packages/base/src/files/bin/certtool.sh

   1 ###
   2 # ============LICENSE_START=======================================================
   3 # ONAP Policy Engine
   4 # ================================================================================
   5 # Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
   6 # ================================================================================
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #      http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 # ============LICENSE_END=========================================================
  19 ###
  20
  21 #!/bin/bash
  22 #
  23 #       certtool [ init fqdn | importcert cert.cer.txt | exportcsr ]
  24 #
  25
  26 KEYPASS=${KEYSTORE_PASSWD}
  27 STOREPASS=${KEYSTORE_PASSWD}
  28 DIR=${POLICY_HOME}/etc/ssl
  29
  30 KSFILE=policy-keystore
  31 ID=`id -n -u`
  32 GRP=`id -n -g`
  33
  34 if [ ! -d $DIR ]
  35 then
  36         echo "Policy Engine application software must be installed before using certtool"
  37         exit 1
  38 fi
  39
  40 TZ=GMT0
  41 umask 0077
  42 cd $DIR
  43
  44 MODE="$1"
  45 shift
  46 if [ "$MODE" = init ]
  47 then
  48         if [ -f $KSFILE ]
  49         then
  50                 echo "File \"$KSFILE\" already exists - did you already initialize?"
  51                 echo 'Remove it before initializing'
  52                 exit 1
  53         fi
  54
  55         if [ -f $KSFILE.tmp ]
  56         then
  57                 echo "File \"$KSFILE.tmp\" already exists - did you already initialize?"
  58                 echo 'Remove it before initializing'
  59                 exit 1
  60         fi
  61
  62         rm -f $KSFILE.csr
  63         FQDN="$1"
  64         shift
  65         if [ "$FQDN" = "" ]
  66         then
  67                 echo 'FQDN of server required for certtool init'
  68                 exit 1
  69         fi
  70
  71         $JAVA_HOME/bin/keytool -genkey -alias $FQDN -keyalg RSA -keystore $KSFILE.tmp -keysize 2048 -storepass "$STOREPASS" -keypass "$KEYPASS" -dname "CN=$FQDN,OU=Information Technology,O=AT&T Services\, Inc.,L=Southfield,S=Michigan,C=US"
  72         $JAVA_HOME/bin/keytool -certreq -alias $FQDN -keystore $KSFILE.tmp -file $KSFILE.csr -storepass "$STOREPASS" -keypass "$KEYPASS"
  73         echo cat $DIR/$KSFILE.csr
  74         cat $KSFILE.csr
  75         echo Keystore initialized.  Use the above certificate signing request.
  76         exit 0
  77 fi
  78
  79 if [ "$MODE" != "importcert" -a "$MODE" != "exportcsr" ]
  80 then
  81         echo "Improper arguments.  Usage is:"
  82         echo "First time - to create key pair:"
  83         echo " certtool init <fqdn>"
  84         echo "Install certificate file:"
  85         echo " certtool importcert <cert.cer.txt>"
  86         echo "Generate certificate signing request when old certificate nears expiry:"
  87         echo " certtool exportcsr"
  88         exit 1
  89 fi
  90
  91 KS=$KSFILE
  92 if [ ! -f $KSFILE ]
  93 then
  94         KS=$KSFILE.tmp
  95         if [ ! -f $KSFILE.tmp ]
  96         then
  97                 echo "Keystore not initialized."
  98                 exit 1
  99         fi
 100 fi
 101
 102 $JAVA_HOME/bin/keytool -list -keystore $KS -storepass "$STOREPASS" | grep ', PrivateKeyEntry, $'
 103 FQDN=`$JAVA_HOME/bin/keytool -list -keystore $KS -storepass "$STOREPASS" | grep ', PrivateKeyEntry, $' | sed 's/,.*//'`
 104 if [ "$FQDN" = "" ]
 105 then
 106         echo "Unable to read keystore file $KS."
 107         exit 1
 108 fi
 109
 110 if [ "$MODE" = exportcsr ]
 111 then
 112         if [ ! -f $KSFILE ]
 113         then
 114                 echo "Cannot export new signing request before initial certificate imported"
 115                 exit 1
 116         fi
 117         rm -f $KSFILE.csr
 118         $JAVA_HOME/bin/keytool -certreq -alias $FQDN -keystore $KS -file $KSFILE.csr -storepass "$STOREPASS" -keypass "$KEYPASS"
 119         echo cat $DIR/$KSFILE.csr
 120         cat $KSFILE.csr
 121         echo Use the above certificate signing request.
 122         exit 1
 123 fi
 124
 125 FN="$1"
 126 shift
 127 cd -
 128
 129 if [ ! -f "$FN" ]
 130 then
 131         echo "Certificate file $FN not found."
 132         exit 1
 133 fi
 134 XFN=$DIR/$$.cer
 135 cp "$FN" $XFN
 136 cat <<!EOF >> $XFN
 137 -----BEGIN CERTIFICATE-----
 138 MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB
 139 yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
 140 ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
 141 U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
 142 ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
 143 aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw
 144 CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
 145 BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs
 146 YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
 147 AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb
 148 A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW
 149 9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu
 150 s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T
 151 L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK
 152 Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T
 153 AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu
 154 Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw
 155 HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg
 156 hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v
 157 Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG
 158 A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E
 159 FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz
 160 Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny
 161 H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W
 162 Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG
 163 QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t
 164 TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY
 165 Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=
 166 -----END CERTIFICATE-----
 167 -----BEGIN CERTIFICATE-----
 168 MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf
 169 MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
 170 LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
 171 HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx
 172 FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
 173 dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv
 174 ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
 175 IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi
 176 MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
 177 RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb
 178 ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR
 179 TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
 180 Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH
 181 iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB
 182 AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0
 183 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9
 184 BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy
 185 aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI
 186 KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
 187 j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
 188 L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
 189 b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC
 190 BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA
 191 A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K
 192 lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ
 193 tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
 194 -----END CERTIFICATE-----
 195 !EOF
 196 cd $DIR
 197 $JAVA_HOME/bin/keytool -import -trustcacerts -alias $FQDN -keystore $KS -storepass "$STOREPASS" -keypass "$KEYPASS" -file $XFN
 198 rm -f $XFN
 199
 200 if [ "$KS" = "$KSFILE.tmp" ]
 201 then
 202         mv $KSFILE.tmp $KSFILE
 203 fi
 204
 205 rm -f $KSFILE.csr
 206 echo Certificate imported.
 207 exit 0