bookkeeper-server/src/test/resources/generateKeysAndCerts.sh - bookkeeper - Git at Google

 #!/usr/bin/env bash
 #
 #/**
 # * Licensed to the Apache Software Foundation (ASF) under one
 # * or more contributor license agreements.  See the NOTICE file
 # * distributed with this work for additional information
 # * regarding copyright ownership.  The ASF licenses this file
 # * to you under the Apache License, Version 2.0 (the
 # * "License"); you may not use this file except in compliance
 # * with the License.  You may obtain a copy of the License at
 # *
 # *     http://www.apache.org/licenses/LICENSE-2.0
 # *
 # * Unless required by applicable law or agreed to in writing, software
 # * distributed under the License is distributed on an "AS IS" BASIS,
 # * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # * See the License for the specific language governing permissions and
 # * limitations under the License.
 # */

 # This script generates keys and self-signed certificates in
 # PEM, JKS and PKCS12 formats.

 # remove existing files.
 rm ./server-key.pem \
     ./server-key.p12 \
     ./server-key.jks \
     ./server-cert.pem \
     ./client-key.pem \
     ./client-key.p12 \
     ./client-key.jks \
     ./client-cert.pem \
     ./keyStoreServerPassword.txt \
     ./keyStoreClientPassword.txt


 # One line command to create server keys and self signed certificates.
 openssl req \
         -new \
         -newkey rsa:4096 \
         -days 365000 \
         -nodes \
         -x509 \
         -subj "/C=US/ST=CA/L=San Francisco/O=Dummy/CN=apache.bookkeeper.org" \
         -out server-cert.pem \
         -keyout server-key.pem

 # Convert crt/key to PKCS12 format.
 openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server-key.p12 -passout pass:server

 # store password in a file
 echo "server" > keyStoreServerPassword.txt

 # Convert crt/key to JKS format.
 keytool -importkeystore -srckeystore server-key.p12 -srcstoretype pkcs12 -srcstorepass server -destkeystore server-key.jks -deststoretype jks -deststorepass server

 # One line command to create client keys and self signed certificates.
 openssl req \
         -new \
         -newkey rsa:4096 \
         -days 365000 \
         -nodes \
         -x509 \
         -subj "/C=US/ST=CA/L=San Francisco/O=Dummy/OU=0:testRole,testRole1;1:testCluster/CN=apache.bookkeeper.org" \
         -out client-cert.pem \
         -keyout client-key.pem

 # Convert crt/key to PKCS12 format.
 openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out client-key.p12 -passout pass:client

 # store password in a file.
 echo "client" > keyStoreClientPassword.txt

 # Convert crt/key to JKS format.
 keytool -importkeystore -srckeystore client-key.p12 -srcstoretype pkcs12 -srcstorepass client -destkeystore client-key.jks -deststoretype jks -deststorepass client
	#!/usr/bin/env bash
	#
	#/**
	# * Licensed to the Apache Software Foundation (ASF) under one
	# * or more contributor license agreements. See the NOTICE file
	# * distributed with this work for additional information
	# * regarding copyright ownership. The ASF licenses this file
	# * to you under the Apache License, Version 2.0 (the
	# * "License"); you may not use this file except in compliance
	# * with the License. You may obtain a copy of the License at
	# *
	# * http://www.apache.org/licenses/LICENSE-2.0
	# *
	# * Unless required by applicable law or agreed to in writing, software
	# * distributed under the License is distributed on an "AS IS" BASIS,
	# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# * See the License for the specific language governing permissions and
	# * limitations under the License.
	# */

	# This script generates keys and self-signed certificates in
	# PEM, JKS and PKCS12 formats.

	# remove existing files.
	rm ./server-key.pem \
	./server-key.p12 \
	./server-key.jks \
	./server-cert.pem \
	./client-key.pem \
	./client-key.p12 \
	./client-key.jks \
	./client-cert.pem \
	./keyStoreServerPassword.txt \
	./keyStoreClientPassword.txt


	# One line command to create server keys and self signed certificates.
	openssl req \
	-new \
	-newkey rsa:4096 \
	-days 365000 \
	-nodes \
	-x509 \
	-subj "/C=US/ST=CA/L=San Francisco/O=Dummy/CN=apache.bookkeeper.org" \
	-out server-cert.pem \
	-keyout server-key.pem

	# Convert crt/key to PKCS12 format.
	openssl pkcs12 -export -in server-cert.pem -inkey server-key.pem -out server-key.p12 -passout pass:server

	# store password in a file
	echo "server" > keyStoreServerPassword.txt

	# Convert crt/key to JKS format.
	keytool -importkeystore -srckeystore server-key.p12 -srcstoretype pkcs12 -srcstorepass server -destkeystore server-key.jks -deststoretype jks -deststorepass server

	# One line command to create client keys and self signed certificates.
	openssl req \
	-new \
	-newkey rsa:4096 \
	-days 365000 \
	-nodes \
	-x509 \
	-subj "/C=US/ST=CA/L=San Francisco/O=Dummy/OU=0:testRole,testRole1;1:testCluster/CN=apache.bookkeeper.org" \
	-out client-cert.pem \
	-keyout client-key.pem

	# Convert crt/key to PKCS12 format.
	openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out client-key.p12 -passout pass:client

	# store password in a file.
	echo "client" > keyStoreClientPassword.txt

	# Convert crt/key to JKS format.
	keytool -importkeystore -srckeystore client-key.p12 -srcstoretype pkcs12 -srcstorepass client -destkeystore client-key.jks -deststoretype jks -deststorepass client