDENMAsGA1UECwwEV2ViMzETMBEG
+A1UEAwwKZGV0ZWUtcm9vdDEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBkZXRlZS5s
+dGQwHhcNMjUwMzI3MTQ1OTQxWhcNMzUwMzI1MTQ1OTQxWjCBjTELMAkGA1UEBhMC
+VkcxEDAOBgNVBAgMB1RvcnRvbGExEjAQBgNVBAcMCVJvYWQgVG93bjESMBAGA1UE
+CgwJRGVURUUgTHRkMQ0wCwYDVQQLDARXZWIzMRMwEQYDVQQDDApkZXRlZS1yb290
+MSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0QGRldGVlLmx0ZDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAOtwb0JqT61l058FKkXWxYwxcn9mkIQ3JY5t67xL
+dM/eaSYcLCFvQQ8LZilhYUxEIkqF2+qloyhMgru5erHcn/xul7RnIPpj/ActPFEU
+5Snr4lHP6WJebDSFHmKkh4ogwFqMpq3SvAJ0/h1MxZu1hf369hCmyMvevjINX1kB
+VzZGMKUe3M1YOi62Vbhfd3JUkAMedrVmcZoeOE63Fz4NYs/UMbAQYBtEvPp3qYvM
+vLnDJlCrb9fAia4qFOnzqIa40LEcbDiG7Yxw9jvacb9+rKboaPkNWcZqyNl7CQYr
+yOlSPYa6ehoZ4WGrDzrZMOGp88i3Qkd55VxuivSouUS4bkmSS+QPkRHyOGovatfp
+7AmhgQmfozjovSR2Tk+kGD3VxsAPAQWYxJLYHUtjidBUFQnwjAWpU0gh/iydpb0Q
+q1yEUkijMhUP6uHCLrEb+GGrkGgKgFKfgKsbyKjhXe5ftFdBJnMv8jeTxvkca3Ff
+/Tu8DXq3GVj3UZzCqv9w1a1UJTLH5WkAKrGcFsJ1QwW7yLHXW47cIgKUEAkurpWA
+TXJv7faUGcHBhywSMVCXuBRRg5zk/bdK4KXKtPt9U0QHmnNRXfl2t+1jZKVDAfF2
+x3S0x87URL4IZhGgmfTPoIlpc8ktplPQoxKpdrbMj+6BvXTRmRZRH/LoroRWunba
+1g4BAgMBAAGjUzBRMB0GA1UdDgQWBBQRnZzDpOUYk0CeW0R2pALfN80JFzAfBgNV
+HSMEGDAWgBQRnZzDpOUYk0CeW0R2pALfN80JFzAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4ICAQBQBjchxrS2LDH2HNlSOsKwar8F30tkjYG/E00Y0qjn
+x3ciC0Zlo4M0odhAF8rGkLorEbm5JN/k8lI8oKTzne1YF7g05kt4JDlr6C8vmEL2
+KpLkWc+h42z8jjc1Othj6vhHdl+vOKP+W3f2idoImvAijd2JS0+E3XWI8cgMiwHQ
+lxdMqpwk/dwS1D0E4zvXH041VAXJmlE/ys4DTEq234IwEp41AW0z9Pd9EN7QEDaq
+qUaDVOsaYCAdFCWuEucB2v0NcBNDAJVlepH+uGaQ7UH0afADTscIdrSNcNtf87ad
+1U20wiO2ayBTL5s1dz/XyGc/f3QzCSniE2fILkNg31O0wijrfLUhGbxdx0fVfcXS
+jTabojeQkmRoMguW1H5LaKvPSK06gHxFpaPqhJ8XC9Z5xrtvtVI60kquNHX7Sjwd
+wU7s40J3z5+btYHH4mPdXGsSWXS4xqmKvktzLKBJKVSgjjvzLTKspAAAFsHpIjwN
+YxxQYQl+/hmppCsp/XHE5FbT0051nIxepdtJgWfT4Xo8SxtoQy9C8RzWjMiTiYxG
+IuYkATUex//jBRxABy99v6Kx1Wa2agx7aqnAuC1VinTXG+c1RasAoNWg0vgvnUXn
+4x9HmZYJ4J3PxZjWXdn7Bna7ZV6tmmbDMlp4zy2hNEGtOVlE/ffXRyz/vkLD88Bq
+QA==
+-----END CERTIFICATE-----
diff --git a/scripts/ca_cert.srl b/scripts/ca_cert.srl
new file mode 100644
index 0000000..45f6b3a
--- /dev/null
+++ b/scripts/ca_cert.srl
@@ -0,0 +1 @@
+449CCB0DA49A05BA82A5F123866D4822A64AAAC5
diff --git a/scripts/create_certs.sh b/scripts/create_certs.sh
new file mode 100755
index 0000000..fff8d5a
--- /dev/null
+++ b/scripts/create_certs.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"
+
+mkdir -p secrets
+mkdir -p tmp
+chmod 700 secrets
+
+[[ -f "secrets/ca_key.pem" ]] || {
+  openssl genrsa -out secrets/ca_key.pem 4096
+  chmod 400 secrets/ca_key.pem
+}
+
+[[ -f "ca_cert.pem" ]] || {
+  openssl req -x509 -new -nodes \
+    -key secrets/ca_key.pem -sha256 \
+    -days 3650 -out ca_cert.pem
+}
+
+[[ -f "secrets/staging_key.pem" ]] || {
+  openssl genrsa -out secrets/staging_key.pem 2048
+  chmod 400 secrets/staging_key.pem 
+}
+
+[[ -f "tmp/staging_csr.pem" ]] || {
+  openssl req -new -key secrets/staging_key.pem \
+    -out tmp/staging_csr.pem -config staging_brain.cnf
+}
+
+[[ -f "staging_cert.pem" ]] || {
+  openssl x509 -req -in tmp/staging_csr.pem -CA ca_cert.pem -CAkey secrets/ca_key.pem \
+    -CAcreateserial -out staging_cert.pem -days 825 -sha256 \
+    -extfile staging_brain.cnf -extensions req_ext
+}
+
+[[ -f "secrets/testnet_key.pem" ]] || {
+  openssl genrsa -out secrets/testnet_key.pem 4096
+  chmod 400 secrets/testnet_key.pem 
+}
+
+[[ -f "tmp/testnet_csr.pem" ]] || {
+  openssl req -new -key secrets/testnet_key.pem \
+    -out tmp/testnet_csr.pem -config testnet_brain.cnf
+}
+
+[[ -f "testnet_cert.pem" ]] || {
+  openssl x509 -req -in tmp/testnet_csr.pem -CA ca_cert.pem -CAkey secrets/ca_key.pem \
+    -CAcreateserial -out testnet_cert.pem -days 825 -sha256 \
+    -extfile testnet_brain.cnf -extensions req_ext
+}
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
new file mode 100755
index 0000000..887b79c
--- /dev/null
+++ b/scripts/deploy.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"
+cd ..
+
+server="$1"
+
+[[ -z "$server" ]] && {
+  echo "Please specify server ip."
+  exit 1
+}
+
+[[ "$server" == "testnet" ]] && server="164.92.249.180"
+[[ "$server" == "staging" ]] && server="registry.detee.ltd"
+
+cargo build --release
+ssh $server systemctl stop detee-brain-mock.service
+scp target/release/brain-mock $server:/usr/local/bin/brain-mock
+ssh $server mkdir -p /etc/detee/brain-mock/
+scp scripts/detee-brain-mock.service $server:/etc/systemd/system/detee-brain-mock.service
+ssh $server systemctl daemon-reload
+ssh $server systemctl start detee-brain-mock.service
diff --git a/scripts/detee-brain-mock.service b/scripts/detee-brain-mock.service
new file mode 100644
index 0000000..4a509b9
--- /dev/null
+++ b/scripts/detee-brain-mock.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=DeTEE Brain Mock
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/brain-mock
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/staging_brain.cnf b/scripts/staging_brain.cnf
new file mode 100644
index 0000000..6f747a2
--- /dev/null
+++ b/scripts/staging_brain.cnf
@@ -0,0 +1,20 @@
+[ req ]
+default_bits       = 2048
+prompt             = no
+default_md         = sha256
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+
+[ req_distinguished_name ]
+C  = VG
+ST = Tortola
+L  = Road Town
+O  = DeTEE Ltd
+OU = Web3
+CN = staging-brain
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = staging-brain
diff --git a/scripts/staging_cert.pem b/scripts/staging_cert.pem
new file mode 100644
index 0000000..11336c6
--- /dev/null
+++ b/scripts/staging_cert.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE5jCCAs6gAwIBAgIURJzLDaSaBbqCpfEjhm1IIqZKqsMwDQYJKoZIhvcNAQEL
+BQAwgY0xCzAJBgNVBAYTAlZHMRAwDgYDVQQIDAdUb3J0b2xhMRIwEAYDVQQHDAlS
+b2FkIFRvd24xEjAQBgNVBAoMCURlVEVFIEx0ZDENMAsGA1UECwwEV2ViMzETMBEG
+A1UEAwwKZGV0ZWUtcm9vdDEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBkZXRlZS5s
+dGQwHhcNMjUwMzI4MTQxMzIwWhcNMjcwNzAxMTQxMzIwWjBuMQswCQYDVQQGEwJW
+RzEQMA4GA1UECAwHVG9ydG9sYTESMBAGA1UEBwwJUm9hZCBUb3duMRIwEAYDVQQK
+DAlEZVRFRSBMdGQxDTALBgNVBAsMBFdlYjMxFjAUBgNVBAMMDXN0YWdpbmctYnJh
+aW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcXmOZ1GYsOghZzzS1
+c4139hs1VwB5kK4z2JLXR15SHc1dyDfQO1FBMDMUD/jfROVgTFx3l7X/MGv0hoeA
+h4QsyiDaHcba/WqFJ59rWDNIz5GvI4bDw8OctNrNMrhUtNYtfC9gTkk3N4c06TDE
+8ga9cTuPDw+fCKghvK7TJVF7UDZYaqjf4Et4zo+ahefkeJF8NUD+HTUbZcg5Ebuz
+me4/8b/zORMtXXmRUzcOCZTY5TnQfdGKtO+aYcUEuJusWPvjq3+8duprIElKn3sH
+e8Ju7qrJpX+NurJHEonbtzWspIgJP8/4GO4oetHN/ppXrHtE5qqG6qvS+Fna71DQ
+HGORAgMBAAGjXDBaMBgGA1UdEQQRMA+CDXN0YWdpbmctYnJhaW4wHQYDVR0OBBYE
+FP7OXu7YjWhacQVz7Xi9HqixkcoeMB8GA1UdIwQYMBaAFBGdnMOk5RiTQJ5bRHak
+At83zQkXMA0GCSqGSIb3DQEBCwUAA4ICAQBIQ/EboY0ZVf1VTWtBZKXIWFANDlGc
+vFgejlxeruXGsiJpeQCsAXP6ZMSgVTapSBzTCURbV64vwhlSMJGFzV8m8XFYw6/o
+7mn0VCJjM2309A9uKs/Vk8dhG+BAMUT+bgQW+yyO/agpi5I1ChEVHHNyVI5JVxAR
+wAmKHVKccGnW5Ji9OVFCt14IXWqPo3cE/Y+IaFG9OJYENa3JNRLfXMDoxHpiQ6I3
+v2/YcN2E0m1WwrMgsUpRE8hroLQWCghgzMGjJn0YQ6yTGeh6ibRkIg9yaXLxHygq
+sauPn+JFhY7V/AP0V212ksEfEPHciZPaNriK3y2m2SDVYpXRVHHqWhQxb5yc+B6A
+QWdu45pP1gVM6SGnJDuIrtihg9hUXVB22Uoea6kOGhdlS5m9fv1KRH1ScF7Onbzd
+TjxPLoEzvj6/cNu7XEixjQOSmcs68PX8t+Jp8I2gMCQ++ZzQ7oyS5xzwKcDYcjPm
+2rud5px7H8zwNdP+cNFifSYNHs4ltgXmTDKOhvntGWXjNsq3Olw2tvbLIPQETRQc
+T5BTDMcNPNeXquzer/OJZOkJrZeG5RvbVeQ8AfdldMUNoX9fhSOtIY1L99wculHU
+XqC2NVpZxXDUwR8GKQuLGuOkMQmCdTLd1svJh5Deih4IddII1LP6qP2Izo3CUgDV
+LuxVyvp8squzVg==
+-----END CERTIFICATE-----
diff --git a/scripts/testnet_brain.cnf b/scripts/testnet_brain.cnf
new file mode 100644
index 0000000..495c009
--- /dev/null
+++ b/scripts/testnet_brain.cnf
@@ -0,0 +1,20 @@
+[ req ]
+default_bits       = 4096
+prompt             = no
+default_md         = sha256
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+
+[ req_distinguished_name ]
+C  = VG
+ST = Tortola
+L  = Road Town
+O  = DeTEE Ltd
+OU = Web3
+CN = testnet-brain
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = testnet-brain
diff --git a/scripts/testnet_cert.pem b/scripts/testnet_cert.pem
new file mode 100644
index 0000000..2f25802
--- /dev/null
+++ b/scripts/testnet_cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF5jCCA86gAwIBAgIURJzLDaSaBbqCpfEjhm1IIqZKqsUwDQYJKoZIhvcNAQEL
+BQAwgY0xCzAJBgNVBAYTAlZHMRAwDgYDVQQIDAdUb3J0b2xhMRIwEAYDVQQHDAlS
+b2FkIFRvd24xEjAQBgNVBAoMCURlVEVFIEx0ZDENMAsGA1UECwwEV2ViMzETMBEG
+A1UEAwwKZGV0ZWUtcm9vdDEgMB4GCSqGSIb3DQEJARYRc3VwcG9ydEBkZXRlZS5s
+dGQwHhcNMjUwMzI4MTQxNDE1WhcNMjcwNzAxMTQxNDE1WjBuMQswCQYDVQQGEwJW
+RzEQMA4GA1UECAwHVG9ydG9sYTESMBAGA1UEBwwJUm9hZCBUb3duMRIwEAYDVQQK
+DAlEZVRFRSBMdGQxDTALBgNVBAsMBFdlYjMxFjAUBgNVBAMMDXRlc3RuZXQtYnJh
+aW4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwbfN9iq/Zl97etbqW
+q1DR8WOupTK94r1pZ2cGAyozED2JuQVdslaLU8Jt9QZUlhLYYVf/vXanPmgxh+NA
+VxvLPUjI/RZ84qGi58Uii3YCEQm6AwW0M21HPRQyctBqFc2KvxBBsCNg/G0wLpEI
+qdEP9mHP1k/hlW6nxKsM/jAgeIuEGWH83sqkZnzRb6jVjQw9yPYvY/4UzSX13fdD
+J+ML9H+0qfYgYkpv0Y9LjEwJEOM7tZY5y9LcOBb/CAKgBjb1MWqJuKhTen9ZryGi
+snmqXRMgOygTMiUUKV/cy4SUnlKymUDUxt5sSbV+2f/lzamYzjXreycR+6m4ol4n
+Xz8IfLROEDp0lk07r33fj1z9Z4huH7J9L1eOQpViDNI762hrZzz8my1VyOfyyhOr
+wbg2GtIaM5pnakeWFXRw/+NGQEy2quSDBrHsWliEN2F/pDiDByZhaotNxNTN56Jq
+mmOyOv4HjPgmK5iSmUp+Dpf8CWT+PPec9UqRQfV/6gUeRD68VvRsPD5UmQ+wl/3Y
+DLq0y2GkGmzGOFk2LN916Tl4gynlj1EDtsiXFyHGvJk05ZjjNy/QDJG4BlQIR1yV
+a7uHVCi4GOhE5CUS2XVLZ+kQC/IAiXM2Cw8z9W0JPv4p/CnH8riWacCY22kIz9oH
+Rn7x31YKRsrULjgRMA57up/ycwIDAQABo1wwWjAYBgNVHREEETAPgg10ZXN0bmV0
+LWJyYWluMB0GA1UdDgQWBBSsKdb7/zgpiNza73tRZc+Iw83f3zAfBgNVHSMEGDAW
+gBQRnZzDpOUYk0CeW0R2pALfN80JFzANBgkqhkiG9w0BAQsFAAOCAgEAeDG2X2Lk
+wgbwSrx3fzRVP2KIho7C3rBVX/6p4eisl4s50pHXF9UAHwc2BXY4r+gl1TisF24y
+hWTD9OfYW+q4d7+gcF5smQVeSmwIPSZgIRRaz4YI7p5grICw9+7Qh6IgLw+WsEUw
+URCll5a81CdpITmrKxy4O+MScBY4+M4PZziqaZw60cdjC6hFikrndox91hEYvNdc
+EQXoivYjfB9TO55gwzKHdmBHGzI1hPlTJMdBn4l0QixkJeIk2TBCWWhp15tgrNTC
+HdawZ0cTwVH1CkeXr4jdi1afvX7cGbHPufjKW2KeyasLNaUagVH13NdYTe9et4Nf
+rY3byqXICj9UMZuuMc7GJv07hRJ4DNyZMWtRr0duqAo3frGzJk4C4v25nU9msfCY
+YjqM0KWOlrVPpnH7e8eMLFKZgrD6rV1a+cqvtjGSwNhbOZJ3xCPe/m+zeIOPkgDH
+hDKoOagHVyBS+9ryIeEYmipxg7yjpbFUmI9Z8FE+teZdA0iBRjyikqzgtten7ZP8
+uJiSAEbqn0l1O/qAyI6SlD/nsCX513KRk6kvFEWSud2vePsSQ9gtwjKCw3E4/OdL
+AWUEOWQlCHVQioyrVc2WwRtO6o+prb+Nk/TTp9Gyp1fQjqMquESIsNoUvhrMOwXf
+nIUh6pszMpdBlOnyry4RUK3I0sgM5TACZ1Y=
+-----END CERTIFICATE-----