Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / e4a29f33ba3e5face52d36bfcbf4082a6357c623 / . / conf / CA / bootstrap.sh
blob: 5618124686318ee81a283a92db7544e26826a7d0 [file] [log] [blame]
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]1#
2# Streamlined AAF Bootstrap initial Cert
3# Removed Variables so it can be run for AutoDeployments
4#
5echo "Bootstrap AAF Certificate"
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]6mkdir -p private certs newcerts
7chmod 700 private
8chmod 755 certs newcerts
9touch index.txt
10echo "unique_subject = no" > index.txt.attr
Instrumental0d4ec122018-08-30 14:33:08 -0500[diff] [blame]11if [ ! -e ./serial ]; then
12 echo '01' > ./serial
13fi
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]14
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]15NAME=aaf.bootstrap
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]16FQDN=$(hostname -f)
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]17FQI=aaf@aaf.osaaf.org
18SUBJECT="/CN=$FQDN/OU=$FQI`cat subject.aaf`"
19SIGNER_P12=$1
20SIGNER_KEY=/tmp/aaf_signer.key
21SIGNER_CRT=/tmp/aaf_signer.crt
22PASSPHRASE=$2
23if [ "PASSPHRASE" = "" ]; then
24 PASSPHRASE="something easy"
25fi
26BOOTSTRAP_SAN=/tmp/$NAME.san
27BOOTSTRAP_KEY=/tmp/$NAME.key
28BOOTSTRAP_CSR=/tmp/$NAME.csr
29BOOTSTRAP_CRT=/tmp/$NAME.crt
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]30BOOTSTRAP_CHAIN=/tmp/$NAME.chain
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]31BOOTSTRAP_P12=$NAME.p12
32
33
34# If Signer doesn't exist, create Self-Signed CA
35if [ ! -e "$SIGNER_P12" ]; then
36 # Creating Signer CA
37 openssl req -config openssl.conf -x509 -sha256 -extensions v3_ca \
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]38 -newkey rsa:4096 -subj /CN="Signer$(cat subject.aaf)" \
39 -keyout $SIGNER_KEY -out $SIGNER_CRT -days 365 -passout stdin << EOF
40$PASSPHRASE
41EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]42
43 # Move to P12 (Signer)
44 openssl pkcs12 -name RootCA -export -in $SIGNER_CRT -inkey $SIGNER_KEY -out $SIGNER_P12 -passin stdin -passout stdin << EOF
45$PASSPHRASE
46$PASSPHRASE
47$PASSPHRASE
48EOF
49
50else
51 # Get Private key from P12
52 openssl pkcs12 -in $SIGNER_P12 -nocerts -nodes -passin stdin -passout stdin -out $SIGNER_KEY << EOF
53$PASSPHRASE
54$PASSPHRASE
55EOF
56
57 # Get Cert from P12
58 openssl pkcs12 -in $SIGNER_P12 -clcerts -nokeys -passin stdin -out $SIGNER_CRT << EOF
59$PASSPHRASE
60EOF
61
62fi
63
64# SANS
65cp san.conf $BOOTSTRAP_SAN
66NUM=1
67for D in $FQDN aaf.osaaf.org service.aaf.osaaf.org locate.aaf.osaaf.org oauth.aaf.osaaf.org gui.aaf.osaaf.org cm.aaf.osaaf.org hello.aaf.osaaf.org; do
68 echo "DNS.$NUM = $D" >> $BOOTSTRAP_SAN
69 NUM=$((NUM+1))
70done
71
72# Create CSR
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]73openssl req -new -newkey rsa:2048 -nodes -keyout $BOOTSTRAP_KEY \
74 -out $BOOTSTRAP_CSR -outform PEM -subj "$SUBJECT" \
75 -passout stdin << EOF
76$PASSPHRASE
77EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]78
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]79echo Sign it
80openssl ca -batch -config openssl.conf -extensions server_cert \
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]81 -cert $SIGNER_CRT -keyfile $SIGNER_KEY \
82 -policy policy_loose \
83 -days 90 \
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]84 -passin stdin \
85 -out $BOOTSTRAP_CRT \
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]86 -extfile $BOOTSTRAP_SAN \
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]87 -infiles $BOOTSTRAP_CSR << EOF
88$PASSPHRASE
89EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]90
91# Make a P12
92# Add THIS Intermediate CA into chain
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]93cat $BOOTSTRAP_CRT
94cp $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN
95cat $SIGNER_CRT >> $BOOTSTRAP_CHAIN
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]96
97# Note: Openssl will pickup and load all Certs in the Chain file
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]98openssl pkcs12 -name $FQI -export -in $BOOTSTRAP_CHAIN -inkey $BOOTSTRAP_KEY -out $BOOTSTRAP_P12 -passin stdin -passout stdin << EOF
Instrumentalcc596dd2018-08-23 09:52:14 -0500[diff] [blame]99$PASSPHRASE
100$PASSPHRASE
101$PASSPHRASE
102EOF
103
104# Cleanup
Instrumentalb8a81292018-08-23 16:32:45 -0500[diff] [blame]105rm -f $BOOTSTRAP_SAN $BOOTSTRAP_KEY $BOOTSTRAP_CSR $BOOTSTRAP_CRT $BOOTSTRAP_CHAIN $SIGNER_KEY $SIGNER_CRT