dejsem.1.5/ssl/ssl.sh
author hh
Wed, 27 Nov 2019 09:50:16 +0100
changeset 0 676905a3b03c
permissions -rwxr-xr-x
--
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
hh
parents:
diff changeset
     1
#!/bin/bash
hh
parents:
diff changeset
     2
(($#)) || { echo "Syntax: $0 <channel#> | CA"; exit -1; }
hh
parents:
diff changeset
     3
hh
parents:
diff changeset
     4
ca() {
hh
parents:
diff changeset
     5
    read -p "Really to discard existing credentials? y|[N]" x
hh
parents:
diff changeset
     6
    x=$x.
hh
parents:
diff changeset
     7
    x=${x:0:1}
hh
parents:
diff changeset
     8
    [[ ${x^[a-z]} != Y ]] && exit 1
hh
parents:
diff changeset
     9
    rm -f *.crt
hh
parents:
diff changeset
    10
    rm -f *.bks
hh
parents:
diff changeset
    11
    who=$ca
hh
parents:
diff changeset
    12
    set -e
hh
parents:
diff changeset
    13
    # create CA keys -----------------------------------------------------------
hh
parents:
diff changeset
    14
    echo "creating $who keys..."
hh
parents:
diff changeset
    15
    openssl req -new -nodes -out $who.req -keyout $who.key -subj /CN=$who -newkey rsa:2048 -sha512
hh
parents:
diff changeset
    16
    chmod 600 $who.key
hh
parents:
diff changeset
    17
    # selfsign CA public key ---------------------------------------------------
hh
parents:
diff changeset
    18
    echo "selfsigning $who public key..."
hh
parents:
diff changeset
    19
    openssl x509 -req -in $who.req -signkey $who.key -days 9999 -set_serial $RANDOM -sha512 -extfile CA.ext -out $who.crt
hh
parents:
diff changeset
    20
    # upload CA public key -----------------------------------------------------
hh
parents:
diff changeset
    21
    echo "uploading $who public key..."
hh
parents:
diff changeset
    22
    up $who.crt
hh
parents:
diff changeset
    23
    echo "$ca successfully created and uploaded."
hh
parents:
diff changeset
    24
}
hh
parents:
diff changeset
    25
channel() {
hh
parents:
diff changeset
    26
    [[ -e $ca.crt ]] && [[ -e $ca.key ]] || { echo "$ca keys not available."; exit 1; }
hh
parents:
diff changeset
    27
    who=$chan
hh
parents:
diff changeset
    28
    bouncy_store="-keystore $who.bks -storetype bks-v1 -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath $jar -storepass:env PASS"
hh
parents:
diff changeset
    29
    default_store="-keystore $who.jks -storepass:env PASS"
hh
parents:
diff changeset
    30
    p=heslo
hh
parents:
diff changeset
    31
    set -e
hh
parents:
diff changeset
    32
    rm -f $chan.{pem,bks,jks}
hh
parents:
diff changeset
    33
    # import CA public key into android key store ------------------------------
hh
parents:
diff changeset
    34
    store=$bouncy_store
hh
parents:
diff changeset
    35
    echo "importing $ca public key into android key store..."
hh
parents:
diff changeset
    36
    PASS=$p keytool -import -noprompt -alias $ca -file $ca.crt $store
hh
parents:
diff changeset
    37
    # create android client keys -----------------------------------------------
hh
parents:
diff changeset
    38
    echo "creating $who android client keys..."
hh
parents:
diff changeset
    39
    PASS=$p keytool -genkey -alias $who -keysize 2048 -keyalg RSA -dname "CN=$who" -validity 9999 -keypass:env PASS $store
hh
parents:
diff changeset
    40
    PASS=$p keytool -certreq -alias $who -file $who.req $store
hh
parents:
diff changeset
    41
     # sign android client public key -------------------------------------------
hh
parents:
diff changeset
    42
    echo "signing $who android client public key..."
hh
parents:
diff changeset
    43
    openssl x509 -req -in $who.req -CAkey $ca.key -CA $ca.crt -days 9999 -set_serial $RANDOM -sha512 -out $who.crt
hh
parents:
diff changeset
    44
    cat $ca.crt >> $who.crt
hh
parents:
diff changeset
    45
    # import client public key into android key store --------------------------
hh
parents:
diff changeset
    46
    echo "importing $who client public key into android key store..."
hh
parents:
diff changeset
    47
    PASS=$p keytool -import -alias $who -file $who.crt $store
hh
parents:
diff changeset
    48
    # import server public key into android client key store -------------------
hh
parents:
diff changeset
    49
    echo "importing server public key into android client key store..."
hh
parents:
diff changeset
    50
    PASS=$p keytool -import -noprompt -alias srv -file srv.crt $store
hh
parents:
diff changeset
    51
    rm -f $who.{req,crt}
hh
parents:
diff changeset
    52
    echo -e "*-----\n* Android client keystore $who.bks successfully created.\n*-----"
hh
parents:
diff changeset
    53
    # import CA public key into default java key store -------------------------
hh
parents:
diff changeset
    54
    store=$default_store
hh
parents:
diff changeset
    55
    echo "importing $ca public key into default java key store..."
hh
parents:
diff changeset
    56
    PASS=$p keytool -import -noprompt -alias $ca -file $ca.crt $store
hh
parents:
diff changeset
    57
    # create default java client keys ------------------------------------------
hh
parents:
diff changeset
    58
    echo "creating $who default java client keys..."
hh
parents:
diff changeset
    59
    PASS=$p keytool -genkey -alias $who -keysize 2048 -keyalg RSA -dname "CN=$who" -validity 9999 -keypass:env PASS $store
hh
parents:
diff changeset
    60
    PASS=$p keytool -certreq -alias $who -file $who.req $store
hh
parents:
diff changeset
    61
    # sign default java client public key --------------------------------------
hh
parents:
diff changeset
    62
    echo "signing $who default java client public key..."
hh
parents:
diff changeset
    63
    openssl x509 -req -in $who.req -CAkey $ca.key -CA $ca.crt -days 9999 -set_serial $RANDOM -sha512 -out $who.crt
hh
parents:
diff changeset
    64
    cat $ca.crt >> $who.crt
hh
parents:
diff changeset
    65
    # import client public key into default java key store ---------------------
hh
parents:
diff changeset
    66
    echo "importing $who client public key into default java key store..."
hh
parents:
diff changeset
    67
    PASS=$p keytool -import -alias $who -file $who.crt $store
hh
parents:
diff changeset
    68
    rm -f $who.{req,crt}
hh
parents:
diff changeset
    69
    # import server public key into default java client key store --------------
hh
parents:
diff changeset
    70
    echo "importing server public key into default java client key store..."
hh
parents:
diff changeset
    71
    PASS=$p keytool -import -noprompt -alias srv -file srv.crt $store
hh
parents:
diff changeset
    72
    echo -e "*-----\n* Default java client keystore $who.jks successfully created.\n*-----"
hh
parents:
diff changeset
    73
    # create openssl client keys -----------------------------------------------
hh
parents:
diff changeset
    74
    echo "creating $who openssl client keys..."
hh
parents:
diff changeset
    75
    openssl req -new -nodes -out $who.req -keyout $who.key -subj /CN=$who -newkey rsa:2048 -sha512
hh
parents:
diff changeset
    76
    # sign openssl client public key -------------------------------------------
hh
parents:
diff changeset
    77
    echo "signing $who openssl client public key..."
hh
parents:
diff changeset
    78
    openssl x509 -req -in $who.req -CAkey $ca.key -CA $ca.crt -days 9999 -set_serial $RANDOM -sha512 -out $who.crt    
hh
parents:
diff changeset
    79
    cat $who.key $who.crt > $who.pem
hh
parents:
diff changeset
    80
    chmod 600 $who.pem
hh
parents:
diff changeset
    81
    rm -f $who.{key,req,crt}
hh
parents:
diff changeset
    82
    echo -e "*-----\n* Client keys $who.pem successfully created.\n*-----"
hh
parents:
diff changeset
    83
}
hh
parents:
diff changeset
    84
srv() {
hh
parents:
diff changeset
    85
    set -e
hh
parents:
diff changeset
    86
    who=srv
hh
parents:
diff changeset
    87
    rm -f $who.{pem,crt,key}
hh
parents:
diff changeset
    88
    # create server keys -------------------------------------------------------
hh
parents:
diff changeset
    89
    echo "creating $who server keys..."
hh
parents:
diff changeset
    90
    openssl req -new -nodes -out $who.req -keyout $who.key -subj /CN=$who -newkey rsa:2048 -sha512
hh
parents:
diff changeset
    91
    # sign server public key ---------------------------------------------------
hh
parents:
diff changeset
    92
    echo "signing $who server public key..."
hh
parents:
diff changeset
    93
    openssl x509 -req -in $who.req -CAkey $ca.key -CA $ca.crt -days 9999 -set_serial $RANDOM -sha512 -out $who.crt
hh
parents:
diff changeset
    94
    cat $who.key $who.crt > $who.pem
hh
parents:
diff changeset
    95
    chmod 600 $who.pem
hh
parents:
diff changeset
    96
    rm -f $who.{key,req}
hh
parents:
diff changeset
    97
    # upload server keys -------------------------------------------------------
hh
parents:
diff changeset
    98
    echo "uploading $who server keys..."
hh
parents:
diff changeset
    99
    up $who.pem
hh
parents:
diff changeset
   100
    echo -e "*-----\n* Server keys $who.pem successfully created and uploaded.\n*-----"
hh
parents:
diff changeset
   101
}
hh
parents:
diff changeset
   102
up() {
hh
parents:
diff changeset
   103
#    scp -p $1 hh@hal.hh.cz:/L/dejsem/ssl/
hh
parents:
diff changeset
   104
	echo "--->DUMMY UPLOAD<---"
hh
parents:
diff changeset
   105
}
hh
parents:
diff changeset
   106
hh
parents:
diff changeset
   107
ca=dejCA
hh
parents:
diff changeset
   108
# bcprov od verze 149 nabízí zvláštní typ KeyStore "BKS_V1" pro zpětnou kompatibilitu
hh
parents:
diff changeset
   109
jar=bcprov-jdk15on-150.jar
hh
parents:
diff changeset
   110
[[ -e $jar ]] || { echo "Bouncy Castle $jar not found in current dir"; exit 1; }
hh
parents:
diff changeset
   111
if [[ $1 == CA ]] 
hh
parents:
diff changeset
   112
then    ca
hh
parents:
diff changeset
   113
        srv
hh
parents:
diff changeset
   114
else    declare -i n=10#${1^^[a-z]}
hh
parents:
diff changeset
   115
        if [[ $n -gt 99 ]] || [[ $n -lt 0 ]]
hh
parents:
diff changeset
   116
        then    { echo "needed 0 =< channel# < 100"; exit 1; }
hh
parents:
diff changeset
   117
        else    chan=$(printf %02d $n)
hh
parents:
diff changeset
   118
                channel
hh
parents:
diff changeset
   119
        fi
hh
parents:
diff changeset
   120
fi