-
Notifications
You must be signed in to change notification settings - Fork 1
/
generate.sh
157 lines (126 loc) · 4.16 KB
/
generate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
cd "$(dirname "$0")" || exit
if test -z "${PASSWORD}" || test -z "${DOMAIN}" || test -z "${FOLDER}" || test -z "${CLOUD}"; then
echo "Using 'variables.sh'"
source "variables.sh"
fi
source "lib_certs.sh"
if [[ -z "${SAN}" ]]; then
# Subject alternative names for the certificates
export SAN="dns:localhost,ip:127.0.0.1"
fi
## Variables
# DOMAIN
# FOLDER = "./certificates/"
# CLOUD
if ! test -d ${FOLDER}; then
mkdir -p "$FOLDER"
fi
if test "$1" == "-a"; then
GENERATE_ALL=1
shift
else
GENERATE_ALL=0
fi
if test $# -gt 0; then
SYSTEM=$1;
else
echo "Usage: bash generate.sh [-a] SYSTEM_NAMES" >&2
echo "Use '-a' to generate also 'pem' certificates required by the Arrowhead library." >&2
exit 2;
fi
# Create folder if does not exist
if ! test -d "${FOLDER}"; then
echo "Creating folder for certificates..."
mkdir -p "${FOLDER}"
fi
# Generating certificates for SYSTEM.CLOUD.DOMAIN.arrowhead.eu
## 1) Generate root certificate keystore
echo -n "Step 1: Root (master) certificate "
if test -f "master.p12"; then
echo "FOUND";
else
# Can be generated using:
# create_root_keystore \
# "${FOLDER}master.p12" "arrowhead.eu"
# echo "GENERATED";
echo "Download 'master.p12' and 'master.crt' (also called 'root') from arrowhead-f repository." >&2
exit 1;
fi
## 2) Generate truststore
## This is not needed?
#echo -n "Step 2: Truststore "
#
#if test -f "${FOLDER}truststore.p12"; then
# echo "FOUND";
#else
# create_truststore \
# "${FOLDER}truststore.p12" "root.crt" "arrowhead.eu"
# echo "GENERATED";
#fi
## 2) Generate cloud keystore
echo -n "Step 2: Cloud keystore "
if test -f "${FOLDER}${CLOUD}.p12" && test -f "${FOLDER}${CLOUD}.crt"; then
echo "FOUND";
else
create_cloud_keystore \
"master.p12" "arrowhead.eu" \
"${FOLDER}${CLOUD}.p12" "${CLOUD}.${DOMAIN}.arrowhead.eu"
if test $? -ne 0; then
echo "NOT GENERATED";
exit 3;
else
echo "GENERATED";
fi
fi
## 3) Generate system certificate
echo -n "Step 3: System certificates "
while test $# -gt 0; do
SYSTEM=$1
if test -f "${FOLDER}${SYSTEM}.p12"; then
echo "${SYSTEM} : FOUND";
else
create_system_keystore \
"master.p12" "arrowhead.eu" \
"${FOLDER}${CLOUD}.p12" "${CLOUD}.${DOMAIN}.arrowhead.eu" \
"${FOLDER}${SYSTEM}.p12" "${SYSTEM}.${CLOUD}.${DOMAIN}.arrowhead.eu" \
"${SAN}"
if test $? -ne 0; then
echo "${SYSTEM} : NOT GENERATED";
shift
continue
fi
if test $GENERATE_ALL -eq 1; then
openssl pkcs12 -in "${FOLDER}${SYSTEM}.p12" -out "${FOLDER}${SYSTEM}.cacert.pem" -cacerts -nokeys -password pass:"${PASSWORD}"
openssl pkcs12 -in "${FOLDER}${SYSTEM}.p12" -out "${FOLDER}${SYSTEM}.clcert.pem" -clcerts -nokeys -password pass:"${PASSWORD}"
openssl pkcs12 -in "${FOLDER}${SYSTEM}.p12" -out "${FOLDER}${SYSTEM}.privkey.pem" -nocerts -password pass:"${PASSWORD}" -passout pass:"${PASSWORD}"
openssl rsa -in "${FOLDER}${SYSTEM}.privkey.pem" -pubout -out "${FOLDER}${SYSTEM}.publickey.pem" -passin pass:"${PASSWORD}"
openssl pkcs12 -in "${FOLDER}${SYSTEM}.p12" -out "${FOLDER}${SYSTEM}.key" -nodes -nocerts -password pass:"${PASSWORD}"
openssl pkcs12 -in "${FOLDER}${SYSTEM}.p12" -out "${FOLDER}${SYSTEM}.crt" -nodes -password pass:"${PASSWORD}"
fi
echo "${SYSTEM} : GENERATED";
fi
shift
done
## 4) Generate sysop certificate
echo -n "Step 4: Sysop certificate "
if test -f "${FOLDER}sysop.p12"; then
echo "FOUND";
else
create_sysop_keystore \
"master.p12" "arrowhead.eu" \
"${FOLDER}${CLOUD}.p12" "${CLOUD}.${DOMAIN}.arrowhead.eu" \
"${FOLDER}sysop.p12" "sysop.${CLOUD}.${DOMAIN}.arrowhead.eu"
echo "GENERATED";
fi
## 5) Generate cloud truststore
echo -n "Step 5: Cloud truststore "
if test -f "${FOLDER}truststore.p12"; then
echo "FOUND";
else
create_truststore \
"${FOLDER}truststore.p12" \
"${FOLDER}${CLOUD}.crt" "${CLOUD}.${DOMAIN}.arrowhead.eu" \
"master.crt" "arrowhead.eu"
echo "GENERATED";
fi