Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 10489016f4b0d12f8400dcf3c73c8b8da0522246 / . / conf / CA / bootstrap.sh
blob: 20093ee3293053d4f255f399351a6694d676cc27 [file] [log] [blame]
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]1#
2# Streamlined AAF Bootstrap initial Cert
3# Removed Variables so it can be run for AutoDeployments
4#
5echo "Bootstrap AAF Certificate"
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]6mkdir -p private certs newcerts
7chmod 700 private
8chmod 755 certs newcerts
9touch index.txt
10echo "unique_subject = no" > index.txt.attr
11
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]12NAME=aaf.bootstrap
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]13FQDN=$(hostname -f)
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]14FQI=aaf@aaf.osaaf.org
15SUBJECT="/CN=$FQDN/OU=$FQI`cat subject.aaf`"
16SIGNER_P12=$1
17SIGNER_KEY=/tmp/aaf_signer.key
18SIGNER_CRT=/tmp/aaf_signer.crt
19PASSPHRASE=$2
20if [ "PASSPHRASE" = "" ]; then
21 PASSPHRASE="something easy"
22fi
23BOOTSTRAP_SAN=/tmp/$NAME.san
24BOOTSTRAP_KEY=/tmp/$NAME.key
25BOOTSTRAP_CSR=/tmp/$NAME.csr
26BOOTSTRAP_CRT=/tmp/$NAME.crt
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]27BOOTSTRAP_CHAIN=/tmp/$NAME.chain
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]28BOOTSTRAP_P12=$NAME.p12
29
30
31# If Signer doesn't exist, create Self-Signed CA
32if [ ! -e "$SIGNER_P12" ]; then
33 # Creating Signer CA
34 openssl req -config openssl.conf -x509 -sha256 -extensions v3_ca \
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]35 -newkey rsa:4096 -subj /CN="Signer$(cat subject.aaf)" \
36 -keyout $SIGNER_KEY -out $SIGNER_CRT -days 365 -passout stdin << EOF
37$PASSPHRASE
38EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]39
40 # Move to P12 (Signer)
41 openssl pkcs12 -name RootCA -export -in $SIGNER_CRT -inkey $SIGNER_KEY -out $SIGNER_P12 -passin stdin -passout stdin << EOF
42$PASSPHRASE
43$PASSPHRASE
44$PASSPHRASE
45EOF
46
47else
48 # Get Private key from P12
49 openssl pkcs12 -in $SIGNER_P12 -nocerts -nodes -passin stdin -passout stdin -out $SIGNER_KEY << EOF
50$PASSPHRASE
51$PASSPHRASE
52EOF
53
54 # Get Cert from P12
55 openssl pkcs12 -in $SIGNER_P12 -clcerts -nokeys -passin stdin -out $SIGNER_CRT << EOF
56$PASSPHRASE
57EOF
58
59fi
60
61# SANS
62cp san.conf $BOOTSTRAP_SAN
63NUM=1
64for D in $FQDN aaf.osaaf.org service.aaf.osaaf.org locate.aaf.osaaf.org oauth.aaf.osaaf.org gui.aaf.osaaf.org cm.aaf.osaaf.org hello.aaf.osaaf.org; do
65 echo "DNS.$NUM = $D" >> $BOOTSTRAP_SAN
66 NUM=$((NUM+1))
67done
68
69# Create CSR
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]70openssl req -new -newkey rsa:2048 -nodes -keyout $BOOTSTRAP_KEY \
71 -out $BOOTSTRAP_CSR -outform PEM -subj "$SUBJECT" \
72 -passout stdin << EOF
73$PASSPHRASE
74EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]75
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]76echo Sign it
77openssl ca -batch -config openssl.conf -extensions server_cert \
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]78 -cert $SIGNER_CRT -keyfile $SIGNER_KEY \
79 -policy policy_loose \
80 -days 90 \
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]81 -passin stdin \
82 -out $BOOTSTRAP_CRT \
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]83 -extfile $BOOTSTRAP_SAN \
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]84 -infiles $BOOTSTRAP_CSR << EOF
85$PASSPHRASE
86EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]87
88# Make a P12
89# Add THIS Intermediate CA into chain
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]90cat $BOOTSTRAP_CRT
91cp $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN
92cat $SIGNER_CRT >> $BOOTSTRAP_CHAIN
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]93
94# Note: Openssl will pickup and load all Certs in the Chain file
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]95openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CHAIN -inkey $BOOTSTRAP_KEY -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]96$PASSPHRASE
97$PASSPHRASE
98$PASSPHRASE
99EOF
100
101# Cleanup
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]102rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN $SIGNER_KEY $SIGNER_CRT