blob: bf28ca02f30c1886c3580569d4a9340b0b114c31 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
#!/usr/bin/env bash
# ============LICENSE_START=======================================================
# csit-dcaegen2-collectors-hv-ves
# ================================================================================
# Copyright (C) 2018-2019 NOKIA
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
set -eu -o pipefail -o xtrace
STORE_PASS=onaponap
CN_PREFIX=dcaegen2-hvves
DNAME_PREFIX="C=PL,ST=DL,L=Wroclaw,O=Nokia,OU=MANO,CN=${CN_PREFIX}"
TRUST=trust
store_opts="-storetype PKCS12 -storepass ${STORE_PASS} -noprompt"
function gen_key() {
local key_name="$1"
local ca="$2"
local keystore="-keystore ${key_name}.p12 ${store_opts}"
keytool -genkey -alias ${key_name} \
${keystore} \
-keyalg RSA \
-validity 730 \
-keysize 2048 \
-dname "${DNAME_PREFIX}-${key_name}"
keytool -import -trustcacerts -alias ${ca} -file ${ca}.crt ${keystore}
keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \
keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \
keytool -alias ${key_name} -importcert ${keystore}
printf ${STORE_PASS} > ${key_name}.pass
}
function gen_ca() {
local ca="$1"
keytool -genkeypair ${store_opts} -alias ${ca} -dname "${DNAME_PREFIX}-${ca}" -keystore ${ca}.p12
keytool -export -alias ${ca} -file ${ca}.crt ${store_opts} -keystore ${ca}.p12
}
function gen_truststore() {
local trusted_ca="$1"
keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12
printf ${STORE_PASS} > ${TRUST}.pass
}
function clean() {
rm -f *.crt *.p12 *.pass
}
if [[ $# -eq 0 ]]; then
gen_ca ca
gen_ca untrustedca
gen_truststore ca
gen_key client ca
gen_key server ca
gen_key untrustedclient untrustedca
elif [[ $1 == "clean" ]]; then
clean
else
echo "usage: $0 [clean]"
exit 1
fi
|