1+ #! /bin/bash
2+ #
3+ # Licensed to the Apache Software Foundation (ASF) under one or more
4+ # contributor license agreements. See the NOTICE file distributed with
5+ # this work for additional information regarding copyright ownership.
6+ # The ASF licenses this file to You under the Apache License, Version 2.0
7+ # (the "License"); you may not use this file except in compliance with
8+ # the License. You may obtain a copy of the License at
9+ #
10+ # http://www.apache.org/licenses/LICENSE-2.0
11+ #
12+ # Unless required by applicable law or agreed to in writing, software
13+ # distributed under the License is distributed on an "AS IS" BASIS,
14+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+ # See the License for the specific language governing permissions and
16+ # limitations under the License.
17+ #
18+
19+
20+ set -e
21+ set -x
22+
23+ keySize=2048
24+ days=10000
25+ password=" password"
26+ encryptionAlgo=" aes-256-cbc"
27+
28+ workDir=" target/openssl-work"
29+ destinationDir=" src/main/resources"
30+ destinationTestDir=" src/test/resources"
31+
32+ # see https://stackoverflow.com/a/54924640
33+ export MSYS_NO_PATHCONV=1
34+
35+ if [[ -n " ${JAVA_HOME} " ; then
36+ keytool=" $JAVA_HOME /bin/keytool"
37+ elif ! [[ -x " $( command -v keytool) " ; then
38+ echo ' Error: Either add keytool to PATH or set JAVA_HOME' >&2
39+ exit 1
40+ else
41+ keytool=" keytool"
42+ fi
43+
44+ if ! [[ -x " $( command -v openssl) " ; then
45+ echo ' Error: openssl is not installed.' >&2
46+ exit 1
47+ fi
48+
49+ mkdir -p " $workDir "
50+ mkdir -p " $destinationDir "
51+
52+ # Certificate authority
53+ openssl genrsa -out " $workDir /cxfca.key" $keySize
54+ openssl req -x509 -new -subj ' /O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' " $workDir /cxfca.key" " $workDir /cxfca.pem" $days -extensions v3_req
55+ openssl req -new -subj ' /O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=cxfca' " $workDir /cxfca.key" $days -out " $workDir /cxfca.crt"
56+
57+ for actor in client service sts actas; do
58+ # Generate keys
59+ openssl genrsa -out " $workDir /$actor .key" $keySize
60+
61+ # Generate certificates
62+ openssl req -new -subj " /O=apache.org/OU=eng (NOT FOR PRODUCTION)/CN=$actor " " $workDir /$actor .key" " $workDir /$actor .csr"
63+ openssl x509 -req -in " $workDir /$actor .csr" " $workDir /cxfca.pem" " $workDir /cxfca.key" $days -out " $workDir /$actor .crt"
64+
65+ # Export keystores
66+ openssl pkcs12 -export -in " $workDir /$actor .crt" " $workDir /$actor .key" " $workDir /cxfca.crt" " my${actor} key" " $destinationDir /${actor} store.pkcs12" " $password " " $encryptionAlgo " " $encryptionAlgo "
67+ done
68+
69+ keytool -import -trustcacerts -alias mystskey -file " $workDir /sts.crt" " $destinationDir /servicestore.pkcs12" " $password "
70+
71+ keytool -import -trustcacerts -alias actasclient -file " $workDir /actas.crt" " $destinationDir /stsstore.pkcs12" " $password "
72+ keytool -import -trustcacerts -alias myclientkey -file " $workDir /client.crt" " $destinationDir /stsstore.pkcs12" " $password "
73+ keytool -import -trustcacerts -alias myservicekey -file " $workDir /service.crt" " $destinationDir /stsstore.pkcs12" " $password "
74+
75+ keytool -import -trustcacerts -alias myactaskey -file " $workDir /actas.crt" " $destinationDir /clientstore.pkcs12" " $password "
76+ keytool -import -trustcacerts -alias myservicekey -file " $workDir /service.crt" " $destinationDir /clientstore.pkcs12" " $password "
77+ keytool -import -trustcacerts -alias mystskey -file " $workDir /sts.crt" " $destinationDir /clientstore.pkcs12" " $password "
78+
79+ mv " $destinationDir /clientstore.pkcs12" " $destinationTestDir /clientstore.pkcs12"
80+ rm " $destinationDir /actasstore.pkcs12"
0 commit comments