| Pamela Dragosh | 91d04c6 | 2017-02-14 19:41:00 -0500 | [diff] [blame] | 1 | ### |
| 2 | # ============LICENSE_START======================================================= |
| Guo Ruijing | 073cc18 | 2017-07-31 08:47:35 +0000 | [diff] [blame] | 3 | # ONAP Policy Engine |
| Pamela Dragosh | 91d04c6 | 2017-02-14 19:41:00 -0500 | [diff] [blame] | 4 | # ================================================================================ |
| 5 | # Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. |
| 6 | # ================================================================================ |
| 7 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | # you may not use this file except in compliance with the License. |
| 9 | # You may obtain a copy of the License at |
| 10 | # |
| 11 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | # |
| 13 | # Unless required by applicable law or agreed to in writing, software |
| 14 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | # See the License for the specific language governing permissions and |
| 17 | # limitations under the License. |
| 18 | # ============LICENSE_END========================================================= |
| 19 | ### |
| 20 | |
| 21 | #!/bin/bash |
| 22 | # |
| 23 | # certtool [ init fqdn | importcert cert.cer.txt | exportcsr ] |
| 24 | # |
| 25 | |
| 26 | KEYPASS=${KEYSTORE_PASSWD} |
| 27 | STOREPASS=${KEYSTORE_PASSWD} |
| 28 | DIR=${POLICY_HOME}/etc/ssl |
| 29 | |
| 30 | KSFILE=policy-keystore |
| 31 | ID=`id -n -u` |
| 32 | GRP=`id -n -g` |
| 33 | |
| 34 | if [ ! -d $DIR ] |
| 35 | then |
| 36 | echo "Policy Engine application software must be installed before using certtool" |
| 37 | exit 1 |
| 38 | fi |
| 39 | |
| 40 | TZ=GMT0 |
| 41 | umask 0077 |
| 42 | cd $DIR |
| 43 | |
| 44 | MODE="$1" |
| 45 | shift |
| 46 | if [ "$MODE" = init ] |
| 47 | then |
| 48 | if [ -f $KSFILE ] |
| 49 | then |
| 50 | echo "File \"$KSFILE\" already exists - did you already initialize?" |
| 51 | echo 'Remove it before initializing' |
| 52 | exit 1 |
| 53 | fi |
| 54 | |
| 55 | if [ -f $KSFILE.tmp ] |
| 56 | then |
| 57 | echo "File \"$KSFILE.tmp\" already exists - did you already initialize?" |
| 58 | echo 'Remove it before initializing' |
| 59 | exit 1 |
| 60 | fi |
| 61 | |
| 62 | rm -f $KSFILE.csr |
| 63 | FQDN="$1" |
| 64 | shift |
| 65 | if [ "$FQDN" = "" ] |
| 66 | then |
| 67 | echo 'FQDN of server required for certtool init' |
| 68 | exit 1 |
| 69 | fi |
| 70 | |
| 71 | $JAVA_HOME/bin/keytool -genkey -alias $FQDN -keyalg RSA -keystore $KSFILE.tmp -keysize 2048 -storepass "$STOREPASS" -keypass "$KEYPASS" -dname "CN=$FQDN,OU=Information Technology,O=AT&T Services\, Inc.,L=Southfield,S=Michigan,C=US" |
| 72 | $JAVA_HOME/bin/keytool -certreq -alias $FQDN -keystore $KSFILE.tmp -file $KSFILE.csr -storepass "$STOREPASS" -keypass "$KEYPASS" |
| 73 | echo cat $DIR/$KSFILE.csr |
| 74 | cat $KSFILE.csr |
| 75 | echo Keystore initialized. Use the above certificate signing request. |
| 76 | exit 0 |
| 77 | fi |
| 78 | |
| 79 | if [ "$MODE" != "importcert" -a "$MODE" != "exportcsr" ] |
| 80 | then |
| 81 | echo "Improper arguments. Usage is:" |
| 82 | echo "First time - to create key pair:" |
| 83 | echo " certtool init <fqdn>" |
| 84 | echo "Install certificate file:" |
| 85 | echo " certtool importcert <cert.cer.txt>" |
| 86 | echo "Generate certificate signing request when old certificate nears expiry:" |
| 87 | echo " certtool exportcsr" |
| 88 | exit 1 |
| 89 | fi |
| 90 | |
| 91 | KS=$KSFILE |
| 92 | if [ ! -f $KSFILE ] |
| 93 | then |
| 94 | KS=$KSFILE.tmp |
| 95 | if [ ! -f $KSFILE.tmp ] |
| 96 | then |
| 97 | echo "Keystore not initialized." |
| 98 | exit 1 |
| 99 | fi |
| 100 | fi |
| 101 | |
| 102 | $JAVA_HOME/bin/keytool -list -keystore $KS -storepass "$STOREPASS" | grep ', PrivateKeyEntry, $' |
| 103 | FQDN=`$JAVA_HOME/bin/keytool -list -keystore $KS -storepass "$STOREPASS" | grep ', PrivateKeyEntry, $' | sed 's/,.*//'` |
| 104 | if [ "$FQDN" = "" ] |
| 105 | then |
| 106 | echo "Unable to read keystore file $KS." |
| 107 | exit 1 |
| 108 | fi |
| 109 | |
| 110 | if [ "$MODE" = exportcsr ] |
| 111 | then |
| 112 | if [ ! -f $KSFILE ] |
| 113 | then |
| 114 | echo "Cannot export new signing request before initial certificate imported" |
| 115 | exit 1 |
| 116 | fi |
| 117 | rm -f $KSFILE.csr |
| 118 | $JAVA_HOME/bin/keytool -certreq -alias $FQDN -keystore $KS -file $KSFILE.csr -storepass "$STOREPASS" -keypass "$KEYPASS" |
| 119 | echo cat $DIR/$KSFILE.csr |
| 120 | cat $KSFILE.csr |
| 121 | echo Use the above certificate signing request. |
| 122 | exit 1 |
| 123 | fi |
| 124 | |
| 125 | FN="$1" |
| 126 | shift |
| 127 | cd - |
| 128 | |
| 129 | if [ ! -f "$FN" ] |
| 130 | then |
| 131 | echo "Certificate file $FN not found." |
| 132 | exit 1 |
| 133 | fi |
| 134 | XFN=$DIR/$$.cer |
| 135 | cp "$FN" $XFN |
| 136 | cat <<!EOF >> $XFN |
| 137 | -----BEGIN CERTIFICATE----- |
| 138 | MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB |
| 139 | yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL |
| 140 | ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp |
| 141 | U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW |
| 142 | ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 |
| 143 | aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw |
| 144 | CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV |
| 145 | BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs |
| 146 | YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC |
| 147 | AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb |
| 148 | A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW |
| 149 | 9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu |
| 150 | s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T |
| 151 | L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK |
| 152 | Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T |
| 153 | AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu |
| 154 | Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw |
| 155 | HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg |
| 156 | hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v |
| 157 | Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG |
| 158 | A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E |
| 159 | FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz |
| 160 | Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny |
| 161 | H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W |
| 162 | Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG |
| 163 | QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t |
| 164 | TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY |
| 165 | Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= |
| 166 | -----END CERTIFICATE----- |
| 167 | -----BEGIN CERTIFICATE----- |
| 168 | MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf |
| 169 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT |
| 170 | LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw |
| 171 | HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx |
| 172 | FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz |
| 173 | dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv |
| 174 | ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz |
| 175 | IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi |
| 176 | MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 |
| 177 | RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb |
| 178 | ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR |
| 179 | TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ |
| 180 | Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH |
| 181 | iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB |
| 182 | AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 |
| 183 | dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9 |
| 184 | BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy |
| 185 | aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI |
| 186 | KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU |
| 187 | j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t |
| 188 | L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v |
| 189 | b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC |
| 190 | BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA |
| 191 | A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K |
| 192 | lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ |
| 193 | tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/ |
| 194 | -----END CERTIFICATE----- |
| 195 | !EOF |
| 196 | cd $DIR |
| 197 | $JAVA_HOME/bin/keytool -import -trustcacerts -alias $FQDN -keystore $KS -storepass "$STOREPASS" -keypass "$KEYPASS" -file $XFN |
| 198 | rm -f $XFN |
| 199 | |
| 200 | if [ "$KS" = "$KSFILE.tmp" ] |
| 201 | then |
| 202 | mv $KSFILE.tmp $KSFILE |
| 203 | fi |
| 204 | |
| 205 | rm -f $KSFILE.csr |
| 206 | echo Certificate imported. |
| 207 | exit 0 |