--- /dev/null
+CERTS_DIR = resources
+CURRENT_DIR := ${CURDIR}
+DOCKER_CONTAINER = generate-certs
+DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
+
+all: start_docker \
+ clear_all \
+ root_generate_keys \
+ root_create_certificate \
+ root_self_sign_certificate \
+ client_generate_keys \
+ client_generate_csr \
+ client_sign_certificate_by_root \
+ client_import_root_certificate \
+ client_convert_certificate_to_jks \
+ server_generate_keys \
+ server_generate_csr \
+ server_sign_certificate_by_root \
+ server_import_root_certificate \
+ server_convert_certificate_to_jks \
+ server_convert_certificate_to_p12 \
+ clear_unused_files \
+ stop_docker
+
+.PHONY: all
+
+# Starts docker container for generating certificates - deletes first, if already running
+start_docker:
+ @make stop_docker
+ docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+
+# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
+stop_docker:
+ docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
+
+#Clear all files related to certificates
+clear_all:
+ @make clear_existing_certificates
+ @make clear_unused_files
+
+#Clear certificates
+clear_existing_certificates:
+ @echo "Clear certificates"
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ @echo "#####done#####"
+
+#Generate root private and public keys
+root_generate_keys:
+ @echo "Generate root private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
+ -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
+ -storepass secret -ext BasicConstraints:critical="ca:true"
+ @echo "#####done#####"
+
+#Export public key as certificate
+root_create_certificate:
+ @echo "(Export public key as certificate)"
+ ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
+ @echo "#####done#####"
+
+#Self-signed root (import root certificate into truststore)
+root_self_sign_certificate:
+ @echo "(Self-signed root (import root certificate into truststore))"
+ ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
+ @echo "#####done#####"
+
+#Generate certService's client private and public keys
+client_generate_keys:
+ @echo "Generate certService's client private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceClient-keystore.jks -storetype JKS \
+ -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret
+ @echo "####done####"
+
+#Generate certificate signing request for certService's client
+client_generate_csr:
+ @echo "Generate certificate signing request for certService's client"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
+ @echo "####done####"
+
+#Sign certService's client certificate by root CA
+client_sign_certificate_by_root:
+ @echo "Sign certService's client certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
+ -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
+ @echo "####done####"
+
+#Import root certificate into client
+client_import_root_certificate:
+ @echo "Import root certificate into intermediate"
+ ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService's client
+client_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService's client"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
+ @echo "####done####"
+
+#Generate certService private and public keys
+server_generate_keys:
+ @echo "Generate certService private and public keys"
+ ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
+ -keystore certServiceServer-keystore.jks -storetype JKS \
+ -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
+ -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
+ @echo "####done####"
+
+#Generate certificate signing request for certService
+server_generate_csr:
+ @echo "Generate certificate signing request for certService"
+ ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
+ @echo "####done####"
+
+#Sign certService certificate by root CA
+server_sign_certificate_by_root:
+ @echo "Sign certService certificate by root CA"
+ ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
+ -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
+ -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
+ @echo "####done####"
+
+#Import root certificate into server
+server_import_root_certificate:
+ @echo "Import root certificate into intermediate(server)"
+ ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ @echo "####done####"
+
+#Import signed certificate into certService
+server_convert_certificate_to_jks:
+ @echo "Import signed certificate into certService"
+ ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
+ -storepass secret -noprompt
+ @echo "####done####"
+
+#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
+server_convert_certificate_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
+ -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Clear unused certificates
+clear_unused_files:
+ @echo "Clear unused certificates"
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ @echo "#####done#####"
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFnjCCA4agAwIBAgIEHn8h9TANBgkqhkiG9w0BAQwFADB3MQswCQYDVQQGEwJV
-UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZyYW5jaXNjbzEZ
-MBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05BUDERMA8GA1UE
-AxMIb25hcC5vcmcwHhcNMjAwODI3MDg1MjQ3WhcNMzAwODI1MDg1MjQ3WjB3MQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuLUZy
-YW5jaXNjbzEZMBcGA1UEChMQTGludXgtRm91bmRhdGlvbjENMAsGA1UECxMET05B
-UDERMA8GA1UEAxMIb25hcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
-AoICAQCOQ8TArFljhDu9EXKqAppV/eslelFAGG1NhDnh3PI6jK7qKKSTIcUpKPiG
-u9CagyNq4Y1dNt1LsP/KSDDkm6CGYW2z4E0Nm0ckcGc4izdoFDFhoXkrMoKvQxct
-az3YD1AiEH7kIYqDp7S3LMP8FbAXlcV62J2AEPqWtbFGszi6Pj65InNnFTGT4Oon
-E46egKcSWAhNR6vN29MO9/0wZHxwXWlcS2CKt6+2QKpfimHf48EJ0idntsKpj302
-i93jWGVNtORZbDddmVZG6XaVQkfRrJiivPQHvIXU5bWCsV7OQsrzbbsSscnqDuAr
-5DjR1Jbm2394e3DkXZTnqLGKReaaz0roA7ybLSesU1Fu0ZjD5Zq6ZezpXEQvcxcd
-wmq1A8ugeuRKhizeBO9YddjYTHWflHLBpiEyIwDCUsXfdNdS0nHQNKMDNbkC9512
-SLbG1N6iLGt85BriMLzJrlMP48feuheu3G/Mrit01yBzIgbqP30DcAIox5bgnJOY
-knxPctNaGsBup76msBzk+aBeDU5N/zirEJYxTmC3okeISzcLFlqYUUSsEzlqh8SS
-pNDK6ZbnX1khJJdUbCJGmgFS6N4RPXdxX12OCJDyjjCXcn7RXcZsYb3A+eF09+EM
-l0Vp3P+Aj6+eSN+t1Ez0sjGfSv/I8q1zV/trYZBq/LZIznfBFwIDAQABozIwMDAd
-BgNVHQ4EFgQUC0e3vObokYFDHM21OlRF4UO6L7EwDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQwFAAOCAgEAWLrsWPcRJb81ozx1O8lytX4aUagjYyWIDOst1mqI
-VH+U5bHo7oReKdfFcy4Zen2bKh9DITGD7jweqTxAVx3scLq/3PE2HSG+6fNJ6wt7
-amrMZA6IdWqDWnaFMZQug3JTMH7s6v3rD7FU7awVc6lY+7TjR3qunU2m8F5GvATF
-ag+VmMSLiaBBbbmQqd1JkvCzPXlwwN3rg2u81zMys1AIbgeOlE5ZmWppOQpi7UrZ
-C8PTsRKzapgENlgxtsqVjsAMJI6OGk20bNcQKDn5fU6QwYLfnLPlkuRmFD8FeluI
-jz+ROjzxdC7E/BA80uZctvEEvn2VnD01IlEm6HoC+71erT+zmvM4AGd7EJa6mklb
-X+tGSkfzbIAR2gcn9sdNdhYA2hXXpQaeEp19bB8MAoSp5raCtbqZDQVHofJFY7gG
-FW+yKLlqBTCTm1XOPriUwbP6gkpLlkeTxeIAx8QbucoFx11J7jAeXY7oTXfSQw3h
-OR0/CHlG0BjVep6RNGA0k9cDNRyIdkxvA31rtgYCSbtepR5IhZyFhiN25Djxu/g9
-krspoxAS9ModBSiswjl4Q26eoYT4pnFXMfYbh5E4qNZNv0/S3YQ0HSTupls6M77J
-KHMx17m8EWtdsv2KyUkFqu1Q1nGky7SjpFUsVlp65Q+au3ftKxUDIRWK6jgpRH1e
-YIk=
------END CERTIFICATE-----
Code Review / oom.git / commitdiff