| Piotr Jaszczyk | 069dcc1 | 2018-09-20 12:04:03 +0200 | [diff] [blame^] | 1 | #!/usr/bin/env bash |
| 2 | |
| 3 | set -eu -o pipefail -o xtrace |
| 4 | |
| 5 | STORE_PASS=onaponap |
| 6 | CN_PREFIX=dcaegen2-hvves |
| 7 | DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}" |
| 8 | TRUST=trust |
| 9 | |
| 10 | store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt" |
| 11 | |
| 12 | function gen_key() { |
| 13 | local key_name="$1" |
| 14 | local ca="$2" |
| 15 | local keystore="-keystore ${key_name}.p12 ${store_opts}" |
| 16 | keytool -genkey -alias ${key_name} \ |
| 17 | ${keystore} \ |
| 18 | -keyalg RSA \ |
| 19 | -validity 730 \ |
| 20 | -keysize 2048 \ |
| 21 | -dname "${DNAME_PREFIX}-${key_name}" |
| 22 | keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore} |
| 23 | |
| 24 | keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ |
| 25 | keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ |
| 26 | keytool -alias ${key_name} -importcert ${keystore} |
| 27 | } |
| 28 | |
| 29 | |
| 30 | function gen_ca() { |
| 31 | local ca="$1" |
| 32 | keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12 |
| 33 | keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12 |
| 34 | } |
| 35 | |
| 36 | function gen_truststore() { |
| 37 | local trusted_ca="$1" |
| 38 | keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 |
| 39 | } |
| 40 | |
| 41 | function clean() { |
| 42 | rm -f *.crt *.p12 |
| 43 | } |
| 44 | |
| 45 | if [[ $# -eq 0 ]]; then |
| 46 | gen_ca ca |
| 47 | gen_ca untrustedca |
| 48 | gen_truststore ca |
| 49 | gen_key client ca |
| 50 | gen_key server ca |
| 51 | gen_key untrustedclient untrustedca |
| 52 | elif [[ $1 == "clean" ]]; then |
| 53 | clean |
| 54 | else |
| 55 | echo "usage: $0 [clean]" |
| 56 | exit 1 |
| 57 | fi |
| 58 | |