+++ /dev/null
-CERTS_DIR = resources
-CURRENT_DIR := ${CURDIR}
-DOCKER_CONTAINER = generate-certs
-DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
-
-all: start_docker \
- clear_all \
- root_generate_keys \
- root_create_certificate \
- root_self_sign_certificate \
- client_generate_keys \
- client_generate_csr \
- client_sign_certificate_by_root \
- client_import_root_certificate \
- client_convert_certificate_to_jks \
- server_generate_keys \
- server_generate_csr \
- server_sign_certificate_by_root \
- server_import_root_certificate \
- server_convert_certificate_to_jks \
- server_convert_certificate_to_p12 \
- convert_truststore_to_p12 \
- convert_truststore_to_pem \
- server_export_certificate_to_pem \
- server_export_key_to_pem \
- clear_unused_files \
- stop_docker
-
-.PHONY: all
-
-# Starts docker container for generating certificates - deletes first, if already running
-start_docker:
- @make stop_docker
- $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
- $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
- $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
- $(eval USERNAME :=$(shell id -u))
- $(eval GROUP :=$(shell id -g))
- docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
-
-# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
-stop_docker:
- docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
-
-#Clear all files related to certificates
-clear_all:
- @make clear_existing_certificates
- @make clear_unused_files
-
-#Clear certificates
-clear_existing_certificates:
- @echo "Clear certificates"
- ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
- @echo "#####done#####"
-
-#Generate root private and public keys
-root_generate_keys:
- @echo "Generate root private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
- -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
- -storepass secret -ext BasicConstraints:critical="ca:true"
- @echo "#####done#####"
-
-#Export public key as certificate
-root_create_certificate:
- @echo "(Export public key as certificate)"
- ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
- @echo "#####done#####"
-
-#Self-signed root (import root certificate into truststore)
-root_self_sign_certificate:
- @echo "(Self-signed root (import root certificate into truststore))"
- ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
- @echo "#####done#####"
-
-#Generate certService's client private and public keys
-client_generate_keys:
- @echo "Generate certService's client private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
- -keystore certServiceClient-keystore.jks -storetype JKS \
- -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret
- @echo "####done####"
-
-#Generate certificate signing request for certService's client
-client_generate_csr:
- @echo "Generate certificate signing request for certService's client"
- ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
- @echo "####done####"
-
-#Sign certService's client certificate by root CA
-client_sign_certificate_by_root:
- @echo "Sign certService's client certificate by root CA"
- ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
- -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
- @echo "####done####"
-
-#Import root certificate into client
-client_import_root_certificate:
- @echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
- @echo "####done####"
-
-#Import signed certificate into certService's client
-client_convert_certificate_to_jks:
- @echo "Import signed certificate into certService's client"
- ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
- @echo "####done####"
-
-#Generate certService private and public keys
-server_generate_keys:
- @echo "Generate certService private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
- -keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
- @echo "####done####"
-
-#Generate certificate signing request for certService
-server_generate_csr:
- @echo "Generate certificate signing request for certService"
- ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
- @echo "####done####"
-
-#Sign certService certificate by root CA
-server_sign_certificate_by_root:
- @echo "Sign certService certificate by root CA"
- ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
- -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
- @echo "####done####"
-
-#Import root certificate into server
-server_import_root_certificate:
- @echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
- @echo "####done####"
-
-#Import signed certificate into certService
-server_convert_certificate_to_jks:
- @echo "Import signed certificate into certService"
- ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
- -storepass secret -noprompt
- @echo "####done####"
-
-#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
-server_convert_certificate_to_p12:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
- -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Convert truststore(.jks) to PCKS12 format(.p12)
-convert_truststore_to_p12:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
- -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Convert truststore(.p12) to PEM format(.pem)
-convert_truststore_to_pem:
- @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
- @echo "#####done#####"
-
-#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
-server_export_certificate_to_pem:
- @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
- @echo "#####done#####"
-
-#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
-server_export_key_to_pem:
- @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
- @echo "#####done#####"
-
-
-#Clear unused certificates
-clear_unused_files:
- @echo "Clear unused certificates"
- ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12
- @echo "#####done#####"
Code Review / oom.git / blobdiff