blob: f6c8e828bb18493e9e4ee176244190f1fb97fa59 [file] [log] [blame]
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
echo "Remove existing keystore for Apache Qpid Broker-J "
rm java_broker_keystore.jks
echo "Re-create keystore for Apache Qpid Broker-J by importing RootCA certificate"
keytool -importcert -v -keystore java_broker_keystore.jks -keysize 2048 -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "Generate certificate key 'java-broker'"
keytool -genkey -alias java-broker -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" -storetype pkcs12
echo "Export certificate signing request"
keytool -certreq -alias java-broker -sigalg SHA512withRSA -keystore java_broker_keystore.jks -storepass password -v -file java_broker.req -storetype pkcs12
echo "Sign certificate by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
certutil -C -d CA_db -c "MyRootCA" -a -i java_broker.req -o java_broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -g 4096
echo "Import signed certificate"
keytool -importcert -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java_broker.crt -storetype pkcs12 -noprompt
echo "List keystore entries"
keytool --list --keystore java_broker_keystore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing client keystore"
rm java_client_keystore.jks
echo "Re-create client keystore by importing RootCA certificate"
keytool -importcert -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "Generate key for certificate 'app2'"
keytool -genkey -alias app2 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12
echo "Export certificate signing request for 'app2'"
keytool -certreq -alias app2 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req -storetype pkcs12
echo "Sign certificate 'app2' by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation root CA database."
certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512
echo "Import signed certificate 'app2'"
keytool -importcert -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt
echo "Generate key for certificate 'app1'"
keytool -genkey -alias app1 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA" -storetype pkcs12
echo "Export certificate signing request for 'app1'"
keytool -certreq -alias app1 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
echo "Sign certificate 'app1' by entering:"
echo " n for 'Is this a CA certificate [y/N]?'"
echo " '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
echo " n for 'Is this a critical extension [y/N]?'"
echo " password which was specified on creation of root CA database."
certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6 --extKeyUsage clientAuth -v 60 -Z SHA512
echo "Import signed certificate 'app1'"
keytool -importcert -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt
echo "List entries in client keystore"
keytool --list --keystore java_client_keystore.jks -storepass password
read -p "Press [Enter] key to continue..."
echo "Remove existing client truststore"
rm java_client_truststore.jks
echo "Re-create client truststore by importing RootCA certificate"
keytool -importcert -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "List entries in client trusttore"
keytool --list --keystore java_client_truststore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing broker truststore"
rm java_broker_truststore.jks
echo "Re-create broker truststore by importing RootCA certificate"
keytool -importcert -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
echo "List entries in broker truststore"
keytool --list --keystore java_broker_truststore.jks -storepass password -storetype pkcs12
read -p "Press [Enter] key to continue..."
echo "Remove existing broker peerstore"
rm java_broker_peerstore.jks
echo "Re-create broker peerstore by importing app1 certificate"
keytool -importcert -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt -storetype pkcs12 -noprompt
echo "List entries in broker peerstore"
keytool --list --keystore java_broker_peerstore.jks -storepass password -storetype pkcs12
cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_keystore.jks
keytool -importcert -v -alias app1 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app1.crt -storetype pkcs12 -noprompt
keytool -importcert -v -alias app2 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app2.crt -storetype pkcs12 -noprompt
cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12
keytool -delete -v -alias rootca -keystore ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 -storepass password
cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12
keytool -delete -v -alias java-broker -keystore ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 -storepass password
cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12
keytool -genseckey -alias testalias -keyalg AES -keysize 256 -storetype pkcs12 -keystore ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 -storepass password
cp java_broker.req ../../../broker-core/src/test/resources/ssl/java_broker.req
cp java_broker.crt ../../../broker-core/src/test/resources/ssl/java_broker.crt
cp expired.crt ../../../broker-core/src/test/resources/ssl/expired.crt
cp java_client_expired_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
cp java_broker_expired_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
cp java_broker_peerstore.jks ../../../broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
cp java_broker_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
cp java_broker_keystore.jks ../../../systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
cp java_client_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
cp java_client_truststore.jks ../../../broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
rm java_client_untrusted_keystore.jks
keytool -genkey -keystore java_client_untrusted_keystore.jks -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -alias untrusted_client -storepass password -storetype pkcs12 -dname "CN=untrusted_client"
cp java_client_untrusted_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12