modules/ducktests/tests/certs/functions.sh

#!/usr/bin/env bash

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

function makeRoot() {
    ALIAS=$1
    DNAME=$2
    PSWD=$3

    if [[ ${ALIAS} == "" ]] || [[ ${DNAME} == "" ]] || [[ ${PSWD} == "" ]]
    then
        error "makeRoot: Need ALIAS, DNAME, PSWD"
    fi

    rm -f "${ALIAS}.jks"
    rm -f "${ALIAS}.pem"

    keytool -genkeypair -keystore "${ALIAS}.jks" -alias "${ALIAS}" -dname "${DNAME}" -ext bc:c -storepass "${PSWD}" \
     -keypass "${PSWD}" -noprompt -v

    keytool -keystore "${ALIAS}.jks" -storepass "${PSWD}" -keypass "${PSWD}" -alias "${ALIAS}" -exportcert \
     -rfc -file "${ALIAS}.pem" -v
}

function makeCA() {
    ROOT=$1
    ALIAS=$2
    DNAME=$3
    PSWD=$4

    if [[ "${ROOT}" == "" ]] || [[ "${ALIAS}" == "" ]] || [[ "${DNAME}" == "" ]] || [[ "${PSWD}" == "" ]]
    then
        error "makeCA: Need CA, ALIAS, DNAME, PSWD"
    fi

    rm -f "${ALIAS}.jks"
    rm -f "${ALIAS}.pem"

    keytool -genkeypair -keystore "${ALIAS}.jks" -alias "${ALIAS}" -dname "${DNAME}" -ext bc:c -storepass "${PSWD}" \
     -keypass "${PSWD}" -noprompt -v

    keytool -storepass "${PSWD}" -keypass "${PSWD}" -keystore "${ALIAS}.jks" -certreq -alias "${ALIAS}" \
      | keytool -storepass "${PSWD}" -keypass "${PSWD}" -keystore "${ROOT}.jks" -gencert -alias "${ROOT}" \
      -ext BC=0 -rfc -outfile "${ALIAS}.pem" -v

    keytool -keystore "${ALIAS}.jks" -storepass "${PSWD}" -keypass "${PSWD}" -importcert -alias "${ROOT}" \
    -file "${ROOT}.pem"  -noprompt -v
    keytool -keystore "${ALIAS}.jks" -storepass "${PSWD}" -keypass "${PSWD}" -importcert -alias "${ALIAS}" \
    -file "${ALIAS}.pem" -noprompt -v
}

function mkCert() {
    CA=$1
    ALIAS=$2
    DNAME=$3
    PSWD=$4

    if [[ ${CA} == "" ]] || [[ ${ALIAS} == "" ]] || [[ ${DNAME} == "" ]] || [[ ${PSWD} == "" ]]
    then
        error "mkCert: Need CA, ALIAS, DNAME, PSWD"
    fi

    rm -f "${ALIAS}.jks"
    rm -f "${ALIAS}.pem"
    rm -f "${ALIAS}.csr"

    keytool -genkeypair -keystore "${ALIAS}.jks" -alias "${ALIAS}" -dname "${DNAME}" -keyalg RSA -keysize 2048 \
     -keypass "${PSWD}" -storepass "${PSWD}" -noprompt -v || error

    keytool -storepass "${PSWD}" -keystore "${ALIAS}.jks" -certreq -alias "${ALIAS}" -file "${ALIAS}.csr" -v || error

    keytool -gencert -infile "${ALIAS}.csr" -keystore "${CA}.jks" -alias "${CA}" -storepass "${PSWD}" -rfc \
     -outfile "${ALIAS}.pem" -v || error

    keytool -keystore "${ALIAS}.jks" -importcert -alias "${ALIAS}" -storepass "${PSWD}" -file "${ALIAS}.pem" \
     -noprompt -v || error

    rm -f "${ALIAS}.csr"
    rm -f "${ALIAS}.pem"
}

function makeTruststore() {
    rm -f truststore.jks

    # shellcheck disable=SC2068
    for cert in $@ ; do
      keytool -keystore truststore.jks -importcert -alias "${cert}" -storepass 123456 -file "${cert}.pem" \
       -noprompt -v || error

    done
}

function error() {
    # shellcheck disable=SC2145
    echo "¯\_(ツ)_/¯ Something went wrong: $@"
    exit 1
}