summaryrefslogtreecommitdiffstats
path: root/packages/base/src/files/bin/certtool.sh
diff options
context:
space:
mode:
Diffstat (limited to 'packages/base/src/files/bin/certtool.sh')
-rw-r--r--packages/base/src/files/bin/certtool.sh207
1 files changed, 207 insertions, 0 deletions
diff --git a/packages/base/src/files/bin/certtool.sh b/packages/base/src/files/bin/certtool.sh
new file mode 100644
index 000000000..02899f17b
--- /dev/null
+++ b/packages/base/src/files/bin/certtool.sh
@@ -0,0 +1,207 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#!/bin/bash
+#
+# certtool [ init fqdn | importcert cert.cer.txt | exportcsr ]
+#
+
+KEYPASS=${KEYSTORE_PASSWD}
+STOREPASS=${KEYSTORE_PASSWD}
+DIR=${POLICY_HOME}/etc/ssl
+
+KSFILE=policy-keystore
+ID=`id -n -u`
+GRP=`id -n -g`
+
+if [ ! -d $DIR ]
+then
+ echo "Policy Engine application software must be installed before using certtool"
+ exit 1
+fi
+
+TZ=GMT0
+umask 0077
+cd $DIR
+
+MODE="$1"
+shift
+if [ "$MODE" = init ]
+then
+ if [ -f $KSFILE ]
+ then
+ echo "File \"$KSFILE\" already exists - did you already initialize?"
+ echo 'Remove it before initializing'
+ exit 1
+ fi
+
+ if [ -f $KSFILE.tmp ]
+ then
+ echo "File \"$KSFILE.tmp\" already exists - did you already initialize?"
+ echo 'Remove it before initializing'
+ exit 1
+ fi
+
+ rm -f $KSFILE.csr
+ FQDN="$1"
+ shift
+ if [ "$FQDN" = "" ]
+ then
+ echo 'FQDN of server required for certtool init'
+ exit 1
+ fi
+
+ $JAVA_HOME/bin/keytool -genkey -alias $FQDN -keyalg RSA -keystore $KSFILE.tmp -keysize 2048 -storepass "$STOREPASS" -keypass "$KEYPASS" -dname "CN=$FQDN,OU=Information Technology,O=AT&T Services\, Inc.,L=Southfield,S=Michigan,C=US"
+ $JAVA_HOME/bin/keytool -certreq -alias $FQDN -keystore $KSFILE.tmp -file $KSFILE.csr -storepass "$STOREPASS" -keypass "$KEYPASS"
+ echo cat $DIR/$KSFILE.csr
+ cat $KSFILE.csr
+ echo Keystore initialized. Use the above certificate signing request.
+ exit 0
+fi
+
+if [ "$MODE" != "importcert" -a "$MODE" != "exportcsr" ]
+then
+ echo "Improper arguments. Usage is:"
+ echo "First time - to create key pair:"
+ echo " certtool init <fqdn>"
+ echo "Install certificate file:"
+ echo " certtool importcert <cert.cer.txt>"
+ echo "Generate certificate signing request when old certificate nears expiry:"
+ echo " certtool exportcsr"
+ exit 1
+fi
+
+KS=$KSFILE
+if [ ! -f $KSFILE ]
+then
+ KS=$KSFILE.tmp
+ if [ ! -f $KSFILE.tmp ]
+ then
+ echo "Keystore not initialized."
+ exit 1
+ fi
+fi
+
+$JAVA_HOME/bin/keytool -list -keystore $KS -storepass "$STOREPASS" | grep ', PrivateKeyEntry, $'
+FQDN=`$JAVA_HOME/bin/keytool -list -keystore $KS -storepass "$STOREPASS" | grep ', PrivateKeyEntry, $' | sed 's/,.*//'`
+if [ "$FQDN" = "" ]
+then
+ echo "Unable to read keystore file $KS."
+ exit 1
+fi
+
+if [ "$MODE" = exportcsr ]
+then
+ if [ ! -f $KSFILE ]
+ then
+ echo "Cannot export new signing request before initial certificate imported"
+ exit 1
+ fi
+ rm -f $KSFILE.csr
+ $JAVA_HOME/bin/keytool -certreq -alias $FQDN -keystore $KS -file $KSFILE.csr -storepass "$STOREPASS" -keypass "$KEYPASS"
+ echo cat $DIR/$KSFILE.csr
+ cat $KSFILE.csr
+ echo Use the above certificate signing request.
+ exit 1
+fi
+
+FN="$1"
+shift
+cd -
+
+if [ ! -f "$FN" ]
+then
+ echo "Certificate file $FN not found."
+ exit 1
+fi
+XFN=$DIR/$$.cer
+cp "$FN" $XFN
+cat <<!EOF >> $XFN
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs
+YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb
+A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW
+9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu
+s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T
+L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK
+Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T
+AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu
+Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw
+HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg
+hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v
+Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG
+A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E
+FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz
+Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny
+H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W
+Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG
+QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t
+TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY
+Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
+LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx
+FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
+dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv
+ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
+IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
+RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb
+ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR
+TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
+Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH
+iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB
+AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0
+dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9
+BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy
+aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI
+KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
+j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
+L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
+b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC
+BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA
+A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K
+lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ
+tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
+-----END CERTIFICATE-----
+!EOF
+cd $DIR
+$JAVA_HOME/bin/keytool -import -trustcacerts -alias $FQDN -keystore $KS -storepass "$STOREPASS" -keypass "$KEYPASS" -file $XFN
+rm -f $XFN
+
+if [ "$KS" = "$KSFILE.tmp" ]
+then
+ mv $KSFILE.tmp $KSFILE
+fi
+
+rm -f $KSFILE.csr
+echo Certificate imported.
+exit 0